使用 nmap

扫描局域网中的所有主机

nmap -sn 192.168.2.0/24
Starting Nmap 7.93 ( https://nmap.org ) at 2025-05-14 17:35 CST
Nmap scan report for router.ctc (192.168.2.1)
Host is up (0.0024s latency).
Nmap scan report for bogon (192.168.2.2)
Host is up (0.00061s latency).
Nmap scan report for bogon (192.168.2.9)
Host is up (0.000096s latency).
Nmap done: 256 IP addresses (5 hosts up) scanned in 15.17 seconds

扫描某个主机的常见端口

$ nmap 192.168.2.9
Starting Nmap 7.93 ( https://nmap.org ) at 2025-05-14 17:28 CST
Nmap scan report for bogon (192.168.2.9)
Host is up (0.00016s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

扫描所有 TCP 端口（0-65535）

$ nmap -p- 192.168.2.9
Starting Nmap 7.93 ( https://nmap.org ) at 2025-05-14 17:29 CST
Nmap scan report for bogon (192.168.2.9)
Host is up (0.00011s latency).
Not shown: 65529 closed tcp ports (conn-refused)
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
443/tcp   open  https
7654/tcp  open  unknown

Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds

服务和版本检测

$ nmap -sV 192.168.2.9
Starting Nmap 7.93 ( https://nmap.org ) at 2025-05-14 17:36 CST
Nmap scan report for bogon (192.168.2.9)
Host is up (0.00013s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT     STATE SERVICE  VERSION
22/tcp   open  ssh      OpenSSH 9.2p1 Debian 2+deb12u4 (protocol 2.0)
80/tcp   open  http     nginx 1.27.3
443/tcp  open  ssl/http nginx 1.27.3

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 56.41 seconds

操作系统检测

$ sudo nmap -O 192.168.2.9
[sudo] password for debian:
Starting Nmap 7.93 ( https://nmap.org ) at 2025-05-14 17:39 CST
Nmap scan report for bogon (192.168.2.9)
Host is up (0.000036s latency).
Not shown: 996 closed tcp ports (reset)
PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   filtered http
443/tcp  filtered https
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.79 seconds