我正在尝试使用 nmap 查找网络上的实时主机:
nmap -sP 192.168.3.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2012-04-10 10:28 EEST
Nmap scan report for km-localhost (192.168.3.1)
Host is up.
Nmap scan report for km-localhost (192.168.3.6)
Host is up (0.00067s latency).
MAC Address: 00:26:18:B8:4E:B8 (Asustek Computer)
Nmap scan report for 192.168.3.7
Host is up (0.00016s latency).
MAC Address: 00:0E:2E:2B:E7:BD (Edimax Technology Co.)
Nmap scan report for km-localhost (192.168.3.11)
Host is up (-0.10s latency).
MAC Address: 6C:F0:49:74:3A:A2 (Giga-byte Technology Co.)
Nmap scan report for 192.168.3.15
Host is up (0.00057s latency).
MAC Address: 00:1F:C6:CF:76:48 (Asustek Computer)
Nmap scan report for km-localhost (192.168.3.22)
Host is up (0.0030s latency).
MAC Address: 00:12:17:6B:0C:DF (Cisco-Linksys)
Nmap scan report for 192.168.3.24
Host is up (-0.10s latency).
MAC Address: 00:02:B3:65:2D:1B (Intel)
Nmap scan report for km-localhost (192.168.3.25)
Host is up (0.00014s latency).
MAC Address: 00:C0:26:A7:6B:0F (Lans Technology CO.)
Nmap done: 256 IP addresses (8 hosts up) scanned in 4.08 seconds
因此 nmap 发现了 8 个主机。现在,当我尝试使用 IP 列表而不是 cidr 时,问题就出现了。
nmap -sP 192.168.3.1 192.168.3.6 192.168.3.7 192.168.3.11 192.168.3.15 192.168.3.22 192.168.3.24 192.168.3.25
Starting Nmap 5.21 ( http://nmap.org ) at 2012-04-10 10:33 EEST
Nmap scan report for km-localhost (192.168.3.1)
Host is up.
Nmap scan report for km-localhost (192.168.3.15)
Host is up (-0.10s latency).
MAC Address: 00:1F:C6:CF:76:48 (Asustek Computer)
Nmap done: 8 IP addresses (2 hosts up) scanned in 0.24 seconds
这里我提供了所有活动的 IP 地址列表,如您在上一个命令中看到的,但 8 个主机中只有 2 个显示为活动状态。有人能解释 nmap 的这种行为并告诉解决方法吗?
我想在 shell 脚本中使用 nmap 来快速确定活动主机。以前我使用“fping -a”命令,但 nmap 似乎更擅长发现防火墙后面的主机,所以我想切换到它,而不必对脚本进行太多修改。任何帮助都将不胜感激。
答案1
您可能遇到了某种速率限制,导致探测丢失。根据延迟,我几乎猜到您正在扫描虚拟网络,过去我遇到过 Oracle VirtualBox 无法跟上高数据包速率的问题。尝试使用该参数减慢扫描速度。-T2
如果您还没有这样做,我建议的另一件事是以 root 身份运行扫描(假设您正在从 Linux 进行扫描)。如果您没有权限,则无法发送许多有用的探测(ICMP ping、半开 SYN 和用于主机发现的未经请求的 ACK)。
最后,我想补充一点,你应该尽可能使用最新版本的 Nmap。5.51 版是最新稳定版本,可以下载这里