# 设置TTL值为10,进行主机发现 $ nmap --packet-trace -sn -PS --ttl 10 www.diaoan.xyz Starting Nmap 7.92 ( https://nmap.org ) at 2022-02-09 22:51 China Standard Time SENT (0.4280s) TCP 192.168.1.7:54515 > 121.199.61.226:80 S ttl=10 id=58025 iplen=44 seq=3173099416 win=1024 <mss 1460> SENT (1.4400s) TCP 192.168.1.7:54517 > 121.199.61.226:80 S ttl=10 id=60709 iplen=44 seq=3173230490 win=1024 <mss 1460> Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 2.50 seconds
隐藏自己
诱饵扫描
诱饵扫描就是让目标主机认为其他主机在对自己进行扫描.
-D: 指定一组诱骗的IP地址,也可以使用RND选项随机生成几个主机地址作为诱饵主机.
1 2 3 4 5 6 7 8 9 10 11 12 13
# 使用随机5个IP地址实施主机发现 $ nmap --packet-trace -sn -PS -D RND:5 www.diaoan.xyz Starting Nmap 7.92 ( https://nmap.org ) at 2022-02-09 23:14 China Standard Time SENT (0.4530s) TCP 203.95.157.187:62169 > 121.199.61.226:80 S ttl=39 id=39127 iplen=44 seq=528626996 win=1024 <mss 1460> SENT (0.4540s) TCP 128.78.165.248:62169 > 121.199.61.226:80 S ttl=49 id=39127 iplen=44 seq=528626996 win=1024 <mss 1460> SENT (0.4540s) TCP 62.112.65.234:62169 > 121.199.61.226:80 S ttl=55 id=39127 iplen=44 seq=528626996 win=1024 <mss 1460> SENT (0.4550s) TCP 19.75.172.153:62169 > 121.199.61.226:80 S ttl=52 id=39127 iplen=44 seq=528626996 win=1024 <mss 1460> SENT (0.4560s) TCP 192.168.1.7:62169 > 121.199.61.226:80 S ttl=39 id=39127 iplen=44 seq=528626996 win=1024 <mss 1460> SENT (0.4560s) TCP 65.29.168.76:62169 > 121.199.61.226:80 S ttl=47 id=39127 iplen=44 seq=528626996 win=1024 <mss 1460> RCVD (0.4900s) TCP 121.199.61.226:80 > 192.168.1.7:62169 SA ttl=117 id=917 iplen=44 seq=972294997 win=8192 <mss 1400> Nmap scan report for www.diaoan.xyz (121.199.61.226) Host is up (0.038s latency). Nmap done: 1 IP address (1 host up) scanned in 6.05 seconds
伪造源地址
源地址是指Nmap发送探测报文的源IP地址,可以使目标主机认为是另一个IP地址在进行扫描.
-S: 指定一个伪造的源IP地址,要和-e和-Pn一起使用
1 2 3 4 5 6 7 8 9 10 11 12 13 14
$ nmap --packet-trace -sn -PS -S 192.168.1.1 www.diaoan.xyz WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -Pn . If you are using it to specify your real source address, you can ignore this warning. Starting Nmap 7.92 ( https://nmap.org ) at 2022-02-09 23:19 China Standard Time Could not figure out what device to send the packet out on with the source address you gave me! If you are trying to sp00f your scan, this is normal, just give the -e eth0 or -e ppp0 or whatever. Otherwise you can still use -e, but I find it kind of fishy. QUITTING! $ nmap --packet-trace -sn -Pn -S 192.168.1.1 www.diaoan.xyz Starting Nmap 7.92 ( https://nmap.org ) at 2022-02-09 23:19 China Standard Time Could not figure out what device to send the packet out on with the source address you gave me! If you are trying to sp00f your scan, this is normal, just give the -e eth0 or -e ppp0 or whatever. Otherwise you can still use -e, but I find it kind of fishy. QUITTING! $ nmap --packet-trace -sn -Pn -S 192.168.1.1 -e eho0 www.diaoan.xyz Starting Nmap 7.92 ( https://nmap.org ) at 2022-02-09 23:20 China Standard Time Nmap scan report for www.diaoan.xyz (121.199.61.226) Host is up. Nmap done: 1 IP address (1 host up) scanned in 9.96 seconds