http://www.daw-labs.

com/diez-formas-interesantes-de-usar-nmap/
http://www.subinet.es/software/entender-los-comandos-de-nmap-tutorial-en-profund
idad-con-ejemplos/
http://www.seguridaddigital.info/index.php?option=com_content&task=view&id=52&It
emid=26
http://anonsvn.wireshark.org/wireshark/trunk/manuf (Lista MAC)
================================================================
ESCANEO NORMAL
================================================================
Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-26 11:13 Hora est. Pacfico, Sud
amricaNmap scan report for 192.168.24.40Host is up (0.0060s latency).Not shown: 9
97 closed portsPORT
STATE SERVICE80/tcp open http443/tcp open https4000
/tcp open remoteanythingMAC Address: 00:13:E2:01:D8:48 (GeoVision)
================================================================
ESCANEO RAPIDO
================================================================
Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-26 11:14 Hora est. Pacfico, Sud
amricaNmap scan report for 192.168.24.40Host is up (0.0059s latency).Not shown: 9
8 closed portsPORT
STATE SERVICE80/tcp open http443/tcp open httpsMAC Addr
ess: 00:13:E2:01:D8:48 (GeoVision)
Ver si el puerto del VNC esta abierto
=======================================
nmap -p 5900 -v 192.168.4.1-255
=======================================

Escanea con SYNs detectando el sistema

operativo destino en diferentes hosts
[Procesos de larga ejecucion]
=======================================
nmap -sS -O -v 192.168.4.0/24
nmap -sS -P0 -sV -O 192.168.4.0/24
=======================================
Muestra una salida detalllada de lo
que ocurre, mas acortado es usar la
opcion sola: -v (verbose)
=======================================
--packet-trace
nmap -v 192.168.15.12
--------------------------------------Scanning 192.168.15.12 [1000 ports]Discovered open port 80/tcp on 192.168.15.12D
iscovered open port 9100/tcp on 192.168.15.12Discovered open port 515/tcp on 192
.168.15.12Completed SYN Stealth Scan at 11:42, 4.49s elapsed (1000 total ports)N
map scan report for 192.168.15.12Host is up (0.010s latency).Not shown: 996 filt
ered portsPORT
STATE SERVICE80/tcp open http113/tcp closed auth515/tcp
open printer9100/tcp open jetdirect

Se pueden escanear varias IP en una lista

=======================================
nmap -Pn 192.168.24.1-255 192.168.4.45
================================================================
nmap -PR 192.168.24.40
|
ARP Ping
================================================================
Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-26 11:17 Hora est. Pacfico, Sud
amricaNmap scan report for 192.168.24.40Host is up (0.0060s latency).Not shown: 9
97 closed portsPORT
STATE SERVICE80/tcp open http443/tcp open https4000
/tcp open remoteanythingMAC Address: 00:13:E2:01:D8:48 (GeoVision)
Nmap done: 1 IP address (1 host up) scanned in 6.11 seconds
================================================================
-sT anlisis TCP CONNECT
|
Puertos abiertos
================================================================
Not shown: 990 filtered ports
PORT
STATE SERVICE
25/tcp open smtp
110/tcp open pop3
119/tcp open nntp
143/tcp open imap
465/tcp open smtps
563/tcp open snews
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
5900/tcp open vnc
================================================================
nmap -T4 -F 192.168.4.45
|
Fast: solo 100 puertos
================================================================
Not shown: 96 filtered ports
PORT
STATE SERVICE
113/tcp closed auth
3389/tcp closed ms-term-serv
5900/tcp open vnc
9100/tcp closed jetdirect
Not shown: 90 filtered portsPORT
STATE SERVICE21/tcp open ftp80/tcp o
pen http113/tcp closed auth119/tcp open nntp143/tcp open imap443/tcp o
pen https990/tcp open ftps993/tcp open imaps5190/tcp open aol8008/tcp
open http
================================================================
nmap -T4 -F -Pn 192.168.48.150 |
-Pn
NoPing
================================================================
Escaneo sin hacer ping al destino
---------------------------------------------------------------Not shown: 99 filtered portsPORT
STATE SERVICE113/tcp closed auth
================================================================
nmap -sn 192.168.33.*
|
-sP
SimplePing 1
================================================================
Detectar IP s activas en una red
---------------------------------------------------------------Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-26 10:51 Hora est. Pacfico, Sud
amricaNmap scan report for 192.168.33.1Host is up (0.0080s latency).Nmap scan rep
ort for 192.168.33.2Host is up (0.013s latency).Nmap scan report for 192.168.33.
5Host is up (0.021s latency).Nmap scan report for 192.168.33.10Host is up (0.019

s latency).Nmap scan report for 192.168.33.12Host is up (0.020s latency).Nmap sc

an report for 192.168.33.15Host is up (0.023s latency).Nmap scan report for 192.
168.33.46Host is up (0.0080s latency).Nmap scan report for 192.168.33.50Host is
up (0.018s latency).Nmap scan report for 192.168.33.60Host is up (0.014s latency
).Nmap done: 256 IP addresses (9 hosts up) scanned in 40.68 seconds [Mas veloz
]
================================================================
nmap -sP 192.168.48.0/24
|
-sP
SimplePing 2
================================================================
Descubrimientos de Host en una red
---------------------------------------------------------------Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-26 10:55 Hora est. Pacfico, Sud
amricaNmap scan report for 192.168.33.1Host is up (0.0080s latency).Nmap scan rep
ort for 192.168.33.2Host is up (0.0078s latency).Nmap scan report for 192.168.33
.5Host is up (0.010s latency).Nmap scan report for 192.168.33.10Host is up (0.01
6s latency).Nmap scan report for 192.168.33.12Host is up (0.019s latency).Nmap s
can report for 192.168.33.15Host is up (0.014s latency).Nmap scan report for 192
.168.33.46Host is up (0.0080s latency).Nmap scan report for 192.168.33.50Host is
up (0.0080s latency).Nmap scan report for 192.168.33.60Host is up (0.013s laten
cy).Nmap done: 256 IP addresses (9 hosts up) scanned in 73.95 seconds [Mas len
to]
================================================================
nmap-sV 192.168.24.45
|
-sV
Service version
================================================================
podemos buscar la versin de los servicios que estn corriendo
---------------------------------------------------------------Nmap scan report for 192.168.24.45Host is up (0.00040s latency).Not shown: 995 f
iltered portsPORT
STATE SERVICE139/tcp open netbios-ssn445/tcp open m
icrosoft-ds2869/tcp closed icslap3389/tcp open ms-term-serv5900/tcp open vnc
MAC Address: 00:16:76:3C:FD:55 (Intel)
Nmap scan report for 192.168.24.1Host is up (0.00045s latency).Not shown: 995 fi
ltered portsPORT
STATE SERVICE22/tcp open ssh80/tcp open http113/tc
p closed auth443/tcp open https1723/tcp open pptpMAC Address: 00:09:0F:A3:
35:2C (Fortinet)
----> [FIREWALL]
================================================================
nmap -sL 192.168.24.1-120
|
List Scan
================================================================
opcin que permite listar y resolver Ips sin escanear
---------------------------------------------------------------Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-26 11:52 Hora est. Pacfico, Sud
amricaNmap scan report for 192.168.24.1Nmap scan report for 192.168.24.2Nmap scan
report for coreserver.masmedan.local (192.168.24.3)Nmap scan report for bkserve
r.masmedan.local (192.168.24.4)Nmap scan report for 192.168.24.5Nmap scan report
for 192.168.24.6Nmap scan report for 192.168.24.7Nmap scan report for 192.168.2
4.8Nmap scan report for 192.168.24.9Nmap scan report for 192.168.24.10Nmap scan
report for 192.168.24.11Nmap scan report for 192.168.24.12Nmap scan report for 1
92.168.24.13Nmap scan report for 192.168.24.14Nmap scan report for 192.168.24.15
Nmap scan report for 192.168.24.16Nmap scan report for 192.168.24.17Nmap scan re
port for 192.168.24.18Nmap scan report for monitor_center.masmedan.local (192.16
8.24.19)
================================================================
nmap -p * 192.168.24.88
|
Revisa TODOS los puertos
================================================================
nmap -p T:* 192.168.24.88
|
Revisa SOLO los TCP

================================================================
nmap -p vnc 192.168.24.88
|
Revisa el puerto VNC
================================================================
nmap -p 5900 192.168.24.88
|
Revisa uno en particular
================================================================
nmap -p 21,22 192.168.24.88
|
Ve una lista de puertos
================================================================

===========================================================================
nmap -p 23,80 -O -v -n 192.168.24.*
|
Telefonos Grandstream
===========================================================================

===========================================================================
nmap -T4 -A -v -n 192.168.34.*
|
SUPERCOMANDO
===========================================================================

Es posible llevar a cabo una prueba an ms detallada, que mostrar puertos abiertos,
versiones de servicios, versin del sistema operativo, etc, con la siguiente lnea d
e comando:
nmap -A --osscan-guess 127.0.0.1
-A > Deteccin de sistema operativo, versiones de servicios...
--osscan-guess > Deteccin de sistema operativo ms "agresiva".
================================================================
================================================================
================================================================
================================================================
================================================================
================================================================
================================================================
================================================================
================================================================
================================================================
================================================================
================================================================
================================================================
================================================================