nmap扫描

1. 只能探测到主机存活，即接入网络。服务端口看不到。
   默认是-sS扫描，TCP SYN Stealth Scan. 能减少网络流量，速度快。SYN scan is the default and most popular scan option. often referred to as half-open scanning, because you don’t open a full TCP connection.

[[email protected] ~]# nmap 10.0.0.100Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-04 16:49 CSTNmap scan report for 10.0.0.100Host is up (-0.20s latency).All 1000 scanned ports on 10.0.0.100 are filteredMAC Address: FA:16:3E:D3:D3:38 (Unknown)Nmap done: 1 IP address (1 host up) scanned in 21.30 seconds

2. ping检测不到主机，但nmap可以检测到，因为除了ICMP，还用了TCP。

[[email protected] ~]# ping 10.0.0.100PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data.^C--- 10.0.0.100 ping statistics ---3 packets transmitted, 0 received, 100% packet loss, time 32ms[[email protected] ~]# nmap -sP 10.0.0.100Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-04 17:22 CSTNmap scan report for 10.0.0.100Host is up (0.00027s latency).MAC Address: FA:16:3E:D3:D3:38 (Unknown)Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds

The default host discovery done with -sn consists of an ICMP echo request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request by default.
In previous releases of Nmap, -sn was known as -sP. (No port scan)

激活不同的控制位扫描：

• ACK扫描 -sA
• FIN扫描 -sF
• Null扫描 -sN 所有控制位都为0
• MAX扫描 -sX 所以控制位都为1

都扫不出什么有意义的内容出来，没意思。
唯一的意思，知道有这台主机在那里存活着的。
因为不存活的主机，nmap还是检测的出来：

[[email protected] ~]# nmap  10.0.0.201Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-04 18:10 CSTNote: Host seems down. If it is really up, but blocking our ping probes, try -PnNmap done: 1 IP address (0 hosts up) scanned in 0.44 seconds[[email protected] ~]# nmap  -Pn 10.0.0.201Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-04 18:10 CSTNmap done: 1 IP address (0 hosts up) scanned in 0.45 seconds