- \n
- \u53d1\u73b0\u4e3b\u673a<\/strong>\uff1a\u627e\u51fa\u7f51\u7edc\u91cc\u6709\u54ea\u4e9b\u8bbe\u5907\u5728\u7ebf\u3002<\/li>\n\n\n\n
- \u626b\u63cf\u7aef\u53e3<\/strong>\uff1a\u68c0\u67e5\u76ee\u6807\u8bbe\u5907\u4e0a\u54ea\u4e9b\u201c\u95e8\u201d\uff08\u7aef\u53e3\uff09\u662f\u6253\u5f00\u7684\u3002<\/li>\n\n\n\n
- \u8bc6\u522b\u670d\u52a1<\/strong>\uff1a\u5224\u65ad\u8fd9\u4e9b\u5f00\u653e\u7684\u201c\u95e8\u201d\u540e\u8fd0\u884c\u7684\u662f\u4ec0\u4e48\u7a0b\u5e8f\uff08\u5982Web\u670d\u52a1\u5668\u3001\u6570\u636e\u5e93\uff09\uff0c\u751a\u81f3\u662f\u4ec0\u4e48\u7248\u672c\u3002<\/li>\n\n\n\n
- \u63a8\u6d4b\u7cfb\u7edf<\/strong>\uff1a\u5206\u6790\u76ee\u6807\u8bbe\u5907\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u7c7b\u578b\u3002<\/li>\n\n\n\n
- \u9ad8\u7ea7\u811a\u672c<\/strong>\uff1a\u901a\u8fc7\u5185\u7f6e\u811a\u672c\u5f15\u64ce\u8fdb\u884c\u6f0f\u6d1e\u68c0\u6d4b\u7b49\u66f4\u6df1\u5165\u7684\u5de5\u4f5c\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- \u91cd\u8981\u524d\u63d0\uff1a\u6cd5\u5f8b\u4e0e\u9053\u5fb7<\/strong>
\u672a\u7ecf\u6388\u6743\u626b\u63cf\u4ed6\u4eba\u7684\u7f51\u7edc\u6216\u7cfb\u7edf\uff0c\u5728\u5f88\u591a\u5730\u533a\u662f\u8fdd\u6cd5\u884c\u4e3a<\/strong>\u3002\u8bf7\u4ec5\u5728\u4f60\u62e5\u6709\u5408\u6cd5\u6743\u9650\u7684\u7f51\u7edc<\/strong>\uff08\u5982\u4f60\u81ea\u5df1\u7684\u5bb6\u5ead\u7f51\u7edc\u3001\u516c\u53f8\u6388\u6743\u6d4b\u8bd5\u7684\u7f51\u7edc\u3001\u6216\u4e13\u95e8\u7684\u5b9e\u9a8c\u73af\u5883\u5982Metasploitable2\uff09\u4e2d\u8fdb\u884c\u7ec3\u4e60\u3002<\/li>\n<\/ul>\n\n\n\n\u7b2c2\u90e8\u5206\uff1a\u5b89\u88c5Nmap<\/strong><\/h2>\n\n\n\n
Nmap\u652f\u6301\u6240\u6709\u4e3b\u6d41\u64cd\u4f5c\u7cfb\u7edf\u3002\u5b98\u65b9\u4e0b\u8f7d\u5730\u5740\u662f
https:\/\/nmap.org\/download.html<\/code>\u3002<\/p>\n\n\n\n- \n
- Windows\u7cfb\u7edf<\/strong>\uff1a\n
- \n
- \u4ece\u5b98\u7f51\u4e0b\u8f7d\u5b89\u88c5\u5305\uff08\u5982
nmap-7.98-setup.exe<\/code>\uff09\u3002<\/li>\n\n\n\n- \u8fd0\u884c\u5b89\u88c5\u7a0b\u5e8f\uff0c\u52a1\u5fc5\u52fe\u9009\u5b89\u88c5 Npcap<\/strong>\uff08\u8fd9\u662f\u5b9e\u73b0\u626b\u63cf\u529f\u80fd\u7684\u6838\u5fc3\u9a71\u52a8\uff09\u3002<\/li>\n\n\n\n
- \u53ef\u9009\u52fe\u9009 Zenmap<\/strong>\uff08\u56fe\u5f62\u754c\u9762\uff0c\u9002\u5408\u65b0\u624b\u5165\u95e8\uff09\u3002<\/li>\n\n\n\n
- \u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u6253\u5f00\u201c\u547d\u4ee4\u63d0\u793a\u7b26\u201d\uff0c\u8f93\u5165
nmap --version<\/code>\uff0c\u5982\u663e\u793a\u7248\u672c\u53f7\u5219\u5b89\u88c5\u6210\u529f\u3002<\/li>\n<\/ol>\n<\/li>\n\n\n\n- Linux (Ubuntu\/Debian)<\/strong>\uff1a
\u5728\u7ec8\u7aef\u4e2d\u6267\u884c\uff1asudo apt-get update sudo apt-get install nmap<\/code><\/li>\n\n\n\n- macOS<\/strong>\uff1a
\u5982\u679c\u4f60\u5b89\u88c5\u4e86Homebrew\uff0c\u5728\u7ec8\u7aef\u6267\u884c\uff1abrew install nmap<\/code><\/li>\n<\/ul>\n\n\n\n![\"\"](\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\")
<\/div><\/figure>\n\n\n\n\u7b2c3\u90e8\u5206\uff1a\u6838\u5fc3\u64cd\u4f5c\u5b9e\u6218 \u2014\u2014 \u4ece\u7b80\u5355\u5230\u7cbe\u901a<\/strong><\/h2>\n\n\n\n
Nmap\u7684\u57fa\u672c\u547d\u4ee4\u683c\u5f0f\u4e3a\uff1a
nmap [\u626b\u63cf\u7c7b\u578b] [\u9009\u9879] {\u76ee\u6807}<\/code>\u3002\u4e0b\u9762\u6211\u4eec\u4ece\u6700\u7b80\u5355\u7684\u547d\u4ee4\u5f00\u59cb\u3002<\/p>\n\n\n\n\u7b2c\u4e00\u6b65\uff1a\u9a8c\u8bc1\u5b89\u88c5\u4e0e\u9996\u6b21\u626b\u63cf<\/strong>
\u6253\u5f00\u547d\u4ee4\u884c\uff08\u7ec8\u7aef\/CMD\uff09\uff0c\u8f93\u5165\u4ee5\u4e0b\u547d\u4ee4\uff0c\u8fd9\u5c06\u5bf9Nmap\u5b98\u65b9\u63d0\u4f9b\u7684\u6d4b\u8bd5\u4e3b\u673a\u8fdb\u884c\u4e00\u6b21\u6700\u57fa\u7840\u7684\u626b\u63cf\u3002<\/p>\n\n\n\nnmap scanme.nmap.org<\/code><\/pre>\n\n\n\n\u4f60\u4f1a\u770b\u5230\u4e00\u4e2a\u7b80\u5355\u7684\u62a5\u544a\uff0c\u5217\u51fa\u8be5\u4e3b\u673a\u5f00\u653e\u7684\u7aef\u53e3\u53ca\u5bf9\u5e94\u7684\u670d\u52a1\u540d\u79f0\uff08\u5982
80\/tcp open http<\/code>\uff09\u3002<\/p>\n\n\n\n<\/div><\/figure>\n\n\n\n\u7b2c\u4e8c\u6b65\uff1a\u638c\u63e1\u56db\u5927\u6838\u5fc3\u626b\u63cf\u6280\u672f<\/strong>
\u9488\u5bf9\u4e0d\u540c\u573a\u666f\u548c\u76ee\u6807\uff0c\u4f60\u9700\u8981\u9009\u62e9\u4e0d\u540c\u7684\u626b\u63cf\u65b9\u5f0f\u3002\u4e0b\u8868\u5bf9\u6bd4\u4e86\u6700\u5e38\u7528\u7684\u51e0\u79cd\uff1a<\/p>\n\n\n\n\u626b\u63cf\u7c7b\u578b<\/th> \u547d\u4ee4\u9009\u9879<\/th> \u5de5\u4f5c\u539f\u7406<\/th> \u7279\u70b9\u4e0e\u9002\u7528\u573a\u666f<\/th> \u6240\u9700\u6743\u9650<\/th><\/tr><\/thead> TCP SYN\u626b\u63cf (\u534a\u5f00\u653e\u626b\u63cf)<\/strong><\/td> -sS<\/code><\/td>\u53d1\u9001SYN\u5305\uff0c\u6536\u5230SYN\/ACK\u56de\u590d\u5373\u8ba4\u4e3a\u7aef\u53e3\u5f00\u653e\uff0c\u968f\u540e\u4e2d\u65ad\u8fde\u63a5\uff0c\u4e0d\u5b8c\u6210\u4e09\u6b21\u63e1\u624b\u3002<\/td> \u901f\u5ea6\u5feb\u3001\u9690\u853d\u6027\u597d<\/strong>\uff0c\u662f\u6700\u5e38\u7528\u3001\u9ed8\u8ba4\u7684\u626b\u63cf\u65b9\u5f0f\u3002<\/td> \u9700\u8981\u7ba1\u7406\u5458\/root\u6743\u9650<\/strong>\u3002<\/td><\/tr> TCP Connect\u626b\u63cf (\u5168\u8fde\u63a5\u626b\u63cf)<\/strong><\/td> -sT<\/code><\/td>\u5b8c\u6210\u5b8c\u6574\u7684TCP\u4e09\u6b21\u63e1\u624b\u5efa\u7acb\u8fde\u63a5\u3002<\/td> \u65e0\u9700\u7279\u6b8a\u6743\u9650\uff0c\u5728\u65e0\u6cd5\u4f7f\u7528SYN\u626b\u63cf\u65f6\u4f7f\u7528\u3002\u4f46\u901f\u5ea6\u8f83\u6162\uff0c\u4e14\u4f1a\u5728\u76ee\u6807\u65e5\u5fd7\u4e2d\u7559\u4e0b\u5b8c\u6574\u8fde\u63a5\u8bb0\u5f55<\/strong>\u3002<\/td> \u666e\u901a\u7528\u6237\u6743\u9650\u5373\u53ef\u3002<\/td><\/tr> UDP\u626b\u63cf<\/strong><\/td> -sU<\/code><\/td>\u5411\u76ee\u6807\u7aef\u53e3\u53d1\u9001UDP\u5305\uff0c\u6839\u636e\u54cd\u5e94\u5224\u65ad\u72b6\u6001\u3002<\/td> \u7528\u4e8e\u63a2\u6d4bDNS\u3001DHCP\u3001SNMP\u7b49UDP\u670d\u52a1\u3002\u901f\u5ea6\u5f88\u6162<\/strong>\uff0c\u56e0\u4e3aUDP\u534f\u8bae\u65e0\u8fde\u63a5\uff0c\u9700\u8981\u7b49\u5f85\u8d85\u65f6\u3002<\/td> \u9700\u8981\u7ba1\u7406\u5458\/root\u6743\u9650\u3002<\/td><\/tr> Ping\u626b\u63cf (\u4e3b\u673a\u53d1\u73b0)<\/strong><\/td> -sn<\/code><\/td>\u4e0d\u626b\u63cf\u7aef\u53e3\uff0c\u53ea\u68c0\u67e5\u7f51\u6bb5\u4e2d\u6709\u54ea\u4e9b\u4e3b\u673a\u5728\u7ebf\u3002<\/td> \u5feb\u901f\u76d8\u70b9\u7f51\u7edc\u8d44\u4ea7<\/strong>\uff0c\u4f8b\u5982 nmap -sn 192.168.1.0\/24<\/code>\u3002<\/td>\u901a\u5e38\u9700\u8981\u7ba1\u7406\u5458\u6743\u9650\u3002<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n <\/p>\n\n\n\n
\u6838\u5fc3\u626b\u63cf\u6280\u672f\u8be6\u89e3\u4e0e\u5b9e\u6218\u793a\u4f8b<\/strong><\/h3>\n\n\n\n
\u7406\u89e3\u4e0d\u540c\u626b\u63cf\u7c7b\u578b\u7684\u5173\u952e\u5728\u4e8e\u660e\u767d\u5b83\u4eec\u5982\u4f55\u4e0e\u76ee\u6807\u4e3b\u673a\u7684\u7aef\u53e3\u8fdb\u884c\u201c\u5bf9\u8bdd\u201d\u3002\u4e0b\u9762\u6211\u4eec\u901a\u8fc7\u4e00\u4e2a\u5047\u8bbe\u7684\u76ee\u6807IP
192.168.1.105<\/code> \u6765\u6f14\u793a\u3002<\/p>\n\n\n\n1. TCP SYN\u626b\u63cf (
-sS<\/code>)\uff1a \u9ed8\u8ba4\u7684\u3001\u6700\u53d7\u6b22\u8fce\u7684\u626b\u63cf<\/strong><\/h4>\n\n\n\n\u5de5\u4f5c\u539f\u7406<\/strong>\uff1a\u5b83\u53d1\u9001\u4e00\u4e2aSYN\u5305\uff08\u8bf7\u6c42\u8fde\u63a5\uff09\uff0c\u5982\u679c\u7aef\u53e3\u5f00\u653e\uff0c\u76ee\u6807\u4f1a\u56de\u590dSYN\/ACK\u5305\uff1bNmap\u6536\u5230\u540e\uff0c\u4e0d\u4f1a\u5b8c\u6210\u63e1\u624b\uff08\u4e0d\u53d1\u9001ACK\uff09\uff0c\u800c\u662f\u53d1\u9001\u4e00\u4e2aRST\u5305\u4e2d\u65ad\u8fde\u63a5\u3002\u8fd9\u4e2a\u8fc7\u7a0b\u6ca1\u6709\u5efa\u7acb\u5b8c\u6574\u8fde\u63a5\uff0c\u56e0\u6b64\u76f8\u5bf9\u9690\u853d\u3002<\/p>\n\n\n\n
\u547d\u4ee4\u4f8b\u5b50<\/strong>\uff1a<\/p>\n\n\n\n
sudo nmap -sS 192.168.1.105\n<\/code><\/pre>\n\n\n\n\u6ce8\u610f\uff1a\u5728Linux\/Unix\u7cfb\u7edf\u4e0a\uff0c
-sS<\/code> \u626b\u63cf\u901a\u5e38\u9700\u8981sudo<\/code> \u83b7\u53d6root\u6743\u9650\uff0c\u56e0\u4e3a\u9700\u8981\u6784\u9020\u539f\u59cb\u6570\u636e\u5305\u3002<\/p>\n\n\n\n\u5728\u521d\u5b66\u7684\u65f6\u4faf\uff0c\u6211\u4eec\u4e0d\u90fd\u662f\u76f4\u63a5\u91c7\u7528sudo\u547d\u4ee4\u5417\uff1f\u8fd9\u91cc\u4e3a\u4ec0\u4e48\u8981\u63d0\u5230\u83b7\u53d6root\u6743\u9650\uff1f\u4e00\u822c\u4e0d\u90fd\u662f\u5b89\u5353\u624d\u4f1a\u63d0\u5230root\u5417\uff1fsudo \u672c\u8eab\u5c31\u662f\u201c\u4e34\u65f6\u83b7\u53d6root\u6743\u9650\u201d\u7684\u5de5\u5177\uff0c\u4e0d\u662f\u72ec\u7acb\u7684\u6743\u9650\uff0c\u5b89\u5353\u7684root\u548cLinux\u7684root\u662f\u540c\u4e00\u4e2a\u6982\u5ff5\uff0c\u53ea\u662f\u573a\u666f\u53eb\u6cd5\u4e0d\u540c\u3002<\/p>\n\n\n\n
\u901a\u4fd7\u62c6\u89e3<\/p>\n\n\n\n
1. root\u662fLinux\/Unix\u7684\u201c\u6700\u9ad8\u7ba1\u7406\u5458\u6743\u9650\u201d
\u7cfb\u7edf\u91cc\u6240\u6709\u6838\u5fc3\u64cd\u4f5c\uff08\u5982\u6784\u9020\u539f\u59cb\u6570\u636e\u5305\u3001\u4fee\u6539\u7cfb\u7edf\u6587\u4ef6\u3001\u67e5\u770b\u6240\u6709\u8fdb\u7a0b\uff09\u90fd\u9700\u8981root\u6743\u9650\uff0c\u666e\u901a\u7528\u6237\u9ed8\u8ba4\u6ca1\u6709\uff0c-sS\u534a\u5f00\u653e\u626b\u63cf\u9700\u8981\u6784\u9020\u81ea\u5b9a\u4e49IP\/TCP\u6570\u636e\u5305\uff0c\u5c5e\u4e8e\u6838\u5fc3\u64cd\u4f5c\uff0c\u5fc5\u987broot\u3002<\/p>\n\n\n\n2. sudo\u662f\u201c\u4e34\u65f6\u501froot\u6743\u9650\u201d\u7684\u547d\u4ee4
\u4f60\u8f93\u5165 sudo \u67d0\u547d\u4ee4 \uff0c\u672c\u8d28\u662f\u544a\u8bc9\u7cfb\u7edf\uff1a\u201c\u8bf7\u4ee5root\u8eab\u4efd\u6267\u884c\u8fd9\u4e2a\u547d\u4ee4\u201d\uff0c\u6267\u884c\u5b8c\u540e\u6743\u9650\u4f1a\u81ea\u52a8\u56de\u5230\u666e\u901a\u7528\u6237\uff0c\u907f\u514d\u4e00\u76f4\u7528root\u64cd\u4f5c\u5e26\u6765\u7684\u98ce\u9669\uff08\u6bd4\u5982\u8bef\u5220\u7cfb\u7edf\u6587\u4ef6\uff09\u3002<\/p>\n\n\n\n3. \u5b89\u5353\u7684root\u548cLinux\u7684root\u662f\u4e00\u56de\u4e8b
\u5b89\u5353\u672c\u8eab\u662f\u57fa\u4e8eLinux\u5185\u6838\u7684\u7cfb\u7edf\uff0c\u5b89\u5353\u91cc\u8bf4\u7684\u201c\u83b7\u53d6root\u201d\uff0c\u5c31\u662f\u62ff\u5230\u5b89\u5353\u7cfb\u7edf\u7684\u6700\u9ad8\u7ba1\u7406\u5458\u6743\u9650\uff0c\u548cLinux\/Unix\u91cc\u7684root\u6743\u9650\u5b8c\u5168\u540c\u6e90\uff0c\u53ea\u662f\u624b\u673a\u7aef\u4e3a\u4e86\u5b89\u5168\uff0c\u9ed8\u8ba4\u628aroot\u6743\u9650\u9501\u6b7b\u4e86\uff0c\u9700\u8981\u989d\u5916\u64cd\u4f5c\u89e3\u9501\uff1b\u800c\u7535\u8111\u7aef\u7684Linux\/Unix\uff08\u5982Ubuntu\u3001CentOS\uff09\u9ed8\u8ba4\u4e0d\u9501root\uff0c\u4f46\u666e\u901a\u7528\u6237\u6267\u884c\u9ad8\u6743\u9650\u64cd\u4f5c\u9700\u8981\u7528sudo\u4e34\u65f6\u8c03\u7528\u3002<\/p>\n\n\n\n\u7b80\u5355\u8bf4\uff1a\u4e0d\u662f\u201csudo\u4e4b\u5916\u8fd8\u8981\u83b7\u53d6root\u201d\uff0c\u800c\u662f\u201c\u901a\u8fc7sudo\u6765\u83b7\u53d6\u6267\u884c\u8be5\u547d\u4ee4\u6240\u9700\u7684root\u6743\u9650\u201d\u3002<\/p>\n\n\n\n
\u8f93\u51fa\u4e0e\u89e3\u8bfb<\/strong>\uff1a<\/p>\n\n\n\n
<\/div><\/figure>\n\n\n\nStarting Nmap 7.98 ( https:\/\/nmap.org ) at 2026-01-29 19:35 +0800\nNmap scan report for 192.168.1.105\nHost is up (0.0000070s latency).\n\nPORT STATE SERVICE\n1\/tcp open tcpmux\n3\/tcp open compressnet\n4\/tcp open unknown\n6\/tcp open unknown\n7\/tcp open echo\n9\/tcp open discard\n13\/tcp open daytime\n63331\/tcp open unknown\n64623\/tcp open unknown\n64680\/tcp open unknown\n65000\/tcp open unknown\n65129\/tcp open unknown\n65389\/tcp open unknown\n\nNmap done: 1 IP address (1 host up) scanned in 0.80 seconds<\/code><\/pre>\n\n\n\n\u8fd9\u4e2a\u626b\u63cf\u7ed3\u679c\u6781\u6709\u53ef\u80fd\u662f\u201c\u4e0d\u771f\u5b9e\u201d\u6216\u201c\u88ab\u8bef\u5bfc\u201d\u7684\u3002<\/strong> \u5b83\u663e\u793a\u76ee\u6807\u4e3b\u673a\uff08192.168.1.105\uff09\u6709\u8d85\u8fc7900\u4e2aTCP\u7aef\u53e3\u5168\u90e8\u5f00\u653e<\/strong>\uff0c\u8fd9\u5728\u771f\u5b9e\u4e16\u754c\u4e2d\u51e0\u4e4e\u4e0d\u53ef\u80fd\u53d1\u751f\u3002<\/p>\n\n\n\n
2. TCP Connect\u626b\u63cf (
-sT<\/code>)\uff1a \u65e0\u9700\u7279\u6743\u7684\u540e\u5907\u65b9\u6848<\/strong><\/h4>\n\n\n\n\u5de5\u4f5c\u539f\u7406<\/strong>\uff1a\u4f7f\u7528\u7cfb\u7edf\u81ea\u5e26\u7684
connect()<\/code> \u51fd\u6570\u5b8c\u6210\u5b8c\u6574\u7684\u4e09\u6b21\u63e1\u624b\u3002\u56e0\u4e3a\u884c\u4e3a\u4e0e\u666e\u901a\u5e94\u7528\u7a0b\u5e8f\u8fde\u63a5\u5b8c\u5168\u76f8\u540c\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u7279\u6b8a\u6743\u9650<\/strong>\uff0c\u4f46\u4e5f\u56e0\u6b64\u4f1a\u5728\u76ee\u6807\u7cfb\u7edf\u65e5\u5fd7\u4e2d\u7559\u4e0b\u5b8c\u6574\u7684\u8fde\u63a5\u8bb0\u5f55<\/strong>\uff0c\u4e0d\u591f\u9690\u853d\u3002<\/p>\n\n\n\n\u547d\u4ee4\u4f8b\u5b50<\/strong>\uff1a<\/p>\n\n\n\n
nmap -sT 192.168.1.105<\/code><\/pre>\n\n\n\n\u8f93\u51fa\u4e0eSYN\u626b\u63cf\u5bf9\u6bd4<\/strong>\uff1a
\u8f93\u51fa\u7ed3\u679c\u4e0e-sS<\/code> \u626b\u63cf\u76f8\u4f3c\uff0c\u90fd\u80fd\u53d1\u73b0\u5f00\u653e\u7684\u7aef\u53e3\u3002\u4f46\u5173\u952e\u533a\u522b\u5728\u4e8e\u884c\u4e3a\u5c42\u9762<\/strong>\uff1a\u76ee\u6807\u7cfb\u7edf\u7684\u7f51\u7edc\u8fde\u63a5\u65e5\u5fd7\uff08\u5982\/var\/log\/secure<\/code>\u6216Windows\u4e8b\u4ef6\u65e5\u5fd7\uff09\u91cc\uff0c-sT<\/code>\u626b\u63cf\u4f1a\u4ea7\u751f\u7c7b\u4f3c\u4e8e\u201cClient 192.168.1.100 connected to 192.168.1.105:22\u201d<\/code> \u7684\u8bb0\u5f55\uff0c\u800c-sS<\/code>\u626b\u63cf\u53ef\u80fd\u53ea\u7559\u4e0b\u4e00\u4e2a\u4e0d\u5b8c\u6574\u7684\u8fde\u63a5\u5c1d\u8bd5\u8bb0\u5f55\uff0c\u751a\u81f3\u88ab\u67d0\u4e9b\u9632\u706b\u5899\u5ffd\u7565\u3002<\/p>\n\n\n\n# Nmap 7.98 scan initiated Thu Jan 29 20:15:19 2026 as: nmap -sT -T4 -v --reason -p 1-100 -oN tcp_detailed.txt 192.168.0.104\nNmap scan report for 192.168.0.104\nHost is up, received localhost-response (0.000017s latency).\nAll 100 scanned ports on 192.168.0.104 are in ignored states.\nNot shown: 100 closed tcp ports (conn-refused)\n\nRead data files from: D:\\Program\\Professional\\01_Offensive_Security\\01_Reconnaissance\\Nmap\n# Nmap done at Thu Jan 29 20:15:20 2026 -- 1 IP address (1 host up) scanned in 0.76 seconds<\/code><\/pre>\n\n\n\n3. UDP\u626b\u63cf (
-sU<\/code>)\uff1a \u63a2\u7d22\u53e6\u4e00\u7247\u5929\u5730<\/strong><\/h4>\n\n\n\n\u5de5\u4f5c\u539f\u7406<\/strong>\uff1a\u5411\u76ee\u6807UDP\u7aef\u53e3\u53d1\u9001\u4e00\u4e2a\u7a7a\u7684UDP\u5305\u3002\u5982\u679c\u6536\u5230\u201c\u7aef\u53e3\u4e0d\u53ef\u8fbe\u201d\u7684ICMP\u54cd\u5e94\uff0c\u5219\u7aef\u53e3\u4e3a
closed<\/code>\uff1b\u5982\u679c\u6536\u5230\u4efb\u4f55\u5176\u4ed6UDP\u54cd\u5e94\uff0c\u5219\u7aef\u53e3\u4e3aopen<\/code>\uff1b\u5982\u679c\u5b8c\u5168\u6ca1\u6709\u54cd\u5e94\uff0c\u5219\u72b6\u6001\u4e3aopen|filtered<\/code>\uff08\u5f00\u653e\u6216\u88ab\u8fc7\u6ee4\uff09\u3002<\/p>\n\n\n\n\u547d\u4ee4\u4f8b\u5b50<\/strong>\uff1a<\/p>\n\n\n\n
sudo nmap -sU -p 53,67,123,161 192.168.1.105<\/code><\/pre>\n\n\n\n\uff08
-p<\/code>\u6307\u5b9a\u4e86\u5e38\u89c1\u7684UDP\u7aef\u53e3\uff1aDNS, DHCP, NTP, SNMP\u3002UDP\u626b\u63cf\u975e\u5e38\u6162<\/strong>\uff0c\u6240\u4ee5\u52a1\u5fc5\u6307\u5b9a\u7aef\u53e3\u3002\uff09<\/p>\n\n\n\n\u8f93\u51fa\u4e0e\u89e3\u8bfb<\/strong>\uff1a<\/p>\n\n\n\n
D:\\Program\\Professional\\01_Offensive_Security\\01_Reconnaissance\\Nmap>nmap -sU -p 53,67,123,161 192.168.0.104\nStarting Nmap 7.98 ( https:\/\/nmap.org ) at 2026-01-29 20:18 +0800\nNmap scan report for 192.168.0.104\nHost is up (0.000095s latency).\n\nPORT STATE SERVICE\n53\/udp closed domain\n67\/udp closed dhcps\n123\/udp closed ntp\n161\/udp closed snmp\n\nNmap done: 1 IP address (1 host up) scanned in 0.83 seconds<\/code><\/pre>\n\n\n\n- \n
- \u8f93\u51fa\u89e3\u6790<\/strong>\uff1a\n
- \n
Host is up<\/code>\uff1a\u76ee\u6807\u4e3b\u673a\u5728\u7ebf<\/li>\n\n\n\n- \u5ef6\u8fdf\u6781\u4f4e\uff080.000095\u79d2\uff09\uff0c\u8bf4\u660e\u5728\u540c\u4e00\u5c40\u57df\u7f51\u5185\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
\u7aef\u53e3<\/th> \u670d\u52a1<\/th> \u72b6\u6001<\/th> \u542b\u4e49<\/th><\/tr><\/thead> 53\/udp<\/strong><\/td> domain (DNS)<\/td> closed<\/strong><\/td> DNS\u670d\u52a1\u672a\u8fd0\u884c<\/td><\/tr> 67\/udp<\/strong><\/td> dhcps (DHCP\u670d\u52a1\u5668)<\/td> closed<\/strong><\/td> DHCP\u670d\u52a1\u5668\u672a\u8fd0\u884c<\/td><\/tr> 123\/udp<\/strong><\/td> ntp (\u65f6\u95f4\u540c\u6b65)<\/td> closed<\/strong><\/td> NTP\u65f6\u95f4\u670d\u52a1\u672a\u8fd0\u884c<\/td><\/tr> 161\/udp<\/strong><\/td> snmp (\u7f51\u7edc\u7ba1\u7406)<\/td> closed<\/strong><\/td> SNMP\u670d\u52a1\u672a\u8fd0\u884c<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n 4. Ping\u626b\u63cf (
-sn<\/code>)\uff1a \u5feb\u901f\u7f51\u7edc\u666e\u67e5<\/strong><\/h4>\n\n\n\n\u5de5\u4f5c\u539f\u7406<\/strong>\uff1a\u4e0d\u626b\u63cf\u4efb\u4f55\u7aef\u53e3\uff0c\u53ea\u53d1\u9001ICMP\u56de\u58f0\u8bf7\u6c42\u3001TCP SYN\u5305\u5230443\u7aef\u53e3\u3001TCP ACK\u5305\u523080\u7aef\u53e3\u7b49\u7ec4\u5408\u63a2\u9488\uff0c\u6765\u63a2\u6d4b\u4e3b\u673a\u662f\u5426\u5728\u7ebf\u3002\u8fd9\u662f\u5feb\u901f\u7ed8\u5236\u7f51\u7edc\u5730\u56fe<\/strong>\u7684\u6700\u4f73\u5de5\u5177\u3002<\/p>\n\n\n\n
\u547d\u4ee4\u4f8b\u5b50<\/strong>\uff1a<\/p>\n\n\n\n
sudo nmap -sn 192.168.1.0\/24<\/code><\/pre>\n\n\n\n\u8f93\u51fa\u4e0e\u89e3\u8bfb<\/strong>\uff1a<\/p>\n\n\n\n
<\/div><\/figure>\n\n\n\nD:\\Program\\Professional\\01_Offensive_Security\\01_Reconnaissance\\Nmap>nmap -sn 192.168.0.104\/24\nStarting Nmap 7.98 ( https:\/\/nmap.org ) at 2026-01-29 20:31 +0800\nNmap scan report for 192.168.0.1\nHost is up (0.060s latency).\nMAC Address: 74:39:89:D7:9F:1C (TP-Link Technologies)\nNmap scan report for 192.168.0.100\nHost is up (0.076s latency).\nMAC Address: DE:07:9A:12:91:AD (Unknown)\nNmap scan report for 192.168.0.101\nHost is up (0.19s latency).\nMAC Address: 52:2C:14:9E:05:E8 (Unknown)\nNmap scan report for 192.168.0.102\nHost is up (0.14s latency).\nMAC Address: EA:89:88:56:76:7D (Unknown)\nNmap scan report for 192.168.0.103\nHost is up (1.4s latency).\nMAC Address: 52:B8:77:87:4B:BB (Unknown)\nNmap scan report for 192.168.0.104\nHost is up.\nNmap done: 256 IP addresses (6 hosts up) scanned in 6.51 seconds<\/code><\/pre>\n\n\n\n- \n
- \u8f93\u51fa\u89e3\u6790<\/strong>\uff1a\n
- \n
- \u5b83\u5feb\u901f\u626b\u63cf\u4e86\u6574\u4e2a
192.168.1.0<\/code> \u5230192.168.1.255<\/code> \u7684\u7f51\u6bb5\uff0c\u53d1\u73b0\u4e863\u53f0\u5728\u7ebf\u8bbe\u5907\u3002<\/li>\n\n\n\n- \u5217\u51fa\u4e86\u6bcf\u53f0\u8bbe\u5907\u7684IP\u548cMAC\u5730\u5740\uff0c\u751a\u81f3\u6839\u636eMAC\u5730\u5740\u63a8\u6d4b\u4e86\u5382\u5546<\/strong>\uff0c\u8fd9\u5bf9\u7f51\u7edc\u62d3\u6251\u5206\u6790\u975e\u5e38\u6709\u5e2e\u52a9\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
\u603b\u7ed3\u4e0e\u7efc\u5408\u5e94\u7528\u793a\u4f8b<\/strong><\/h3>\n\n\n\n
\u53ef\u4ee5\u53c2\u8003\u4e0b\u8868\uff1a<\/p>\n\n\n\n
\u626b\u63cf\u7c7b\u578b<\/th> \u5178\u578b\u547d\u4ee4<\/th> \u6838\u5fc3\u76ee\u7684<\/th> \u8f93\u51fa\u5173\u952e\u4fe1\u606f<\/th> \u6ce8\u610f\u4e8b\u9879<\/th><\/tr><\/thead> TCP SYN\u626b\u63cf<\/strong><\/td> sudo nmap -sS \u76ee\u6807<\/code><\/td>\u5168\u9762\u3001\u9690\u853d\u7684\u7aef\u53e3\u666e\u67e5<\/strong><\/td> \u6240\u6709\u5f00\u653e<\/strong>\u7684TCP\u7aef\u53e3\u53ca\u670d\u52a1\u540d\u3002<\/td> \u9700\u8981Root\u6743\u9650<\/strong>\uff0c\u662f\u4e13\u4e1a\u6e17\u900f\u6d4b\u8bd5\u9996\u9009\u3002<\/td><\/tr> TCP Connect\u626b\u63cf<\/strong><\/td> nmap -sT \u76ee\u6807<\/code><\/td>\u5728\u65e0\u6cd5\u83b7\u5f97Root\u6743\u9650\u65f6\u8fdb\u884c\u7aef\u53e3\u626b\u63cf\u3002<\/td> \u540c\u4e0a\uff0c\u4f46\u51c6\u786e\u6027\u53ef\u80fd\u53d7\u9632\u706b\u5899\u5f71\u54cd\u3002<\/td> \u4f1a\u5728\u76ee\u6807\u7559\u4e0b\u65e5\u5fd7<\/strong>\uff0c\u901f\u5ea6\u8f83\u6162\u3002<\/td><\/tr> UDP\u626b\u63cf<\/strong><\/td> sudo nmap -sU -p \u5e38\u7528\u7aef\u53e3 \u76ee\u6807<\/code><\/td>\u53d1\u73b0DNS\u3001DHCP\u3001SNMP\u7b49UDP\u670d\u52a1<\/strong>\u3002<\/td> open<\/code>\uff0copen|filtered<\/code>\uff0cclosed<\/code>\u3002<\/td>\u6781\u5176\u7f13\u6162<\/strong>\uff0c\u5fc5\u987b\u6307\u5b9a\u7aef\u53e3\u8303\u56f4\u3002<\/td><\/tr> Ping\u626b\u63cf<\/strong><\/td> - \u5217\u51fa\u4e86\u6bcf\u53f0\u8bbe\u5907\u7684IP\u548cMAC\u5730\u5740\uff0c\u751a\u81f3\u6839\u636eMAC\u5730\u5740\u63a8\u6d4b\u4e86\u5382\u5546<\/strong>\uff0c\u8fd9\u5bf9\u7f51\u7edc\u62d3\u6251\u5206\u6790\u975e\u5e38\u6709\u5e2e\u52a9\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
- \u5b83\u5feb\u901f\u626b\u63cf\u4e86\u6574\u4e2a
- \u5ef6\u8fdf\u6781\u4f4e\uff080.000095\u79d2\uff09\uff0c\u8bf4\u660e\u5728\u540c\u4e00\u5c40\u57df\u7f51\u5185\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
- \u8fd0\u884c\u5b89\u88c5\u7a0b\u5e8f\uff0c\u52a1\u5fc5\u52fe\u9009\u5b89\u88c5 Npcap<\/strong>\uff08\u8fd9\u662f\u5b9e\u73b0\u626b\u63cf\u529f\u80fd\u7684\u6838\u5fc3\u9a71\u52a8\uff09\u3002<\/li>\n\n\n\n
- \u4ece\u5b98\u7f51\u4e0b\u8f7d\u5b89\u88c5\u5305\uff08\u5982
- \u626b\u63cf\u7aef\u53e3<\/strong>\uff1a\u68c0\u67e5\u76ee\u6807\u8bbe\u5907\u4e0a\u54ea\u4e9b\u201c\u95e8\u201d\uff08\u7aef\u53e3\uff09\u662f\u6253\u5f00\u7684\u3002<\/li>\n\n\n\n
![\"\"](\"http:\/\/www.preluna.xyz\/wp-content\/uploads\/2026\/01\/Nmap1-1024x92.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"http:\/\/www.preluna.xyz\/wp-content\/uploads\/2026\/01\/Nmap2-1024x320.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"http:\/\/www.preluna.xyz\/wp-content\/uploads\/2026\/01\/Nmap3-1024x238.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"http:\/\/www.preluna.xyz\/wp-content\/uploads\/2026\/01\/Nmap4-1024x470.png\")
<\/div><\/figure>\n\n\n\n