강좌
클라우드/리눅스에 관한 강좌입니다.
해킹&보안 분류

nmap으로 특정 네트워크를 대상으로 스캐닝 하기

작성자 정보

  • 관리자 작성
  • 작성일

컨텐츠 정보

본문

nmap으로 특정 네트워크를 대상으로 스캐닝 하기

 




nmap으로   특정 호스트 또는 특정 도메인명 또는 특정 IP주소를 사용하여 하나의 호스트만을 대상으로 스캔을 해 보았습니다.

 

 

 

 하지만, nmap을 사용하면 특정 네트워크를 대상으로 스캔을 할 수 있습니다.

 

 

 

 특정 네트워크를 대상으로 스캔 한다는 의미는 그 네트워크 내에 존재하는 모든 호스트들을 대상으로 스캔 한다는 의미가 됩니다.

 

 

 

 이런 이유에서 nmap이 단순히 특정 호스트만을 대상으로 사용하는 툴이 아니라 네트워크를 탐색할 수 있는 툴이라고 하는 것입니다.

 

 

 

 

 

만약 여러분들이 알고 있는 네트워크주소가 있다면 nmap을 이용하여 그 네트워크 내에 존재하는 모든 호스트들에 정보를 단 한번의 nmap명령어로 모두 확인할 수 있습니다.

 

 

 

 다음 예를 보십시오.

 

[root@su250 Packages]# nmap -sT -O -v 192.168.0.0/24

 

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-29 00:12 KST

Initiating ARP Ping Scan at 00:12

Scanning 250 hosts [1 port/host]

Completed ARP Ping Scan at 00:12, 1.43s elapsed (250 total hosts)

Initiating Parallel DNS resolution of 250 hosts. at 00:12

Completed Parallel DNS resolution of 250 hosts. at 00:12, 4.01s elapsed

Initiating Connect Scan at 00:12

Scanning 5 hosts [1715 ports/host]

Discovered open port 21/tcp on 192.168.0.100

Discovered open port 3389/tcp on 192.168.0.158

Discovered open port 80/tcp on 192.168.0.1

Discovered open port 22/tcp on 192.168.0.100

Discovered open port 80/tcp on 192.168.0.100

Discovered open port 111/tcp on 192.168.0.100

Discovered open port 1500/tcp on 192.168.0.1

Discovered open port 1900/tcp on 192.168.0.1

Discovered open port 80/tcp on 192.168.0.159

Discovered open port 873/tcp on 192.168.0.100

Discovered open port 23/tcp on 192.168.0.159

Discovered open port 3306/tcp on 192.168.0.100

Discovered open port 445/tcp on 192.168.0.100

Completed Connect Scan against 192.168.0.1 in 2.11s (4 hosts left)

Discovered open port 139/tcp on 192.168.0.100

Discovered open port 912/tcp on 192.168.0.155

Discovered open port 445/tcp on 192.168.0.158

Completed Connect Scan against 192.168.0.100 in 2.30s (3 hosts left)

Discovered open port 139/tcp on 192.168.0.158

Discovered open port 445/tcp on 192.168.0.155

Discovered open port 135/tcp on 192.168.0.158

Discovered open port 139/tcp on 192.168.0.155

Completed Connect Scan against 192.168.0.158 in 2.44s (2 hosts left)

Discovered open port 135/tcp on 192.168.0.155

Completed Connect Scan against 192.168.0.155 in 2.45s (1 host left)

Discovered open port 79/tcp on 192.168.0.159

Completed Connect Scan at 00:12, 3.54s elapsed (8575 total ports)

Initiating OS detection (try #1) against 5 hosts

Retrying OS detection (try #2) against 192.168.0.155

Retrying OS detection (try #3) against 192.168.0.155

Retrying OS detection (try #4) against 192.168.0.155

Retrying OS detection (try #5) against 192.168.0.155

Host 192.168.0.1 appears to be up ... good.

Interesting ports on 192.168.0.1:

Not shown: 1712 closed ports

PORT     STATE SERVICE

80/tcp   open  http

1500/tcp open  vlsi-lm

1900/tcp open  upnp

MAC Address: 00:0F:EA:91:22:F0 (Giga-Byte Technology Co.)

Device type: general purpose

Running: Linux 2.4.X

OS details: Linux 2.4.18 - 2.4.32 (likely embedded)

Uptime: 10.314 days (since Thu Dec 18 16:40:26 2008)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=200 (Good luck!)

IP ID Sequence Generation: All zeros

 

Host 192.168.0.100 appears to be up ... good.

Interesting ports on 192.168.0.100:

Not shown: 1707 closed ports

PORT     STATE SERVICE

21/tcp   open  ftp

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

873/tcp  open  rsync

3306/tcp open  mysql

MAC Address: 00:C0:26:27:E5:CB (Lans Technology CO.)

Device type: general purpose

Running: Linux 2.4.X

OS details: Linux 2.4.18 - 2.4.32 (likely embedded)

Uptime: 5.333 days (since Tue Dec 23 16:13:36 2008)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=196 (Good luck!)

IP ID Sequence Generation: All zeros

 

Host 192.168.0.155 appears to be up ... good.

Interesting ports on 192.168.0.155:

Not shown: 1711 closed ports

PORT    STATE SERVICE

135/tcp open  msrpc

139/tcp open  netbios-ssn

445/tcp open  microsoft-ds

912/tcp open  unknown

MAC Address: 00:21:00:22:2A:50 (GemTek Technology Co.)

No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=4.68%D=12/29%OT=135%CT=1%CU=36904%PV=Y%DS=1%G=Y%M=002100%TM=49579

OS:77E%P=i386-redhat-linux-gnu)SEQ(SP=109%GCD=1%ISR=10A%TI=I%II=I%SS=S%TS=U

OS:)OPS(O1=M5B4NW0NNS%O2=M5B4NW0NNS%O3=M5B4NW0%O4=M5B4NW0NNS%O5=M5B4NW0NNS%

OS:O6=M5B4NNS)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%D

OS:F=Y%T=80%W=FFFF%O=M5B4NW0NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0

OS:%Q=)T2(R=Y%DF=N%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=FFFF

OS:%S=O%A=S+%F=AS%O=M5B4NW0NNS%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=FFFF%S=O%A=O%F=A%

OS:O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=FFFF%S=O%A=O%F=AS%O=M5B4NW0NNS%RD=0%Q=)T4(

OS:R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F

OS:=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T

OS:=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%TOS=0%IPL=B0%UN=0%RIPL

OS:=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)IE(R=Y%DFI=S%T=80%TOSI=Z%CD=Z%SI=S%D

OS:LI=S)

 

 

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=265 (Good luck!)

IP ID Sequence Generation: Incremental

 

Host 192.168.0.158 appears to be up ... good.

Interesting ports on 192.168.0.158:

Not shown: 1711 closed ports

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-term-serv

MAC Address: 00:1A:92:93:B7:B6 (Asustek Computer)

Device type: general purpose

Running: Microsoft Windows XP

OS details: Microsoft Windows 2000 SP4, or Windows XP SP2 or SP3

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=257 (Good luck!)

IP ID Sequence Generation: Incremental

 

Host 192.168.0.159 appears to be up ... good.

Interesting ports on 192.168.0.159:

Not shown: 1712 closed ports

PORT   STATE SERVICE

23/tcp open  telnet

79/tcp open  finger

80/tcp open  http

MAC Address: 00:01:96:55:5B:00 (Cisco Systems)

Device type: switch

Running: Cisco IOS 12.X

OS details: Cisco Catalyst C2900- or C3500XL-series switch (IOS 12.0)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=262 (Good luck!)

IP ID Sequence Generation: All zeros

 

Initiating Parallel DNS resolution of 1 host. at 00:13

Completed Parallel DNS resolution of 1 host. at 00:13, 0.00s elapsed

Initiating Connect Scan at 00:13

Scanning 5 hosts [1715 ports/host]

Discovered open port 3389/tcp on 192.168.0.215

Discovered open port 21/tcp on 192.168.0.165

Discovered open port 21/tcp on 192.168.0.211

Discovered open port 22/tcp on 192.168.0.211

Discovered open port 23/tcp on 192.168.0.211

Discovered open port 53/tcp on 192.168.0.211

Discovered open port 111/tcp on 192.168.0.211

Discovered open port 631/tcp on 192.168.0.165

Discovered open port 1025/tcp on 192.168.0.215

Discovered open port 912/tcp on 192.168.0.215

Discovered open port 902/tcp on 192.168.0.215

Discovered open port 445/tcp on 192.168.0.215

Discovered open port 445/tcp on 192.168.0.229

Discovered open port 139/tcp on 192.168.0.215

Discovered open port 139/tcp on 192.168.0.229

Discovered open port 135/tcp on 192.168.0.215

Completed Connect Scan against 192.168.0.165 in 3.02s (4 hosts left)

Completed Connect Scan against 192.168.0.166 in 3.03s (3 hosts left)

Completed Connect Scan against 192.168.0.215 in 3.04s (2 hosts left)

Completed Connect Scan against 192.168.0.229 in 3.04s (1 host left)

Completed Connect Scan at 00:13, 3.04s elapsed (8575 total ports)

Initiating OS detection (try #1) against 5 hosts

Retrying OS detection (try #2) against 192.168.0.166

Host 192.168.0.165 appears to be up ... good.

Interesting ports on 192.168.0.165:

Not shown: 1713 closed ports

PORT    STATE SERVICE

21/tcp  open  ftp

631/tcp open  ipp

MAC Address: 00:13:20:C9:92:B2 (Intel Corporate)

Device type: general purpose

Running: Linux 2.6.X

OS details: Linux 2.6.22 - 2.6.23

Uptime: 9.099 days (since Fri Dec 19 21:50:30 2008)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=206 (Good luck!)

IP ID Sequence Generation: All zeros

 

Host 192.168.0.166 appears to be up ... good.

All 1715 scanned ports on 192.168.0.166 are closed

MAC Address: 00:0F:EA:0E:80:A4 (Giga-Byte Technology Co.)

Too many fingerprints match this host to give specific OS details

Network Distance: 1 hop

 

Host 192.168.0.211 appears to be up ... good.

Interesting ports on 192.168.0.211:

Not shown: 1710 closed ports

PORT    STATE SERVICE

21/tcp  open  ftp

22/tcp  open  ssh

23/tcp  open  telnet

53/tcp  open  domain

111/tcp open  rpcbind

MAC Address: 00:02:B3:15:78:F7 (Intel)

이하생략

 

위의 예에서 지정한 192.168.0.0/24 라는 의미는 192.168.0.0네트워크에 존재하는 모든 호스트를 지정한 것과 같습니다.

 

 

 

 

 

이외에도 nmap으로 스캔 하는 다양한 방법들이 있습니다.

 

 

 

 특히 nmap man페이지를 확인해 보시면 그 방대한 man페이지 설명분량에 아마도 놀라실 것입니다.

 

 

 

 길을 알려드리는 것이 필자의 의무이고 그 길을 가면서 겪게 될 수많은 노하우들은 여러분들의 것입니다.

 

 

 

 이상으로 nmap의 사용법을 마무리하도록 하겠습니다.

 

 

 

 앞에서도 여러 번 당부 드린 것이지만 어떤 명령어든, 어떤 유틸리티든 그 사용법보다는 사용결과로 알 수 있는 내용을 정확하게 파악하고 이해하고 활용하는 것이 중요하다는 것을 거듭 강조 드립니다.

 

 

 

 nmap또한 그 사용법보다는 사용목적과 사용결과의 정확한 해석과 활용이 무엇보다 더욱 중요합니다.

 

 

 

 

 
"무단배포금지: 클라우드포털(www.linux.co.kr)의 모든 강좌는 저작권에 의해 보호되는 콘텐츠입니다. 무단으로 복제하여 배포하는 행위는 금지되어 있습니다."

관련자료

댓글 0
등록된 댓글이 없습니다.
목록

공지사항

뉴스광장

  • 현재 회원수 :  60,286 명
  • 현재 강좌수 :  36,938 개
  • 현재 접속자 :  404 명