玩玩nmap

---恢复内容开始---

[[email protected] ~]# nmap -v

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 15:34 CST
Read data files from: /usr/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds
           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

nmap用于探查网络、执行安全扫描、网络核查并且在远程机器上找出开放端口。它可以扫描在线的主机、操作系统、包过滤器和远程主机上的开放端口。

nmap命令格式：

Usage: nmap [Scan Type(s)] [Options] {target specification}

1.使用主机名扫描：

2.使用IP扫描

2.使用-v选项可以给出更详细信息

3.扫描多台主机。nmap后面写上多个IP地址或者主机名

4.使用通配符来使nmap扫描整个子网或者IP段

[[email protected] ~]# nmap 172.18.16.*

耗时太久

5.使用IP地址的最后一段扫描多台主机

[[email protected] ~]# nmap 172.18.16.201,202,203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 16:26 CST
Nmap scan report for 172.18.16.203
Host is up (0.012s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2

Nmap done: 3 IP addresses (1 host up) scanned in 6.20 seconds

6.从文件中扫描主机列表

将主机名或者IP写到一个文件中，可以直接让nmap读取并执行扫描。

[[email protected] ~]# cat test.txt
172.18.16.201
172.18.16.202
172.18.16.203

执行扫描，使用-iL参数

[[email protected] ~]# nmap -iL test.txt 

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 16:43 CST
Nmap scan report for 172.18.16.203
Host is up (0.015s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2

Nmap done: 3 IP addresses (1 host up) scanned in 6.08 seconds

7.扫描一个IP段

[[email protected] ~]# nmap 172.18.16.200-220

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 16:46 CST
Nmap scan report for 172.18.16.203
Host is up (0.084s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2

Nmap scan report for 172.18.16.205
Host is up (0.074s latency).
Not shown: 997 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
3306/tcp open  mysql
3389/tcp open  ms-wbt-server

Nmap scan report for 172.18.16.209
Host is up (0.041s latency).
Not shown: 995 filtered ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3389/tcp  open  ms-wbt-server
10000/tcp open  snet-sensor-mgmt

Nmap scan report for 172.18.16.214
Host is up (0.052s latency).
Not shown: 993 filtered ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
2869/tcp  open  icslap
3389/tcp  open  ms-wbt-server
5357/tcp  open  wsdapi
10243/tcp open  unknown

Nmap scan report for 172.18.16.218
Host is up (0.0043s latency).
All 1000 scanned ports on 172.18.16.218 are filtered

Nmap done: 21 IP addresses (5 hosts up) scanned in 31.94 seconds

8.排除部分主机

[[email protected] ~]# nmap 172.18.16.200-210 --exclude 172.18.16.205

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:12 CST
Nmap scan report for 172.18.16.203
Host is up (0.025s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2

Nmap scan report for 172.18.16.209
Host is up (0.015s latency).
Not shown: 995 filtered ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3389/tcp  open  ms-wbt-server
10000/tcp open  snet-sensor-mgmt

Nmap done: 10 IP addresses (2 hosts up) scanned in 16.57 seconds

9.扫描系统信息

[[email protected] ~]# nmap -A 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:14 CST
Nmap scan report for 172.18.16.203
Host is up (0.0024s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE  VERSION
22/tcp    open  ssh      OpenSSH 3.8.1p1 Debian 8.sarge.4 (protocol 2.0)
| ssh-hostkey:
|_  1024 c7:ef:29:9a:6e:2e:f6:08:71:67:d6:cd:db:ef:b2:40 (RSA)
80/tcp    open  http     GoAhead WebServer
111/tcp   open  rpcbind  2 (RPC #100000)
| rpcinfo:
|   program version   port/proto  service
|   100000  2            111/tcp  rpcbind
|_  100000  2            111/udp  rpcbind
443/tcp   open  ssl/http GoAhead WebServer
| ssl-cert: Subject: commonName=AMI/organizationName=American Megatrends Inc./stateOrProvinceName=Georgia/countryName=US
| Not valid before: 2006-03-08T22:01:07
|_Not valid after:  2006-04-07T22:01:07
5120/tcp  open  ipmi-usb IPMI USB redirection
50000/tcp open  upnp     SuperMicro IPMI UPnP
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.15 - 2.6.26 (likely embedded)
Network Distance: 2 hops
Service Info: OS: Linux; Device: remote management; CPE: cpe:/o:linux:linux_kernel, cpe:/o:supermicro:intelligent_platform_management_firmware

TRACEROUTE (using port 111/tcp)
HOP RTT     ADDRESS
1   4.04 ms 192.168.1.1
2   4.02 ms 172.18.16.203

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 103.10 seconds

同样-O或者-osscan-guess同样可以实现

[[email protected] ~]# nmap -O 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:21 CST
Nmap scan report for 172.18.16.203
Host is up (0.0030s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.15 - 2.6.26 (likely embedded)
Network Distance: 2 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.22 seconds

10.扫描主机来检测防火墙

[[email protected] ~]# nmap -sA 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:22 CST
Nmap scan report for 172.18.16.203
Host is up (0.0015s latency).
All 1000 scanned ports on 172.18.16.203 are filtered

Nmap done: 1 IP address (1 host up) scanned in 21.18 seconds

11.检测主机以检查防火墙是否正在工作

[[email protected] ~]# nmap -PN 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:24 CST
Nmap scan report for 172.18.16.203
Host is up (0.0039s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2

Nmap done: 1 IP address (1 host up) scanned in 4.53 seconds

12.查找网络中的在线主机

[[email protected] ~]# nmap -sP 172.18.16.*

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:25 CST
Nmap scan report for 172.18.16.1
Host is up (0.0026s latency).
Nmap scan report for 172.18.16.62
Host is up (0.0039s latency).
Nmap scan report for 172.18.16.65
Host is up (0.0021s latency).
Nmap scan report for 172.18.16.69
Host is up (0.0045s latency).
Nmap scan report for 172.18.16.87
Host is up (0.0025s latency).
Nmap scan report for 172.18.16.92
Host is up (0.0082s latency).
Nmap scan report for 172.18.16.126
Host is up (0.0016s latency).
Nmap scan report for 172.18.16.130
Host is up (0.0023s latency).
Nmap scan report for 172.18.16.132
Host is up (0.0029s latency).
Nmap scan report for 172.18.16.186
Host is up (0.0048s latency).
Nmap scan report for 172.18.16.190
Host is up (0.027s latency).
Nmap scan report for 172.18.16.203
Host is up (0.0043s latency).
Nmap scan report for 172.18.16.205
Host is up (0.0090s latency).
Nmap scan report for 172.18.16.209
Host is up (0.0064s latency).
Nmap scan report for 172.18.16.214
Host is up (0.0060s latency).
Nmap scan report for 172.18.16.218
Host is up (0.0086s latency).
Nmap scan report for 172.18.16.231
Host is up (0.0025s latency).
Nmap scan report for 172.18.16.235
Host is up (0.0067s latency).
Nmap scan report for 172.18.16.237
Host is up (0.00079s latency).
Nmap scan report for 172.18.16.239
Host is up (0.0029s latency).
Nmap scan report for 172.18.16.248
Host is up (0.0071s latency).
Nmap scan report for 172.18.16.254
Host is up (0.0035s latency).
Nmap done: 256 IP addresses (22 hosts up) scanned in 3.40 seconds

13.执行快速扫描

使用-F参数，扫描仅在/usr/share/nmap/nmap-services中列出的端口

[[email protected] ~]# nmap -F 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:57 CST
Nmap scan report for 172.18.16.203
Host is up (0.0041s latency).
Not shown: 96 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
111/tcp open  rpcbind
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds

14.连续扫描端口

[[email protected] ~]# nmap -r 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:01 CST
Nmap scan report for 172.18.16.203
Host is up (0.0083s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2

Nmap done: 1 IP address (1 host up) scanned in 4.16 seconds

15.显示主机及路由

列出本机的主机接口与路由信息

[[email protected] ~]# nmap --iflist

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:02 CST
************************INTERFACES************************
DEV        (SHORT)      IP/MASK                     TYPE     UP   MTU   MAC
enp3s0     (enp3s0)     (none)/0                    ethernet up   1500  F0:DE:F1:39:B9:9C
virbr0-nic (virbr0-nic) (none)/0                    ethernet down 1500  52:54:00:D1:81:64
wlp4s0b1   (wlp4s0b1)   192.168.1.8/24              ethernet up   1500  AC:81:12:2B:0E:AA
wlp4s0b1   (wlp4s0b1)   fe80::ae81:12ff:fe2b:eaa/64 ethernet up   1500  AC:81:12:2B:0E:AA
docker0    (docker0)    172.17.0.1/16               ethernet up   1500  02:42:D1:E0:5D:AC
virbr0     (virbr0)     192.168.124.1/24            ethernet up   1500  52:54:00:D1:81:64
lo         (lo)         127.0.0.1/8                 loopback up   65536
lo         (lo)         ::1/128                     loopback up   65536

**************************ROUTES**************************
DST/MASK                     DEV      METRIC GATEWAY
192.168.124.0/24             virbr0   0
192.168.1.0/24               wlp4s0b1 600
172.17.0.0/16                docker0  0
0.0.0.0/0                    wlp4s0b1 600    192.168.1.1
::1/128                      lo       0
fe80::ae81:12ff:fe2b:eaa/128 lo       0
fe80::/64                    wlp4s0b1 256
ff00::/8                     wlp4s0b1 256

16.扫描特定端口

[[email protected] ~]# nmap -p 80 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:04 CST
Nmap scan report for 172.18.16.203
Host is up (0.0015s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds

扫描多个端口

[[email protected] ~]# nmap -p 80,135 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:11 CST
Nmap scan report for 172.18.16.203
Host is up (0.0015s latency).
PORT    STATE    SERVICE
80/tcp  open     http
135/tcp filtered msrpc

Nmap done: 1 IP address (1 host up) scanned in 1.31 seconds

指定端口范围：

[[email protected] ~]# nmap -p 80-160 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:16 CST
Nmap scan report for 172.18.16.203
Host is up (0.0022s latency).
Not shown: 79 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
111/tcp open  rpcbind

Nmap done: 1 IP address (1 host up) scanned in 1.81 seconds

17.扫描TCP端口

指定nmap扫描的端口类型和端口号

[[email protected] ~]# nmap -p T:80 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:08 CST
Nmap scan report for 172.18.16.203
Host is up (0.0028s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

18.扫描UDP端口

[[email protected] ~]# nmap -sU 53 172.18.16.203

19.找出远程主机服务版本号

[[email protected] ~]# nmap -sV 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:18 CST
Nmap scan report for 172.18.16.203
Host is up (0.0048s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE  VERSION
22/tcp    open  ssh      OpenSSH 3.8.1p1 Debian 8.sarge.4 (protocol 2.0)
80/tcp    open  http     GoAhead WebServer
111/tcp   open  rpcbind  2 (RPC #100000)
443/tcp   open  ssl/http GoAhead WebServer
5120/tcp  open  ipmi-usb IPMI USB redirection
50000/tcp open  upnp     SuperMicro IPMI UPnP
Service Info: OS: Linux; Device: remote management; CPE: cpe:/o:linux:linux_kernel, cpe:/o:supermicro:intelligent_platform_management_firmware

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 48.88 seconds

20.使用TCP ACK（PA）和TCP Syn(PS)扫描主机

有时包过滤防火墙阻止了标准ICMPping请求，在这个情况下，使用TCP ACK和TCP Syn方法来扫描远程主机

[[email protected] ~]# nmap -PS 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:23 CST
Nmap scan report for 172.18.16.203
Host is up (0.0073s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2

Nmap done: 1 IP address (1 host up) scanned in 4.68 seconds

[email protected] ~]# nmap -PA 172.18.16.203

TCP Syn(PS)扫描远程主机的特定端口

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:26 CST
Nmap scan report for 172.18.16.203
Host is up (0.0014s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

TCP Syn(PS)扫描最常用端口

[[email protected] ~]# nmap -sT 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:28 CST
Nmap scan report for 172.18.16.203
Host is up (0.0025s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2

Nmap done: 1 IP address (1 host up) scanned in 4.29 seconds

21.执行隐秘扫描

[[email protected] ~]# nmap -sS 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:27 CST
Nmap scan report for 172.18.16.203
Host is up (0.0062s latency).
Not shown: 994 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
5120/tcp  open  unknown
50000/tcp open  ibm-db2

Nmap done: 1 IP address (1 host up) scanned in 4.88 seconds

22.tcp空扫描

[[email protected] ~]# nmap -sN 172.18.16.203

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:30 CST
Nmap scan report for 172.18.16.203
Host is up (0.0013s latency).
All 1000 scanned ports on 172.18.16.203 are open|filtered

Nmap done: 1 IP address (1 host up) scanned in 21.15 seconds

原文地址：

https://linux.cn/article-2561-3.html

时间： 2024-09-29 01:01:22

玩玩nmap的相关文章

Nmap

Nmap -P0 -sS -n -p 1-65535 -oX tcp.xml -sV IP -P0:无ping -sS: TCP SYN扫描 -n: 扫描时不进行域名解析 -p 1-65535:扫描指定端口范围1-65535 -oX tcp.xml:扫描结果输出到tcp.xml -sV: 系统版本探测 IP:被测IP ip可填写范围: 1.10.152.40.123 --扫描固定IP 2. 10.152.40.0/24 --扫描10.152.40.0和10.152.40.255之间的2

运维python进行(一) nmap扫描端口

介绍 python-nmap是基于系统nmap命令的一个端口扫描工具,使用简单方便. 最近为了加强服务器安全性和监管,需要每天把公司服务器开放端口扫描记录,一旦出现增加减少能发现. 之前使用shell写过一个https://github.com/bashhu/monitor-shell/blob/master/python-script/scan_port.sh 最近打算完善一下我们的运维平台,重新编写了脚本,方便平台的调用 https://github.com/bashhu/monitor-s

小白日记8：kali渗透测试之主动信息收集（二）三层发现：ping、traceroute、scapy、nmap、fping、Hping

三层发现三层协议有:IP以及ICMP协议(internet管理协议).icmp的作用是用来实现intenet管理的,进行路径的发现,网路通信情况,或者目标主机的状态:在三层发现中主要使用icmp协议,arp协议属于二层协议,它是基于广播的,所以不可路由.而ICMP协议是可以路由的,理论上可以使用icmp协议发现全球的ip,如果没有边界防火墙(禁止icmp的探测包)进行过滤的话,对目标主机进行扫描,则会收到相应的响应,从而进行捕捉[有边界防火墙的现象比较普遍],但是三层发现的扫描速度也较二层要慢

开源一个C#写的Android和IOS都能跑的打击感强的RPG玩玩。

不废话直接上图关于下载和打开没错,我强调过很多次的,Unity3D开发的. 如果你还不懂Unity3D 的基本开发套路,如何打开Unity如何安装Unity这些问题.我建议你先不要索要源代码. 下载后,直接打开这个工程...... 然后打开根目录下载ManTuLanSi这个Scence ,如果你是用PC,就可以按 ASDW开前来控制前后左右.痛快的打一下怪吧. 源代码齐全吗?? 因为美术资源是别人的,所以实际源代码会有部分美术资源替换了.不过,代码还是这份代码.完全没变. 能商用

Nmap for windows 下命令行使用

从事IT方面的工作,无论是开发或运维,当测试某些系统服务端口时,总会遇到TCP或 UDP 两种协议.众所周知,TCP 服务端口,可以通过telnet 进行远程测试,而UDP 端口,一般来说都会使用Nmap,无论是在linux 还是 windows环境下. 在windows 下的Nmap软件有图形界面也有命令行模式,但大多数人使用熟练的人,更偏向于命令行模式,因为操作简便而快速. 下载地址: https://nmap.org/download.html 在windows上安装完毕后,直接运行打开图

Nmap扫描教程之基础扫描详解

Nmap扫描教程之基础扫描详解 Nmap扫描基础扫描当用户对Nmap工具了解后,即可使用该工具实施扫描.通过上一章的介绍,用户可知Nmap工具可以分别对主机.端口.版本.操作系统等实施扫描.但是,在实施这些扫描工作之前,需要先简单了解下Nmap工具的使用,以方便后面实施扫描.所以,本章将通过使用Nmap工具实施基础的扫描,来帮助用户了解该工具. Nmap扫描扫描概述在实施基本的扫描之前,需要先了解一些Nmap网络扫描的基本知识,及需要考虑的一些法律边界问题.本节将对网络基本扫描进行一个简单介

kali之nmap

适用所有linux系统上nmap 扫描内容:1.网段中存活主机2.主机开放端口.TCP.UDP.端口范围3.操作系统版本.服务/版本检测4.脚本扫描5.逃避防火墙.IDS进行对网络扫描等常用指令 nmap -v -sn 10.10.30.0/24 #v为显示,sn代表ping,扫描网段中活跃的主机 nmap -v -sP 10.10.30.0/24 扫描网段中活跃的主机 nmap -v -sn 10.10.30.0/24 --exclude 10.10.30.254 扫描10.10.30.0

编写自己的Nmap（NSE）脚本

编写自己的Nmap脚本一.介绍在上一篇文章Nmap脚本引擎原理中我们介绍了基本的NSE知识,这篇文章介绍如何基于Nmap框架编写简单的NSE脚本文件,下一篇文章,Nmap脚本文件分析(AMQP协议为例)会详细分析Nmap自带脚本的执行过程,以及各语句含义. 根据上一篇文章的知识,我们知道编写NSE脚本,主要是写rule函数和action,rule函数返回true时,action函数执行. 二.例子 (1)如果某个IP开放80端口则脚本扫描输出 "This IP open 80 port!&q

Nmap原理02 - 编写自己的服务探测脚本

编写自己的服务探测脚本 1. 添加自己的探测脚本 nmap-service-probes文件的格式将在第二节介绍,本节通过一个例子说明如何添加自己的服务探测脚本. AMQP协议,即Advanced Message Queuing Protocol,一个提供统一消息服务的应用层标准高级消息队列协议.AMQP协议基于TCP5672端口. 在shodan上搜索AMQP: 可以看到97.74.65.116这个ip下有AMQP服务在运行,并且返回的数据为:AMQP\x01\x01\x00\n. 找到nm