# 1.网络端口扫描实验

• metasploitable(meta)作为靶机
• kali扫描靶机的网络端口

Kali的网络设置：

meta的网络设置：

## 1.2 扫描靶机网络端口

Kali使用Nmap扫描靶机网络端口，一些常用的选项：

-sS (TCP SYN scan)

SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes TCP connections.
This technique is often referred to as half-open scanning, because you don’t open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and then wait for a response. A SYN/ACK indicates the port is listening (open), while a RST (reset) is indicative of a non-listener. If no response is received after several retransmissions, the port is marked as filtered.

-sV (Version detection)

Enables version detection, as discussed above. Alternatively, you can use -A, which enables version detection among other things.

-p port ranges (Only scan specified ports)

So you can specify -p- to scan ports from 1 through 65535.

Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-10 21:20 EDT
Nmap scan report for 192.168.229.129
Host is up (0.0046s latency).
Not shown: 1012 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec