Zenmap: Unterschied zwischen den Versionen

Aus Foxwiki
K Textersetzung - „Man-Pages“ durch „Man-Page“
 
(18 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 2: Zeile 2:
'''zenmap''' - Grafisache Oberfläche für [[nmap]]
'''zenmap''' - Grafisache Oberfläche für [[nmap]]


== Beschreibung ==
== Installation ==
== Installation ==
; RPM-Paket in Debian installieren
; RPM-Paket in Debian installieren
Zeile 34: Zeile 35:
* Zu den Informationen gehören Rechnernamen, das Betriebssystem, die geöffneten und geschlossenen Ports, den Zeitpunkt des Rechnerstarts und viele weitere Informationen.
* Zu den Informationen gehören Rechnernamen, das Betriebssystem, die geöffneten und geschlossenen Ports, den Zeitpunkt des Rechnerstarts und viele weitere Informationen.


=== Scanergebnisse vergleichen ===
==== “Topology” Tab ====
; Scanergebnisse lassen sich über den Menüpunkt Scan\Scan als Datei speichern
Zenmap's “Topology” tab provides an interactive, animated visualization of the connections between hosts on a network. Hosts are shown as nodes on a graph that extends radially from the center. Click and drag to pan the display, and use the controls provided to zoom in and out. Click on a host and it becomes the new center. The graph rearranges itself in a smooth animation to reflect the new view of the network. Run a new scan and every new host and network path will be added to the topology automatically.
* Mehrere solche Ergebnisse können mit Nmap auch verglichen werden, um Unterschiede zu erkennen.
* Abgespeicherte Scanergebnisse werden mit dem Tool „ndiff“ verglichen.
*  Der Befehl dazu ist ndiff <Datei1> <Datei2>.
*  Ausführlichere Ergebnisse gibt '''Ndiff''' mit der Option „-v“ aus.


; Vergleich mit Zenmap
The topology view is most useful when combined with Nmap's <code>--traceroute</code> option, because that's the option that discovers the network path to a host. You can view a network inventory that doesn't have traceroute information in the topology, but network paths will not be visible. Remember, though, that you can add traceroute information to a network inventory just by running another scan thanks to Zenmap's scan aggregation.
* Dazu wird in Zenmap das Menü '''Werkzeuge\Ergebnisse vergleichen''' verwendet.


<noinclude>
Initially the topology is shown from the point of view of localhost, with you at the center. Click on a host to move it to the center and see what the network looks like from its point of view.


== Anhang ==
The topology view is an adaptation of the RadialNet program by João Paulo S. Medeiros.
=== Siehe auch ===
{{Special:PrefixIndex/{{BASEPAGENAME}}}}
==== Sicherheit ====
==== Dokumentation ====
==== Links ====
===== Projekt =====
===== Weblinks =====


== Surfing the Network Topology ==
==== Legend ====
 
=== “Topology” Tab ===
Zenmap's “Topology” tab provides an interactive,    animated visualization of the connections between hosts on a    network. Hosts are shown as nodes on a graph that extends radially    from the center. Click and drag to pan the display, and use the    controls provided to zoom in and out. Click on a host and it becomes    the new center. The graph rearranges itself in a smooth animation to    reflect the new view of the network. Run a new scan and every new    host and network path will be added to the topology automatically.
 
The topology view is most useful when combined with Nmap's    <code>--traceroute</code>    option, because that's the option that discovers the network path to    a host. You can view a network inventory that doesn't have    traceroute information in the topology, but network paths will not    be visible. Remember, though, that you can add traceroute    information to a network inventory just by running another scan    thanks to Zenmap's scan    aggregation.
 
Initially the topology is shown from the point of view of localhost,    with you at the center. Click on a host to move it to the center and    see what the network looks like from its point of view.
 
The topology view is an adaptation of the    RadialNet    program by João Paulo    S. Medeiros.
 
=== Legend ===
{| class="wikitable"
{| class="wikitable"
| colspan="2" |The topology view uses many symbols and color conventions. This           section explains what they mean.
| colspan="2" |The topology view uses many symbols and color conventions. This section explains what they mean.
|-
|-
|
|
Zeile 80: Zeile 58:
|
|
|}
|}
|Each regular host in the network is represented by a little           circle. The color and size of the circle is determined by           the number of open ports on the host. The more open ports,           the larger the circle. A white circle represents an           intermediate host in a network path that was not port           scanned. If a host has fewer than three open ports, it will           be green; between three and six open ports, yellow; more           than six open ports, red.
|Each regular host in the network is represented by a little circle. The color and size of the circle is determined by the number of open ports on the host. The more open ports, the larger the circle. A white circle represents an intermediate host in a network path that was not port scanned. If a host has fewer than three open ports, it will be green; between three and six open ports, yellow; more than six open ports, red.
|-
|-
|
|
Zeile 90: Zeile 68:
|
|
|}
|}
|If a host is a router, switch, or wireless access point, it           is drawn with a square rather than a circle.
|If a host is a router, switch, or wireless access point, it is drawn with a square rather than a circle.
|-
|-
|
|
|Network distance is shown as concentric gray rings. Each           additional ring signifies one more network hop from the           center host.
|Network distance is shown as concentric gray rings. Each additional ring signifies one more network hop from the center host.
|-
|-
|
|
|Connections between hosts are shown with colored lines.           Primary traceroute connections are shown with blue lines.           Alternate paths (paths between two hosts where a different           path already exists) are drawn in orange. Which path is           primary and which paths are alternates is arbitrary and           controlled by the order in which paths were recorded. The           thickness of a line is proportional to its round-trip time;           hosts with a higher RTT have a thicker line. Hosts with no           traceroute information are clustered around localhost,           connected with a dashed black line.
|Connections between hosts are shown with colored lines. Primary traceroute connections are shown with blue lines. Alternate paths (paths between two hosts where a different path already exists) are drawn in orange. Which path is primary and which paths are alternates is arbitrary and controlled by the order in which paths were recorded. The thickness of a line is proportional to its round-trip time; hosts with a higher RTT have a thicker line. Hosts with no traceroute information are clustered around localhost, connected with a dashed black line.
|-
|-
|
|
|If there is no RTT for a hop (a missing traceroute entry),           the connection is shown with a blue dashed line and the           unknown host that makes the connection is shown with a blue           outline.
|If there is no RTT for a hop (a missing traceroute entry), the connection is shown with a blue dashed line and the unknown host that makes the connection is shown with a blue outline.
|}
|}
{| class="wikitable"
{| class="wikitable"
| colspan="2" |Some special-purpose hosts may carry one or more icons           describing what type of host they are:
| colspan="2" |Some special-purpose hosts may carry one or more icons describing what type of host they are:
|-
|-
|
|
Zeile 120: Zeile 98:
|}
|}


=== Controls ===
==== Controls ====
The controls appear in a column when the   “Controls” button is clicked. The controls are   divided into sections.
The controls appear in a column when the “Controls” button is clicked. The controls are divided into sections.


==== Action controls ====
===== Action controls =====
The controls in the “Action” section control     what happens when you click on a host. The buttons in this section     are, from left to right, “Change focus”,     “Show information”, “Group     children”, and “Fill region”. When     the mode is “Change focus”, clicking on a     host rearranges the display to put the selected host at the     center. When the mode is “Show information”,     clicking on a host brings up a window with information about it.
The controls in the “Action” section control what happens when you click on a host. The buttons in this section are, from left to right, “Change focus”, “Show information”, “Group children”, and “Fill region”. When the mode is “Change focus”, clicking on a host rearranges the display to put the selected host at the center. When the mode is “Show information”, clicking on a host brings up a window with information about it.


When the mode is “Group children”, clicking a     host collapses into it all of its children—those nodes that     are farther from the center. When a host is grouped it appears     thus: .       Clicking on a grouped node ungroups it again. This diagram shows       the process of grouping.
When the mode is “Group children”, clicking a host collapses into it all of its children—those nodes that are farther from the center. When a host is grouped it appears thus: . Clicking on a grouped node ungroups it again. This diagram shows the process of grouping.


Figure 12.7. Grouping a host's children
Figure 12.7. Grouping a host's children


When the mode is “Fill region”, clicking a     host highlights the region of the display occupied by the host and     its children. The highlighted hosts are exactly the same as those     that would be grouped in “Group children”     mode. You can choose different colors to highlight different     regions. This diagram shows an example of several regions     highlighted in different colors.
When the mode is “Fill region”, clicking a host highlights the region of the display occupied by the host and its children. The highlighted hosts are exactly the same as those that would be grouped in “Group children” mode. You can choose different colors to highlight different regions. This diagram shows an example of several regions highlighted in different colors.


Figure 12.8. Highlighting regions of the topology
Figure 12.8. Highlighting regions of the topology


==== Interpolation controls ====
===== Interpolation controls =====
The controls in the “Interpolation” section     control how quickly the animation proceeds when part of the graph     changes.
The controls in the “Interpolation” section control how quickly the animation proceeds when part of the graph changes.


==== Layout controls ====
===== Layout controls =====
There are two options for the automatic layout of nodes. Symmetric     mode gives each subtree of a host an equal-sized slice of the     graph. It shows the network hierarchy well but hosts far from the     center can be squeezed close together. Weighted mode gives hosts     with more children a larger piece of the graph.
There are two options for the automatic layout of nodes. Symmetric mode gives each subtree of a host an equal-sized slice of the graph. It shows the network hierarchy well but hosts far from the center can be squeezed close together. Weighted mode gives hosts with more children a larger piece of the graph.


==== View controls ====
===== View controls =====
The checkboxes in the “View” section enable and     disable parts of the display. For example, disable     “hostname” to show only an IP address for each     host, or disable “address” to use no labels at     all. The “latency” option enables and disables     the display of the round-trip times to each host, as determined by     Nmap's <code>--traceroute</code> option. If     “slow in/out” is checked, the animation     will not be linear, but will go faster in the middle of the     animation and slower at the beginning and end.
The checkboxes in the “View” section enable and disable parts of the display. For example, disable “hostname” to show only an IP address for each host, or disable “address” to use no labels at all. The “latency” option enables and disables the display of the round-trip times to each host, as determined by Nmap's <code>--traceroute</code> option. If “slow in/out” is checked, the animation will not be linear, but will go faster in the middle of the animation and slower at the beginning and end.


The compass-like widget pans the screen in eight directions. Click     the center to return to the center host. The ring around the     outside controls the rotation of the entire graph.
The compass-like widget pans the screen in eight directions. Click the center to return to the center host. The ring around the outside controls the rotation of the entire graph.


“Zoom” and “Ring gap” both     control the overall size of the graph. “Zoom”     changes the size of everything—hosts, labels, connecting     lines. “Ring gap” just increases the spacing     between the concentric rings, keeping everything else the same     size. “Lower ring gap” gives a minimum spacing     for the rings, useful mainly when fisheye is enabled.
“Zoom” and “Ring gap” both control the overall size of the graph. “Zoom” changes the size of everything—hosts, labels, connecting lines. “Ring gap” just increases the spacing between the concentric rings, keeping everything else the same size. “Lower ring gap” gives a minimum spacing for the rings, useful mainly when fisheye is enabled.


==== Fisheye controls ====
===== Fisheye controls =====
The fisheye controls give more space to a selected ring,     compressing all the others. The slider controls which ring gets     the most attention. The “interest factor” is     how many times greater the ring spacing is for the chosen ring     than it would be with no fisheye. The “spread     factor” ranges from −1 to 1. It controls     how many adjacent rings are expanded around the selected ring,     with higher numbers meaning more spread.
The fisheye controls give more space to a selected ring, compressing all the others. The slider controls which ring gets the most attention. The “interest factor” is how many times greater the ring spacing is for the chosen ring than it would be with no fisheye. The “spread factor” ranges from −1 to 1. It controls how many adjacent rings are expanded around the selected ring, with higher numbers meaning more spread.


=== Keyboard Shortcuts ===
==== Keyboard Shortcuts ====
The topology display recognizes these keyboard shortcuts:
The topology display recognizes these keyboard shortcuts:
{| class="wikitable"
{| class="wikitable"
Zeile 175: Zeile 153:
|}
|}


=== The Hosts Viewer ===
==== The Hosts Viewer ====
The host viewer is an alternative way to get details about hosts.   Activate the viewer by clicking the “Hosts   Viewer” button. All the hosts in the inventory are   presented in a list. Select any host to get details about it.
The host viewer is an alternative way to get details about hosts. Activate the viewer by clicking the “Hosts Viewer” button. All the hosts in the inventory are presented in a list. Select any host to get details about it.
 
=== Scanergebnisse vergleichen ===
; Scanergebnisse lassen sich über den Menüpunkt Scan\Scan als Datei speichern
* Mehrere solche Ergebnisse können mit Nmap auch verglichen werden, um Unterschiede zu erkennen.
* Abgespeicherte Scanergebnisse werden mit dem Tool „ndiff“ verglichen.
*  Der Befehl dazu ist ndiff <Datei1> <Datei2>.
*  Ausführlichere Ergebnisse gibt '''Ndiff''' mit der Option „-v“ aus.
 
; Vergleich mit Zenmap
* Dazu wird in Zenmap das Menü '''Werkzeuge\Ergebnisse vergleichen''' verwendet.
 
== Syntax ==
=== Optionen ===
=== Parameter ===
=== Umgebungsvariablen ===
=== Exit-Status ===
 
== Konfiguration ==
=== Dateien ===
 
<noinclude>
 
== Anhang ==
=== Siehe auch ===
{{Special:PrefixIndex/nmap}}
==== Sicherheit ====
==== Dokumentation ====
# https://nmap.org/book/zenmap.html
 
===== Man-Page =====
===== Info-Pages =====
 
==== Links ====
===== Projekt =====
===== Weblinks =====


[[Kategorie:Linux/Befehl]]
[[Kategorie:Netzwerk/Befehl]]
{{DEFAULTSORT:zenmap}}
{{DEFAULTSORT:zenmap}}
[[Kategorie:Scanning]]
[[Kategorie:Informationssicherheit:Assessment]]
[[Kategorie:IT-Sicherheit/Tools]]


[[Kategorie:nmap]]
</noinclude>
</noinclude>

Aktuelle Version vom 6. November 2024, 13:00 Uhr

zenmap - Grafisache Oberfläche für nmap

Beschreibung

Installation

RPM-Paket in Debian installieren

1. Voraussetzungen

# apt install python3 alien nmap

2. RPM-Paket herunterladen

# wget https://nmap.org/dist/zenmap-7.94-1.noarch.rpm

3. Integrität des Downloads prüfen

4. RPM-Paket in DEB-Paket umwandeln

# alien zenmap*.rpm

5. DEB-Paket installieren

# dpkg --install zenmap*.deb

Anwendungen

Scan-Ergebnisse auslesen

Auswerten mit Zenmap
  • In der grafischen Oberfläche Zenmap lassen sich die Ergebnisse gut auswerten
  • Nachdem ein Scanvorgang abgeschlossen ist, sind auf der linken Seite die Endpunkte zu finden, die Nmap gefunden und gescannt hat.
  • Mit den beiden Schaltflächen „Rechner“ und Dienste“ kann zwischen den gefundenen Endgeräten und den gefundenen Netzwerkdiensten gewechselt werden.
  • Im unteren Bereich kann das Ergebnis über die Schaltfläche „Rechner filtern“ noch besser gefiltert werden.
  • In der Mitte des Fensters sind verschiedene Registerkarten zu sehen, mit denen die Scanergebnisse besser untersucht werden können.
  • Auf der Registerkarte „Nmap-Ausgabe“ zeigt Zenmap z.B. das Ergebnis an, das Nmap auch in der Befehlszeile anzeigt.
  • Auf der Registerkarte „Ports/Rechner“ sind die gefundenen Ports zu sehen sowie weitere Informationen zum markierten Gerät.
  • Mit der Registerkarte kann jedes einzelne Gerät im Netzwerk überprüft werden.

Grafische Anzeige des Netzwerks

  • Auf der Registerkarte „Netzstruktur“ kann Zenmap eine grafische Anzeige des Netzwerkes zur Verfügung stellen.
  • Über die verschiedenen Schaltflächen „Rechnerbetrachter“, „Fischauge“ und „Steuerungen“ können verschiedene Einstellungen für die Anzeige der Rechner vorgenommen werden.
  • Die Grafik kann an dieser Stelle auch als PDF, PNG oder SVG gespeichert werden.
  • Auf der Registerkarte „Rechnereinzelheiten“ können Details zu einem Rechner angezeigt werden, die durch das Scannen erkannt wurden.
  • Zu den Informationen gehören Rechnernamen, das Betriebssystem, die geöffneten und geschlossenen Ports, den Zeitpunkt des Rechnerstarts und viele weitere Informationen.

“Topology” Tab

Zenmap's “Topology” tab provides an interactive, animated visualization of the connections between hosts on a network. Hosts are shown as nodes on a graph that extends radially from the center. Click and drag to pan the display, and use the controls provided to zoom in and out. Click on a host and it becomes the new center. The graph rearranges itself in a smooth animation to reflect the new view of the network. Run a new scan and every new host and network path will be added to the topology automatically.

The topology view is most useful when combined with Nmap's --traceroute option, because that's the option that discovers the network path to a host. You can view a network inventory that doesn't have traceroute information in the topology, but network paths will not be visible. Remember, though, that you can add traceroute information to a network inventory just by running another scan thanks to Zenmap's scan aggregation.

Initially the topology is shown from the point of view of localhost, with you at the center. Click on a host to move it to the center and see what the network looks like from its point of view.

The topology view is an adaptation of the RadialNet program by João Paulo S. Medeiros.

Legend

The topology view uses many symbols and color conventions. This section explains what they mean.
Each regular host in the network is represented by a little circle. The color and size of the circle is determined by the number of open ports on the host. The more open ports, the larger the circle. A white circle represents an intermediate host in a network path that was not port scanned. If a host has fewer than three open ports, it will be green; between three and six open ports, yellow; more than six open ports, red.
If a host is a router, switch, or wireless access point, it is drawn with a square rather than a circle.
Network distance is shown as concentric gray rings. Each additional ring signifies one more network hop from the center host.
Connections between hosts are shown with colored lines. Primary traceroute connections are shown with blue lines. Alternate paths (paths between two hosts where a different path already exists) are drawn in orange. Which path is primary and which paths are alternates is arbitrary and controlled by the order in which paths were recorded. The thickness of a line is proportional to its round-trip time; hosts with a higher RTT have a thicker line. Hosts with no traceroute information are clustered around localhost, connected with a dashed black line.
If there is no RTT for a hop (a missing traceroute entry), the connection is shown with a blue dashed line and the unknown host that makes the connection is shown with a blue outline.
Some special-purpose hosts may carry one or more icons describing what type of host they are:
A router.
A switch.
A wireless access point.
A firewall.
A host with some ports filtered.

Controls

The controls appear in a column when the “Controls” button is clicked. The controls are divided into sections.

Action controls

The controls in the “Action” section control what happens when you click on a host. The buttons in this section are, from left to right, “Change focus”, “Show information”, “Group children”, and “Fill region”. When the mode is “Change focus”, clicking on a host rearranges the display to put the selected host at the center. When the mode is “Show information”, clicking on a host brings up a window with information about it.

When the mode is “Group children”, clicking a host collapses into it all of its children—those nodes that are farther from the center. When a host is grouped it appears thus: . Clicking on a grouped node ungroups it again. This diagram shows the process of grouping.

Figure 12.7. Grouping a host's children

When the mode is “Fill region”, clicking a host highlights the region of the display occupied by the host and its children. The highlighted hosts are exactly the same as those that would be grouped in “Group children” mode. You can choose different colors to highlight different regions. This diagram shows an example of several regions highlighted in different colors.

Figure 12.8. Highlighting regions of the topology

Interpolation controls

The controls in the “Interpolation” section control how quickly the animation proceeds when part of the graph changes.

Layout controls

There are two options for the automatic layout of nodes. Symmetric mode gives each subtree of a host an equal-sized slice of the graph. It shows the network hierarchy well but hosts far from the center can be squeezed close together. Weighted mode gives hosts with more children a larger piece of the graph.

View controls

The checkboxes in the “View” section enable and disable parts of the display. For example, disable “hostname” to show only an IP address for each host, or disable “address” to use no labels at all. The “latency” option enables and disables the display of the round-trip times to each host, as determined by Nmap's --traceroute option. If “slow in/out” is checked, the animation will not be linear, but will go faster in the middle of the animation and slower at the beginning and end.

The compass-like widget pans the screen in eight directions. Click the center to return to the center host. The ring around the outside controls the rotation of the entire graph.

“Zoom” and “Ring gap” both control the overall size of the graph. “Zoom” changes the size of everything—hosts, labels, connecting lines. “Ring gap” just increases the spacing between the concentric rings, keeping everything else the same size. “Lower ring gap” gives a minimum spacing for the rings, useful mainly when fisheye is enabled.

Fisheye controls

The fisheye controls give more space to a selected ring, compressing all the others. The slider controls which ring gets the most attention. The “interest factor” is how many times greater the ring spacing is for the chosen ring than it would be with no fisheye. The “spread factor” ranges from −1 to 1. It controls how many adjacent rings are expanded around the selected ring, with higher numbers meaning more spread.

Keyboard Shortcuts

The topology display recognizes these keyboard shortcuts:

Key Function
c Return the display to the center host.
a Show or hide host addresses.
h Show or hide hostnames.
i Show or hide host icons.
l Show or hide latency.
r Show or hide the rings.

The Hosts Viewer

The host viewer is an alternative way to get details about hosts. Activate the viewer by clicking the “Hosts Viewer” button. All the hosts in the inventory are presented in a list. Select any host to get details about it.

Scanergebnisse vergleichen

Scanergebnisse lassen sich über den Menüpunkt Scan\Scan als Datei speichern
  • Mehrere solche Ergebnisse können mit Nmap auch verglichen werden, um Unterschiede zu erkennen.
  • Abgespeicherte Scanergebnisse werden mit dem Tool „ndiff“ verglichen.
  • Der Befehl dazu ist ndiff <Datei1> <Datei2>.
  • Ausführlichere Ergebnisse gibt Ndiff mit der Option „-v“ aus.
Vergleich mit Zenmap
  • Dazu wird in Zenmap das Menü Werkzeuge\Ergebnisse vergleichen verwendet.

Syntax

Optionen

Parameter

Umgebungsvariablen

Exit-Status

Konfiguration

Dateien

Anhang

Siehe auch

Sicherheit

Dokumentation

  1. https://nmap.org/book/zenmap.html
Man-Page
Info-Pages

Links

Projekt
Weblinks