●TCP
[root@apc01 ~]# nmap -sT localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2018-12-19 15:28 JST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00034s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds
●UDP
[root@apc01 ~]# nmap -sU localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2018-12-19 15:29 JST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000041s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports
PORT STATE SERVICE
68/udp open|filtered dhcpc
123/udp open|filtered ntp
5353/udp open|filtered zeroconf
Nmap done: 1 IP address (1 host up) scanned in 1.57 seconds
●Pingスキャン
[root@apc01 ~]# nmap -sP 192.168.56.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2018-12-19 16:01 JST
Nmap scan report for 192.168.56.1
Host is up (0.00015s latency).
MAC Address: 0A:00:27:00:00:0F (Unknown)
Nmap scan report for 192.168.56.107
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.17 seconds
●有名ポートのみの高速スキャン
[root@apc01 ~]# nmap -F localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2018-12-19 15:31 JST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000070s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 97 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
●対象ホストのOS識別を試みる
[root@apc01 ~]# nmap -O apc01
Starting Nmap 6.40 ( http://nmap.org ) at 2018-12-19 15:56 JST
Nmap scan report for apc01 (192.168.100.107)
Host is up (0.000072s latency).
rDNS record for 192.168.100.107: apc01.apdomain
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
8080/tcp open http-proxy
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.40%E=4%D=12/19%OT=22%CT=1%CU=42210%PV=Y%DS=0%DC=L%G=Y%TM=5C19EB
OS:AA%P=x86_64-redhat-linux-gnu)SEQ(SP=102%GCD=1%ISR=107%TI=Z%CI=I%II=I%TS=
OS:A)OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O
OS:5=MFFD7ST11NW7%O6=MFFD7ST11)WIN(W1=AAAA%W2=AAAA%W3=AAAA%W4=AAAA%W5=AAAA%
OS:W6=AAAA)ECN(R=Y%DF=Y%T=40%W=AAAA%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%
OS:S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%
OS:RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W
OS:=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
OS:U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%D
OS:FI=N%T=40%CD=S)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.38 seconds
●ポート範囲指定
[root@apc01 ~]# nmap -p1-65535 apc01
Starting Nmap 6.40 ( http://nmap.org ) at 2018-12-19 16:12 JST
Nmap scan report for apc01 (192.168.100.107)
Host is up (0.0000060s latency).
rDNS record for 192.168.100.107: apc01.apdomain
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
8080/tcp open http-proxy
9990/tcp open osm-appsrvr
Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds
●OSやバージョンのチェック
[root@apc01 ~]# nmap -A apc01
Starting Nmap 6.40 ( http://nmap.org ) at 2018-12-19 16:14 JST
Nmap scan report for apc01 (192.168.100.107)
Host is up (0.000085s latency).
rDNS record for 192.168.100.107: apc01.apdomain
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0)
| ssh-hostkey: 2048 49:3a:ef:4a:fa:6e:f5:ff:80:6f:e3:25:a3:bb:0b:8d (RSA)
|_256 01:0b:c4:67:d4:8b:6e:97:3b:77:9e:ae:5b:29:25:18 (ECDSA)
8080/tcp open http Zimbra http config
|_http-methods: No Allow or Public header in OPTIONS response (status code 405)
|_http-title: Site doesn't have a title (text/html).
Aggressive OS guesses: Linux 3.7 - 3.9 (98%), Netgear DG834G WAP or Western Digital WD TV media player (96%), Linux 3.7 (95%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6) (92%), Linux 3.8 (91%), Crestron XPanel control system (91%), Linux 2.4.26 (Slackware 10.0.0) (91%), Linux 2.6.32 - 3.6 (90%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 0 hops
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.39 seconds