使用 netcat [nc] 命令对 Linux 和 Unix 进行端口扫描

我如何在自己的服务器上找出哪些端口是开放的?如何使用 nc 命令进行端口扫描来替换 Linux 或类 Unix 中的 nmap 命令?

nmap (“Network Mapper”)是一个用于网络探测和安全审核的开源工具。如果 nmap 没有安装或者你不希望使用 nmap,那你可以用 netcat/nc 命令进行端口扫描。它对于查看目标计算机上哪些端口是开放的或者运行着服务是非常有用的。你也可以使用 nmap 命令进行端口扫描 。

使用 netcat [nc] 命令对 Linux 和 Unix 进行端口扫描

 

如何使用 nc 来扫描 Linux,UNIX 和 Windows 服务器的端口呢?

如果未安装 nmap,试试 nc/netcat 命令,如下所示。-z 参数用来告诉 nc 报告开放的端口,而不是启动连接。在 nc 命令中使用 -z 参数时,你需要在主机名/ip 后面限定端口的范围和加速其运行:

  1. <span class="com">### 语法 ###</span>
  2. <span class="com">### nc -z -v {host-name-here} {port-range-here}</span>
  3. <span class="pln">nc </span><span class="pun">-</span><span class="pln">z </span><span class="pun">-</span><span class="pln">v host</span><span class="pun">-</span><span class="pln">name</span><span class="pun">-</span><span class="pln">here </span><span class="kwd">ssh</span>
  4. <span class="pln">nc </span><span class="pun">-</span><span class="pln">z </span><span class="pun">-</span><span class="pln">v host</span><span class="pun">-</span><span class="pln">name</span><span class="pun">-</span><span class="pln">here </span><span class="lit">22</span>
  5. <span class="pln">nc </span><span class="pun">-</span><span class="kwd">w</span><span class="lit">1</span><span class="pun">-</span><span class="pln">z </span><span class="pun">-</span><span class="pln">v server</span><span class="pun">-</span><span class="pln">name</span><span class="pun">-</span><span class="pln">here port</span><span class="pun">-</span><span class="typ">Number</span><span class="pun">-</span><span class="pln">her</span>
  6. <span class="com">### 扫描 1 to 1023 端口 ###</span>
  7. <span class="pln">nc </span><span class="pun">-</span><span class="pln">zv vip</span><span class="pun">-</span><span class="lit">1.vsnl</span><span class="pun">.</span><span class="pln">nixcraft</span><span class="pun">.</span><span class="kwd">in</span><span class="lit">1</span><span class="pun">-</span><span class="lit">1023</span>

输出示例:

  1. <span class="typ">Connection</span><span class="pln"> to localhost </span><span class="lit">25</span><span class="pln"> port </span><span class="pun">[</span><span class="pln">tcp</span><span class="pun">/</span><span class="pln">smtp</span><span class="pun">]</span><span class="pln"> succeeded</span><span class="pun">!</span>
  2. <span class="typ">Connection</span><span class="pln"> to vip</span><span class="pun">-</span><span class="lit">1.vsnl</span><span class="pun">.</span><span class="pln">nixcraft</span><span class="pun">.</span><span class="kwd">in</span><span class="lit">25</span><span class="pln"> port </span><span class="pun">[</span><span class="pln">tcp</span><span class="pun">/</span><span class="pln">smtp</span><span class="pun">]</span><span class="pln"> succeeded</span><span class="pun">!</span>
  3. <span class="typ">Connection</span><span class="pln"> to vip</span><span class="pun">-</span><span class="lit">1.vsnl</span><span class="pun">.</span><span class="pln">nixcraft</span><span class="pun">.</span><span class="kwd">in</span><span class="lit">80</span><span class="pln"> port </span><span class="pun">[</span><span class="pln">tcp</span><span class="pun">/</span><span class="pln">http</span><span class="pun">]</span><span class="pln"> succeeded</span><span class="pun">!</span>
  4. <span class="typ">Connection</span><span class="pln"> to vip</span><span class="pun">-</span><span class="lit">1.vsnl</span><span class="pun">.</span><span class="pln">nixcraft</span><span class="pun">.</span><span class="kwd">in</span><span class="lit">143</span><span class="pln"> port </span><span class="pun">[</span><span class="pln">tcp</span><span class="pun">/</span><span class="pln">imap</span><span class="pun">]</span><span class="pln"> succeeded</span><span class="pun">!</span>
  5. <span class="typ">Connection</span><span class="pln"> to vip</span><span class="pun">-</span><span class="lit">1.vsnl</span><span class="pun">.</span><span class="pln">nixcraft</span><span class="pun">.</span><span class="kwd">in</span><span class="lit">199</span><span class="pln"> port </span><span class="pun">[</span><span class="pln">tcp</span><span class="pun">/</span><span class="pln">smux</span><span class="pun">]</span><span class="pln"> succeeded</span><span class="pun">!</span>
  6. <span class="typ">Connection</span><span class="pln"> to vip</span><span class="pun">-</span><span class="lit">1.vsnl</span><span class="pun">.</span><span class="pln">nixcraft</span><span class="pun">.</span><span class="kwd">in</span><span class="lit">783</span><span class="pln"> port </span><span class="pun">[</span><span class="pln">tcp</span><span class="com">/*] succeeded!</span>
  7. <span class="com">Connection to vip-1.vsnl.nixcraft.in 904 port [tcp/vmware-authd] succeeded!</span>
  8. <span class="com">Connection to vip-1.vsnl.nixcraft.in 993 port [tcp/imaps] succeeded!</span>

你也可以扫描单个端口:

  1. <span class="pln">nc </span><span class="pun">-</span><span class="pln">zv v</span><span class="pun">.</span><span class="pln">txvip1 </span><span class="lit">443</span>
  2. <span class="pln">nc </span><span class="pun">-</span><span class="pln">zv v</span><span class="pun">.</span><span class="pln">txvip1 </span><span class="lit">80</span>
  3. <span class="pln">nc </span><span class="pun">-</span><span class="pln">zv v</span><span class="pun">.</span><span class="pln">txvip1 </span><span class="lit">22</span>
  4. <span class="pln">nc </span><span class="pun">-</span><span class="pln">zv v</span><span class="pun">.</span><span class="pln">txvip1 </span><span class="lit">21</span>
  5. <span class="pln">nc </span><span class="pun">-</span><span class="pln">zv v</span><span class="pun">.</span><span class="pln">txvip1 smtp</span>
  6. <span class="pln">nc </span><span class="pun">-</span><span class="pln">zvn v</span><span class="pun">.</span><span class="pln">txvip1 ftp</span>
  7. <span class="com">### 使用1秒的超时值来更快的扫描 ###</span>
  8. <span class="pln">netcat </span><span class="pun">-</span><span class="pln">v </span><span class="pun">-</span><span class="pln">z </span><span class="pun">-</span><span class="pln">n </span><span class="pun">-</span><span class="kwd">w</span><span class="lit">1</span><span class="pln"> v</span><span class="pun">.</span><span class="pln">txvip1 </span><span class="lit">1</span><span class="pun">-</span><span class="lit">1023</span>

输出示例:

使用 netcat [nc] 命令对 Linux 和 Unix 进行端口扫描

图01:Linux/Unix:使用 Netcat 来测试 TCP 和 UDP 与服务器建立连接

  1. -z : 端口扫描模式即零 I/O 模式。
  2. -v : 显示详细信息 [使用 -vv 来输出更详细的信息]。
  3. -n : 使用纯数字 IP 地址,即不用 DNS 来解析 IP 地址。
  4. -w 1 : 设置超时值设置为1。

更多例子:

  1. <span class="pln">$ netcat </span><span class="pun">-</span><span class="pln">z </span><span class="pun">-</span><span class="pln">vv www</span><span class="pun">.</span><span class="pln">cyberciti</span><span class="pun">.</span><span class="pln">biz http</span>
  2. <span class="pln">www</span><span class="pun">.</span><span class="pln">cyberciti</span><span class="pun">.</span><span class="pln">biz </span><span class="pun">[</span><span class="lit">75.126</span><span class="pun">.</span><span class="lit">153.206</span><span class="pun">]</span><span class="lit">80</span><span class="pun">(</span><span class="pln">http</span><span class="pun">)</span><span class="pln"> open</span>
  3. <span class="pln">sent </span><span class="lit">0</span><span class="pun">,</span><span class="pln"> rcvd </span><span class="lit">0</span>
  4. <span class="pln">$ netcat </span><span class="pun">-</span><span class="pln">z </span><span class="pun">-</span><span class="pln">vv google</span><span class="pun">.</span><span class="pln">com https</span>
  5. <span class="pln">DNS fwd</span><span class="pun">/</span><span class="pln">rev mismatch</span><span class="pun">:</span><span class="pln"> google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">!=</span><span class="pln"> maa03s16</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">f2</span><span class="pun">.</span><span class="lit">1e100</span><span class="pun">.</span><span class="pln">net</span>
  6. <span class="pln">DNS fwd</span><span class="pun">/</span><span class="pln">rev mismatch</span><span class="pun">:</span><span class="pln"> google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">!=</span><span class="pln"> maa03s16</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">f6</span><span class="pun">.</span><span class="lit">1e100</span><span class="pun">.</span><span class="pln">net</span>
  7. <span class="pln">DNS fwd</span><span class="pun">/</span><span class="pln">rev mismatch</span><span class="pun">:</span><span class="pln"> google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">!=</span><span class="pln"> maa03s16</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">f5</span><span class="pun">.</span><span class="lit">1e100</span><span class="pun">.</span><span class="pln">net</span>
  8. <span class="pln">DNS fwd</span><span class="pun">/</span><span class="pln">rev mismatch</span><span class="pun">:</span><span class="pln"> google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">!=</span><span class="pln"> maa03s16</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">f3</span><span class="pun">.</span><span class="lit">1e100</span><span class="pun">.</span><span class="pln">net</span>
  9. <span class="pln">DNS fwd</span><span class="pun">/</span><span class="pln">rev mismatch</span><span class="pun">:</span><span class="pln"> google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">!=</span><span class="pln"> maa03s16</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">f8</span><span class="pun">.</span><span class="lit">1e100</span><span class="pun">.</span><span class="pln">net</span>
  10. <span class="pln">DNS fwd</span><span class="pun">/</span><span class="pln">rev mismatch</span><span class="pun">:</span><span class="pln"> google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">!=</span><span class="pln"> maa03s16</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">f0</span><span class="pun">.</span><span class="lit">1e100</span><span class="pun">.</span><span class="pln">net</span>
  11. <span class="pln">DNS fwd</span><span class="pun">/</span><span class="pln">rev mismatch</span><span class="pun">:</span><span class="pln"> google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">!=</span><span class="pln"> maa03s16</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">f7</span><span class="pun">.</span><span class="lit">1e100</span><span class="pun">.</span><span class="pln">net</span>
  12. <span class="pln">DNS fwd</span><span class="pun">/</span><span class="pln">rev mismatch</span><span class="pun">:</span><span class="pln"> google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">!=</span><span class="pln"> maa03s16</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">f4</span><span class="pun">.</span><span class="lit">1e100</span><span class="pun">.</span><span class="pln">net</span>
  13. <span class="pln">google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">[</span><span class="lit">74.125</span><span class="pun">.</span><span class="lit">236.162</span><span class="pun">]</span><span class="lit">443</span><span class="pun">(</span><span class="pln">https</span><span class="pun">)</span><span class="pln"> open</span>
  14. <span class="pln">sent </span><span class="lit">0</span><span class="pun">,</span><span class="pln"> rcvd </span><span class="lit">0</span>
  15. <span class="pln">$ netcat </span><span class="pun">-</span><span class="pln">v </span><span class="pun">-</span><span class="pln">z </span><span class="pun">-</span><span class="pln">n </span><span class="pun">-</span><span class="kwd">w</span><span class="lit">1</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.254</span><span class="lit">1</span><span class="pun">-</span><span class="lit">1023</span>
  16. <span class="pun">(</span><span class="pln">UNKNOWN</span><span class="pun">)</span><span class="pun">[</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.254</span><span class="pun">]</span><span class="lit">989</span><span class="pun">(</span><span class="pln">ftps</span><span class="pun">-</span><span class="pln">data</span><span class="pun">)</span><span class="pln"> open</span>
  17. <span class="pun">(</span><span class="pln">UNKNOWN</span><span class="pun">)</span><span class="pun">[</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.254</span><span class="pun">]</span><span class="lit">443</span><span class="pun">(</span><span class="pln">https</span><span class="pun">)</span><span class="pln"> open</span>
  18. <span class="pun">(</span><span class="pln">UNKNOWN</span><span class="pun">)</span><span class="pun">[</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.254</span><span class="pun">]</span><span class="lit">53</span><span class="pun">(</span><span class="pln">domain</span><span class="pun">)</span><span class="pln"> open</span>

也可以看看 :

  • 使用 nmap 命令扫描网络中开放的端口。
  • 手册页 - nc(1), nmap(1)

via: http://www.cyberciti.biz/faq/linux-port-scanning/

作者:Vivek Gite 译者:strugglingyouth 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出

相关推荐