企业网络扫描指南：深入解析Nmap

需积分: 15 183 浏览量更新于2024-07-17 收藏 4.64MB PDF 举报

"Nmap在企业中的应用：网络扫描指南" 本书深入介绍了Nmap这款强大的网络扫描工具，它被广泛应用于网络管理员和IT安全专业人员的日常工作中，用于探测企业网络中的活动主机、特定服务以及操作系统。Nmap的独特之处在于其能够自定义IP包并利用特殊方法执行各种类型的扫描任务。以下是对Nmap各知识点的详细说明： 1. **理解网络扫描**：这部分内容涵盖了网络扫描的基础知识，包括网络协议和扫描技术。它将帮助读者了解常见的网络扫描工具，并探讨网络扫描策略，确保扫描过程既有效又合规。 2. **掌握Nmap**：深入学习如何在企业环境中使用Nmap，了解如何保障Nmap的安全性，优化其性能，并掌握高级扫描技巧。这包括对Nmap的安装、配置和优化，使其能在Windows、Linux、Mac OS X等不同平台上运行，并从源代码进行安装。 3. **使用Zenmap图形用户界面**：Zenmap是Nmap的GUI版本，它提供了更直观的扫描管理方式。通过Zenmap，可以运行扫描，管理扫描设置，使用命令向导构建命令，管理个人配置文件，以及分析扫描结果。 4. **企业环境中的Nmap应用**：详细阐述如何启动Nmap扫描，发现网络中的主机，进行端口扫描，识别操作系统以及检测服务和应用程序版本。这些操作对于企业网络监控至关重要。 5. **操作系统指纹识别**：深入探讨Nmap的OS指纹识别技术，理解其工作原理，并学习如何将其作为行政工具来使用，同时涵盖如何检测和规避OS指纹扫描。 6. **Nmap的附加工具**：介绍与Nmap配合使用的辅助工具，如NDiff（Nmap差异比较）、RNmap（远程Nmap）、Bilbo和Nmap-parser，这些工具扩展了Nmap的功能，提高了扫描效率。 7. **分析真实世界的Nmap扫描**：作者通过实例分析，带领读者理解如何在实际场景中运用Nmap进行网络扫描，提升实战技能。 8. **精通高级Nmap扫描技巧**：这部分涉及TCP扫描标志自定义、分片包、IP和MAC地址欺骗、添加诱饵源IP、向发送的数据包添加随机数据、操纵生存时间字段以及发送带有错误TCP或UDP校验和的包等高级技术，使读者能够应对复杂网络环境下的扫描挑战。请注意，使用Nmap进行网络扫描时应遵守适用的法律和政策，并采取适当的预防措施，如备份和数据保护，以防止潜在的损失。由于某些州可能不允许排除或限制间接或附带损害的责任，因此这些限制可能不适用于所有情况。

www.syngress.com

2 Chapter 1 • Introducing Network Scanning

Introduction

About ten years ago I was working as a Network Administrator managing a

medium size network. One of my ﬁ rst tasks in this position was to create a network

asset database for all network devices. We already had a high-priced, although

functionally deﬁ cient, network management tool that just wasn’t making the cut.

Using the output from the management tool as a starting point I began painstakingly

connecting to each network device, and documenting them to inventory the

network. This also involved a lot of hours physically traversing buildings, basements,

and wiring closets. Finally, it seemed that I had visited every nook and cranny and

identiﬁ ed every router, bridge, switch, hub, and archaic telecommunications device

retroﬁ tted to the network. For security, I wrote a UNIX script to connect to the

known devices and disable physical ports that weren’t being used and enable security

features on the devices. This is when things started to get complicated. Suddenly

the help desk phones started ringing and people were complaining of lost network

connectivity. Alas, there were even more devices out there that we didn’t know

about! Luckily the UNIX script was easily reversible. After hearing my woes that

evening a “hacker” friend of mine pointed out a new tool for scanning networks

that he read about in Phrack magazine. It was a bit controversial, but it was free

and it looked like it could do the job. The next day became my ﬁ rst experience

with Nmap, a network scanner, and since that day it has been making my life a

whole lot easier.

What is Network Scanning?

Network scanning is the process of discovering active hosts on the network and

information about the hosts, such as operating system, active ports, services, and

applications. Network scanning is comprised of the following four basic techniques:

■

Network Mapping Sending messages to a host that will generate a response

if the host is active

■

Port Scanning Sending messages to a speciﬁ ed port to determine if it

is active

■

Service and Version Detection Sending specially crafted messages to

active ports to generate responses that will indicate the type and version of

service running

www.syngress.com

4 Chapter 1 • Introducing Network Scanning

Explaining Ethernet

Ethernet is the most popular protocol standard used to enable computers to communicate.

A protocol is like speaking a particular language. Ethernet was built around the principle

of a shared medium where all computers on the local network segment share the

same cable. It is known as a broadcast protocol because it sends that data to all other

computers on the same network segment. This information is divided up into manageable

chunks called packets, and each packet has a header containing the addresses of both

the destination and source computers. Even though this information is sent out to all

computers on a segment, only the computer with the matching destination address

responds. All of the other computers on the network still see the packet, but if they

are not the intended receiver they disregard it.

Ethernet addresses are also known as Media Access Control (MAC) addresses

and hardware addresses. Because many computers may share a single Ethernet segment,

each one must have an individual identiﬁ er hard-coded onto the network interface card

(NIC). A MAC address is a 48-bit number, which is also stated as a 12-digit hexadecimal

number. This number is broken down into two halves; the ﬁ rst 24 bits identify the

vendor of the Ethernet card, and the second 24 bits comprise a serial number

assigned by the vendor.

The following steps allow you to view your NIC’s MAC address:

■

Windows 9x/ME Access Start | Run and type winipcfg.exe. The MAC

address will be listed as the “Adapter Address.”

■

Windows NT, 2000, XP, and 2003 Access the command line and type

ipconﬁ g /all. The MAC address will be listed as the “Physical Address.”

■

Linux and Solaris Type ifconﬁ g –a at the command line. The MAC

address will be listed as the “HWaddr” on Linux and as “ether” on Solaris.

■

Macintosh OS X Type ifconﬁ g –a at the Terminal application. The MAC

address will be listed as the “Ether” label.

You can also view the MAC addresses of other computers that you have recently

communicated with, by typing the command arp –a. The Address Resolution

Protocol (ARP) is responsible for mapping IP addresses to MAC addresses.

剩余258页未读，继续阅读

june_yao

粉丝: 3
资源: 20

企业网络扫描指南：深入解析Nmap

Nmap Cookbook The Fat-free Guide to Network Scanning.pdf

Nmap.in.the.Enterprise.Your.Guide.to.Network.Scanning.Jan.2008

Nmap 6 Cookbook The Fat Free Guide to Network Security Scanning mobi

Nmap 6 Cookbook The Fat Free Guide to Network Security Scanning epub

Nmap 6 Cookbook The Fat Free Guide to Network Security Scanning azw3

网络通信安全：snort入侵检测系统使用.pdf

最新资源