0
点赞
收藏
分享

微信扫一扫

Nmap学习5 - 主机发现 实验二

大沈投资笔记 2022-02-10 阅读 78
linux网络网络协议

Nmap学习4 - 主机发现 实验二

  1. 客户端 window11 物理机 192.168.31.1,安装 nmap 扫描软件 、wireshark 网络协议分析器软件 、winscp 文件传输软件。
  2. Centos 7 虚拟机 192.168.31.142,安装 tcpdump 抓包软件和关闭防火墙
  3. Windows 7 虚拟机 192.168.31.146

ICMP

ICMP 与 iptables REJECT

相同网段的主机发现,nmap默认会通过arp的方式。

>nmap -sn -disable-arp-ping --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-08 10:15 ?D1ú±ê×?ê±??
SENT (0.6250s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=34388 seq=0] IP [ttl=44 id=63802 iplen=28 ]
RCVD (0.6250s) ICMP [192.168.31.142 > 192.168.31.1 Echo reply (type=0/code=0) id=34388 seq=0] IP [ttl=64 id=25419 iplen=28 ]
NSOCK INFO [0.6630s] nsock_iod_new2(): nsock_iod_new (IOD #1)
...
NSOCK INFO [0.6980s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for 192.168.31.142
Host is up (0.00s latency).
MAC Address: 00:0C:29:83:79:73 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.72 seconds

SENT (0.6250s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=34388 seq=0] IP [ttl=44 id=63802 iplen=28 ]
RCVD (0.6250s) ICMP [192.168.31.142 > 192.168.31.1 Echo reply (type=0/code=0) id=34388 seq=0] IP [ttl=64 id=25419 iplen=28 ]
采用 -disable-arp-ping 参数后,nmap会通过icmp协议进行主机发现测试。

在Linux 192.168.31.142 ,上先将iptables的规则清空,然后添加新的规则,将进入本机的所有icmp报文拒绝

iptables -F
iptables -t filter -I INPUT -p icmp -j REJECT

重新进行主机发现测试

>nmap -sn -disable-arp-ping --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-08 12:25 ?D1ú±ê×?ê±??
SENT (0.5990s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=27063 seq=0] IP [ttl=52 id=5598 iplen=28 ]
RCVD (0.5990s) ICMP [192.168.31.142 > 192.168.31.1 Port unreachable (type=3/code=3) ] IP [ttl=64 id=31186 iplen=56 ]
SENT (0.6100s) TCP 192.168.31.1:45121 > 192.168.31.142:443 S ttl=42 id=57017 iplen=44  seq=369266993 win=1024 <mss 1460>
SENT (0.6110s) TCP 192.168.31.1:45121 > 192.168.31.142:80 A ttl=48 id=44544 iplen=40  seq=0 win=1024
SENT (0.6120s) ICMP [192.168.31.1 > 192.168.31.142 Timestamp request (type=13/code=0) id=64003 seq=0 orig=0 recv=0 trans=0] IP [ttl=59 id=5616 iplen=40 ]
RCVD (0.6180s) TCP 192.168.31.142:443 > 192.168.31.1:45121 RA ttl=64 id=51565 iplen=40  seq=0 win=0
NSOCK INFO [0.6530s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6530s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6560s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
...
NSOCK INFO [0.6960s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for 192.168.31.142
Host is up (0.0080s latency).
MAC Address: 00:0C:29:83:79:73 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.73 seconds

SENT (0.5990s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=27063 seq=0] IP [ttl=52 id=5598 iplen=28 ]
RCVD (0.5990s) ICMP [192.168.31.142 > 192.168.31.1 Port unreachable (type=3/code=3) ] IP [ttl=64 id=31186 iplen=56 ]
使用icmp Echo request (type=8/code=0) 进行主机发现,由于 Linux 服务器 iptables 规则是拒绝所有icmp 进入,所以 Linux 服务器返回 Port unreachable (type=3/code=3)。

SENT (0.6100s) TCP 192.168.31.1:45121 > 192.168.31.142:443 S ttl=42 id=57017 iplen=44 seq=369266993 win=1024 <mss 1460>
SENT (0.6110s) TCP 192.168.31.1:45121 > 192.168.31.142:80 A ttl=48 id=44544 iplen=40 seq=0 win=1024
SENT (0.6120s) ICMP [192.168.31.1 > 192.168.31.142 Timestamp request (type=13/code=0) id=64003 seq=0 orig=0 recv=0 trans=0] IP [ttl=59 id=5616 iplen=40 ]
RCVD (0.6180s) TCP 192.168.31.142:443 > 192.168.31.1:45121 RA ttl=64 id=51565 iplen=40 seq=0 win=0
然后 nmap 发送TCP 443/80 端口SYN 标志的空 TCP 数据包,服务器443开放返回。

ICMP 的Type和Code见下图:
ICMP 的Type和Code
在这里插入图片描述

>ping 192.168.31.142

正在 Ping 192.168.31.142 具有 32 字节的数据:
来自 192.168.31.142 的回复: 无法连到端口。
来自 192.168.31.142 的回复: 无法连到端口。
来自 192.168.31.142 的回复: 无法连到端口。
来自 192.168.31.142 的回复: 无法连到端口。

192.168.31.142 的 Ping 统计信息:
    数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失)

ICMP 与 iptables DROP

在Linux 192.168.31.142 ,上先将iptables的规则清空,然后添加新的规则,将进入本机的所有icmp报文丢弃

iptables -F
iptables -t filter -I INPUT -p icmp -j DROP
#可以用iptables --protocol icmp --help查看ICMP类型

>nmap -sn -disable-arp-ping --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-09 10:33 ?D1ú±ê×?ê±??
SENT (0.8770s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=22991 seq=0] IP [ttl=55 id=6510 iplen=28 ]
SENT (0.8910s) TCP 192.168.31.1:56008 > 192.168.31.142:443 S ttl=58 id=55482 iplen=44  seq=3773396715 win=1024 <mss 1460>
SENT (0.8910s) TCP 192.168.31.1:56008 > 192.168.31.142:80 A ttl=55 id=3214 iplen=40  seq=0 win=1024
SENT (0.8910s) ICMP [192.168.31.1 > 192.168.31.142 Timestamp request (type=13/code=0) id=17841 seq=0 orig=0 recv=0 trans=0] IP [ttl=47 id=13674 iplen=40 ]
RCVD (0.8910s) TCP 192.168.31.142:443 > 192.168.31.1:56008 RA ttl=64 id=49741 iplen=40  seq=0 win=0
NSOCK INFO [0.9220s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.9220s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.9220s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
...
NSOCK INFO [0.9540s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.9540s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.9540s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for 192.168.31.142
Host is up (0.00s latency).
MAC Address: 00:0C:29:83:79:73 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.00 seconds

SENT (0.8770s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=22991 seq=0] IP [ttl=55 id=6510 iplen=28 ]
SENT (0.8910s) TCP 192.168.31.1:56008 > 192.168.31.142:443 S ttl=58 id=55482 iplen=44 seq=3773396715 win=1024 <mss 1460>
SENT (0.8910s) TCP 192.168.31.1:56008 > 192.168.31.142:80 A ttl=55 id=3214 iplen=40 seq=0 win=1024
SENT (0.8910s) ICMP [192.168.31.1 > 192.168.31.142 Timestamp request (type=13/code=0) id=17841 seq=0 orig=0 recv=0 trans=0] IP [ttl=47 id=13674 iplen=40 ]
RCVD (0.8910s) TCP 192.168.31.142:443 > 192.168.31.1:56008 RA ttl=64 id=49741 iplen=40 seq=0 win=0
使用icmp Echo request (type=8/code=0) 进行主机发现,由于 Linux 服务器 iptables 规则是丢弃所有icmp 进入,所以 Linux 服务器没有返回消息。

>ping 192.168.31.142

正在 Ping 192.168.31.142 具有 32 字节的数据:
请求超时。
请求超时。
请求超时。
请求超时。

192.168.31.142 的 Ping 统计信息:
    数据包: 已发送 = 4,已接收 = 0,丢失 = 4 (100% 丢失)
举报

相关推荐

nmap教程—2—发现主机

网络安全linux

Nmap学习2 - 实验

linux网络nmap安全

Web安全入门与靶场实战(6)- 利用nmap进行主机发现

Kalinmap主机发现安全技术网络/安全

Nmap 源码学习二 整体架构

nmap源码网络luasedOpenStack云计算

Centos使用nmap扫描远程主机

Linux运维

Nmap 扩展(二)

lua网络nmap

实验5:网络设备发现、管理和维护

web安全安全网络网络安全学习

Zabbix自动发现SNMP主机

centoslinux运维

nmap学习笔记

nmap.netIP嗅探JavaScript前端开发

探测主机常用命令之——nmap

网络udp运维
0 条评论