1, to detect whether the specified network segment FTP service host, do not do DNS reverse analysis
nmap -sS –n –p 21 192.168.0.0/24
2, to detect whether the specified server has a specific port services
nmap –n –p T:21-25,80,110,3389–sS 192.168.0.1
3, the use of TCP connection scan to detect the specified server, even if it can not ping ? still continue to detect
4, nmap -sT –PO 192.168.0.1
5, detect the specified server operating system type
nmap –O –n 192.168.0.1
6, the detection of local area network in which the mainframe to open the service
nmap –sS 192.168.0.0/24
7, detection 192.168.0.0 and 172.16.0.0/16 network which are running in the host
nmap –sP –n 192.168.0.0/24 172.16.0.0/16
8, fast scan host open port
Nmap -F 192.168.0.1
1, intercepted eth0 card 10 times to send and receive all the data packets and packet capture results will be saved to the test file, and then read test packet results file
Tcpdump -i eth0 -c 10 -w test
Tcpdump -r test
2, intercepted to access all the packets at port 80 (port range specified port port 1-1024)
Tcpdump port 80
3, intercept all from the host 192.168.1.100 access to all data packets
Tcpdump host 192.168.1.100
4, intercepted ip packet source address is 192.168.1.100 (the purpose is dst)
Tcpdump src 192.168.1.100
5, intercept host 192.168.1.100 and host 192.168.1.102 communication
Tcpdump host 192.168.1.100 and 192.168.1.102
6, intercepted tcp protocol and the source address 192.168.1.100 to access the port 80
Tcpdump tcp and src 192.168.1.100 and port 80
7, intercept host 192.168.1.100 addition and 192.168.1.102 addition to all ip packets
Tcpdump ip host 192.168.1.100 and! 192.168.1.102
8, intercept length greater than 1000 packets, for DDOS attacks, you can use
Tcpdump -i eth0 greater 1000
Recent Comments