Answers:
nmap版本低于5.30BETA1:
nmap -sP 192.168.1.*
较新的nmap版本:
nmap -sn 192.168.1.*
这为我提供了主机名以及IP地址,并且仅ping主机以发现它们。如果您将其运行为,这只会给您主机名root。
编辑:自Nmap 5.30BETA1 [2010-03-29] -sP起,已被替换-sn为执行ping扫描的首选方法,同时跳过了端口扫描,就像注释指示的那样:
以前,建议使用-PN和-sP选项。这为禁用扫描阶段的某些选项建立了更常规的语法:
- -n没有反向DNS
- -Pn没有主机发现
- -sn没有端口扫描
root并且IP来自本地网络(服务器是子网的成员),则将发送ARP请求。因此,它会检测到任何活着的机器,因为没有人真正块ARP报文。哦,有了新nmap版本-sn(虽然-sP也可以使用)。
nmap -sP 192.168.1.0/24
请注意,名称解析仅与反向DNS填充一样好。还要注意,这不会为您的系统提供针对ping的防火墙(实际上,每个Windows工作站都是默认设置)。
如果您在系统本地(即在同一子网中),则可以执行以下操作
for i in `seq 1 254` ; do arping -c 1 192.168.1.$i | grep reply ; done
...但是当我将循环包装起来时,有时会发生奇怪的事情。另外,您必须自己进行查找,例如
dig +short -x $IP
NMAP将返回相关IP地址的“反向查找”,它无法返回正向查找地址。或在Web服务器进行基于名称的虚拟主机的情况下解决。Nmap不是用于此的工具。
nmap -sP 192.168.0.0/24将输出如下内容:
> nmap -sP 192.168.0.0/24
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2010-06-22 22:27 CEST
Host 192.168.0.0 appears to be up.
Host 192.168.0.1 appears to be up.
Host abcd.domain.tld (192.168.0.2) appears to be up.
Host def.domain.tld (192.168.0.3) appears to be up.
Host fdsf.domain.tld (192.168.0.4) appears to be up.
Host reht.domain.tld (192.168.0.5) appears to be up.
Host vcxbfd.domain.tld (192.168.0.6) appears to be up.
Host ezqs.domain.tld (192.168.0.7) appears to be up.
Host 192.168.0.8 appears to be up.
Host ilolio.domain.tld (192.168.0.9) appears to be up.
Host ipbd.domain.tld (192.168.0.10) appears to be up.
Host cdekf.domain.tld (192.168.0.11) appears to be up.
Host 192.168.0.12 appears to be up.
Host 192.168.0.13 appears to be up.
Host 192.168.0.14 appears to be up.
Host 192.168.0.15 appears to be up.
Host ainv.domain.tld (192.168.0.16) appears to be up.
Host 192.168.0.17 appears to be up.
Host 192.168.0.18 appears to be up.
Host wzdkz.domain.tld (192.168.0.19) appears to be up.
[…]
Nmap finished: 256 IP addresses (256 hosts up) scanned in 7.491 seconds
dhcp-186-241.abc.dk dhcp-186-250.abc.dk .... 例如,当我hostname在ubuntu终端上发布时,我得到了:infestor-pc但是nmap将我的主机名显示为dhcp-186-250.abc.dk。有没有办法看到“友好的”主机名?
我认为您应该运行以下命令:
sudo nmap -sU --script nbstat.nse -p137 10.10.10.*