Nmap
Nmap()
2Twitterabend
ISOG-WG1Burp Suite Japan User Group
Nmap31
OS
4
5
$ nmap 192.168.0.1
# nmap 192.168.0.1
6Connect Scan
SYN Scan
7SYN ScanRaw SocketConnect Scan
8SYN ScanConnect Scan2
91-sT2--unprivileged
10-A-O-sV-sC--traceroute --unprivileged -O --traceroute
11root@kali:~# nmap -O 192.168.217.131 --unprivilegedTCP/IP
fingerprinting (for OS scan) requires root
privileges.QUITTING!-O-A
12
unfiltered13
146
open , closed , filtered , unfiltered , open|filtered ,
closed|filtered
156
open , closed , filtered , unfiltered , open|filtered ,
closed|filtered
unfiltered?16Nmap
Nmaphttps://nmap.org/man/jp/man-port-scanning-basics.html
unfiltered17open
18ACK ScanACKstatus
ACK
ACK Scan
ACK Scan19
filter
filter!!
ACK Scan20
RSTRSTopenclosed(filter)unfilteredfilter!!
ACK Scan21 filteropenclose
ACK Scan22 } else if (tcp->th_flags & TH_RST) {
current_reason = ER_RESETPEER; if (USI->scantype == WINDOW_SCAN
) { newstate = (tcp->th_win) ? PORT_OPEN : PORT_CLOSED; } else
if (USI->scantype == ACK_SCAN) { newstate = PORT_UNFILTERED; }
else newstate = PORT_CLOSED;scan_engin_raw.cc18181824
Window Scan23
Window Scan24NmapReference Guide
Window scan is exactly the same as ACK scan except that it
exploits an implementation detail of certain systems to
differentiate open ports from closed ones
https://nmap.org/book/man-port-scanning-techniques.html
Window Scan25Widow ScanACK ScanWindow Scanopenclose
ACK Scan
Window Scan26 } else if (tcp->th_flags & TH_RST) {
current_reason = ER_RESETPEER; if (USI->scantype == WINDOW_SCAN
) { newstate = (tcp->th_win) ? PORT_OPEN : PORT_CLOSED; } else
if (USI->scantype == ACK_SCAN) { newstate = PORT_UNFILTERED; }
else newstate = PORT_CLOSED;Window ScanACK ScanRSTWindow
size0open
open27Starting Nmap 7.10 ( https://nmap.org ) at 2016-07-03
04:22 JSTNmap scan report for 192.168.1.219Host is up (0.00070s
latency).PORT STATE SERVICE80/tcp open http
close28Starting Nmap 7.10 ( https://nmap.org ) at 2016-07-03
05:14 JSTNmap scan report for 192.168.1.219Host is up (0.00031s
latency).PORT STATE SERVICE80/tcp closed http
Window Scan29VMNATWindow ScanRSTWindow size0Connect
ScanRSTWindow size0
30NAT
![NOMBRE SINOPSIS nmap especificación de objetivo · 2018. 10. 2. · NMAP(1) [FIXME: manual] NMAP(1) NOMBRE nmap − Herramienta de exploración de redes y de sondeo de seguridad](https://img.dokumen.tips/doc/110x75/5feae608b5996d77aa3efb02/nombre-sinopsis-nmap-especiicacin-de-objetivo-2018-10-2-nmap1-fixme.jpg)
![[kmasecurity.net] - Nmap](https://img.dokumen.tips/doc/110x75/558a5c1ed8b42ac41b8b4645/kmasecuritynet-nmap.jpg)
