NMap，Network Mapper was originally a network scanning and sniffing toolkit under Linux.
apt-get install nmap
2 Use to view all external ports under IP
$ sudo nmap -sS ip Starting Nmap 7.01 ( https://nmap.org ) at 2018-11-16 18:29 CST Nmap scan report for ip Host is up (0.038s latency). Not shown: 997 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3389/tcp closed ms-wbt-server Nmap done: 1 IP address (1 host up) scanned in 31.47 seconds
You can see port 22, port 80 and port 3389 are open to the public.
You can see whether the state is open or closed.
You can see what kind of service it is.
You can also see whether specific ports are open to the public.
nmap ip -p80 Starting Nmap 7.01 ( https://nmap.org ) at 2018-11-16 18:34 CST Nmap scan report for ip Host is up (0.036s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
$ nmap ip -p 80 Starting Nmap 7.01 ( https://nmap.org ) at 2018-11-16 18:35 CST Nmap scan report for ip Host is up (0.036s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
You can also check the scope.
$ nmap 126.96.36.199 -p 80-4000 Starting Nmap 7.01 ( https://nmap.org ) at 2018-11-16 18:36 CST Nmap scan report for 188.8.131.52 Host is up (0.038s latency). Not shown: 3919 filtered ports PORT STATE SERVICE 80/tcp open http 3389/tcp closed ms-wbt-server Nmap done: 1 IP address (1 host up) scanned in 11.74 seconds
It basically replaces telnet.
$ telnet ip port Trying ip... Connected to ip...
the six port states identified by Nmap.
The application is receiving TCP connections or UDP messages on this port. Discovering this is often the main goal of port scanning. Security-conscious people know that every open port is an attack entrance. Attackers or intrusion testers want to find open ports. Administrators try to shut downThey may be protected by firewalls so as not to interfere with legitimate users. Non-secure scans may also be interested in open ports, because they show which services are available on the network.
The closed port is also accessible to Nmap (it accepts and responds to Nmap probe messages), but no application listens on it. They can show that the host on the IP address (host discovery, or Ping scan) is running up and also detect some operating systems.Help. Because the closed ports are accessible, maybe it’s worth scanning later, maybe some of them are open again. System administrators may consider blocking such ports with firewalls. Then they will be shown as filtered, as discussed below.
Because packet filtering prevents probe messages from reaching the port, Nmap cannot determine whether the port is open or not. Filtering may come from professional firewall devices, router rules, or software firewalls on the host. Such ports frustrate attackers because they provide little information. Sometimes itThey respond to ICMP error messages such as type 3 code 13 (unable to reach the target: communication is prohibited by the administrator), but more generally, the filter simply discards the probe frame without responding. This forces Nmap to retry several visits in case the packet is discarded due to network congestion. This makes sweeping.The drawing speed slows down obviously.
Unfiltered state means that the port is accessible, but Nmap is not sure whether it is open or closed. Only ACK scans used to map firewall rule sets can classify ports into this state. Scan unfiltered with other types of scans such as window scan, SYN scan, or FIN scanThe port of the port can help determine whether the port is open or not.
open|filtered(Open or filtered)
When it is uncertain whether the port is open or filtered, Nmap divides the port into this state. An example is open port non-responsiveness. Failure to respond may also mean that the message filter discards the probe message or any response it elicits. So Nmap can’t confirm that the port is openIt’s filtered. UDP, IP protocol, FIN, Null, and Xmas scans may classify ports as such.
closed|filtered(Closed or filtered)
This state is used in Nmap to determine whether the port is closed or filtered. It can only appear in IPID Idle scans.