25. 用TCP ACK扫描远程主机的特定端口 [root@server1 ~]# nmap -PA -p 22,80 192.168.0.101 Starting Nmap 4.11 ( ) at 2013-11-11 18:02 EST Interesting ports on server2.tecmint.com (192.168.0.101): PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.166 seconds You have new mail in /var/spool/mail/root 26. 用TCP SYN扫描远程主机的特定端口 [root@server1 ~]# nmap -PS -p 22,80 192.168.0.101 Starting Nmap 4.11 ( ) at 2013-11-11 18:08 EST Interesting ports on server2.tecmint.com (192.168.0.101): PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.165 seconds You have new mail in /var/spool/mail/root 27. 执行隐秘扫描 [root@server1 ~]# nmap -sS 192.168.0.101 Starting Nmap 4.11 ( ) at 2013-11-11 18:10 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open MySQL 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.383 seconds You have new mail in /var/spool/mail/root 28. 用TCP SYN扫描最常用的端口 [root@server1 ~]# nmap -sT 192.168.0.101 Starting Nmap 4.11 ( ) at 2013-11-11 18:12 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.406 seconds You have new mail in /var/spool/mail/root 29. 执行tcp空扫描来愚弄防火墙 [root@server1 ~]# nmap -sN 192.168.0.101 Starting Nmap 4.11 ( ) at 2013-11-11 19:01 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open|filtered ssh 80/tcp open|filtered http 111/tcp open|filtered rpcbind 957/tcp open|filtered unknown 3306/tcp open|filtered mysql 8888/tcp open|filtered sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 1.584 seconds You have new mail in /var/spool/mail/root
这些就是目前NMAP 的用法,我会写出更有创造性的NMAP的第二部分(译注:原文为 I’ll be coming up more creative options of NMAP in our second part of this serious,这里serious可能为笔误,应该为series)。接着,不要走开也别忘了分享你们有价值的评论。