なにかと便利なnmapの紹介。
(他人のマシンに使わないように!!!)
あのマシンのIPアドレスなんだっけ・・・というときにはpingスキャン。
# nmap -sP 192.168.0.0/24 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-03-15 10:32 JST Host 192.168.0.1 appears to be up. MAC Address: 00:0A:79:B0:21:50 (corega K.K.) Host cent (192.168.0.10) appears to be up. Host kuro (192.168.0.11) appears to be up. MAC Address: 00:0D:0B:AD:B6:0B (Buffalo) Host 192.168.0.20 appears to be up. MAC Address: 00:18:84:20:5C:30 (Unknown) Host 192.168.0.22 appears to be up. MAC Address: 00:16:CB:A9:D0:3F (Apple Computer) Host 192.168.0.24 appears to be up. MAC Address: 00:0C:29:9C:DC:06 (VMware) Nmap finished: 256 IP addresses (6 hosts up) scanned in 4.262 seconds
corega(ルータ)、Buffalo(玄箱)、Apple(Mac)、VMware(Windows仮想マシン)。どれがなんのアドレスか一目瞭然です。
なぜあのサービスに接続できないんだ・・・というときはポートスキャン。
pオプションでスキャンしたいポートを指定します。
TCPスキャン
# nmap -sT -p20-22,80 192.168.0.11 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-03-15 18:11 JST Interesting ports on kuro (192.168.0.11): PORT STATE SERVICE 20/tcp closed ftp-data 21/tcp closed ftp 22/tcp open ssh 80/tcp closed http MAC Address: 00:0D:0B:AD:B6:0B (Buffalo) Nmap finished: 1 IP address (1 host up) scanned in 0.287 seconds
UDPスキャン
# nmap -sU -p514 192.168.0.11 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-03-15 18:08 JST Interesting ports on kuro (192.168.0.11): PORT STATE SERVICE 514/udp closed syslog MAC Address: 00:0D:0B:AD:B6:0B (Buffalo) Nmap finished: 1 IP address (1 host up) scanned in 0.295 seconds
UDPはポート数多いと非常に時間がかかります。
どんなポートが開いてるかチェックしたい時はポート指定無しで実行してください。
# nmap -sT 192.168.0.11 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-03-15 10:39 JST Interesting ports on kuro (192.168.0.11): Not shown: 1671 closed ports PORT STATE SERVICE 9/tcp open discard 13/tcp open daytime 22/tcp open ssh 23/tcp open telnet 37/tcp open time 111/tcp open rpcbind 740/tcp open netcp 757/tcp open unknown 2049/tcp open nfs MAC Address: 00:0D:0B:AD:B6:0B (Buffalo) Nmap finished: 1 IP address (1 host up) scanned in 1.392 seconds
ただデフォルトでスキャンされるのは/usr/share/nmap/nmap-servicesに書かれてるものだけなので、全ポートをスキャンしたい場合は手で指定してください。
# nmap -sT -p1-65535 192.168.0.11 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-03-15 18:13 JST Interesting ports on kuro (192.168.0.11): Not shown: 65525 closed ports PORT STATE SERVICE 9/tcp open discard 13/tcp open daytime 22/tcp open ssh 23/tcp open telnet 37/tcp open time 111/tcp open rpcbind 740/tcp open netcp 757/tcp open unknown 2049/tcp open nfs 4152/tcp open unknown MAC Address: 00:0D:0B:AD:B6:0B (Buffalo) Nmap finished: 1 IP address (1 host up) scanned in 3.767 seconds
なんかいろいろ開いてますねぇ。
(アクセス制限はルータ側でやるポリシーなのでテキトウです。)