本文介绍了网络安全中的主动信息收集技术,包括三层发现的优缺点、使用IP和ICMP协议进行探测的方法,如Ping、traceroute等工具的使用。此外,还提到了fping和hping3等高级探测工具的命令行选项和应用场景,以及它们在网络安全扫描中的应用。文章以Kali Linux为例,展示了如何执行这些探测操作。
╋━━━━━━━━━━━━━╋
┃发现-----三层发现 ┃
┃优点 ┃
┃ 可路由 ┃
┃ 速度比较快 ┃
┃缺点 ┃
┃ 速度比二层慢 ┃
┃ 经常被边界防火墙过滤 ┃
┃IP、icmp协议 ┃
╋━━━━━━━━━━━━━╋
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
┃发现-----三层发现 ┃
┃Ping 1.1.1.1 -c 2 ┃
┃Ping -R 1.1.1.1 / traceroute 1.1.1.1 ┃
┃Ping 1.1.1.1 -c 1 | grep "bytes from" | cut -d " " -f 4 | cut -d ":" -f 1 ┃
┃脚本 ┃
┃ Ping.sh 1.1.1.0 ┃
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
root@kali:~# ping 192.168.1.1 -c 5
root@kali:~# traceroute www.sina.com
root@kali:~# ping -R www.sina.com
root@kali:~# ping -h
Usage: ping [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface]
[-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos]
[-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option]
[-w deadline] [-W timeout] [hop1 ...] destination
▉→●→●→●→●→▉ 从我的机器跳过四个路由器
root@kali:~# man ping
PING(8) System Manager's Manual: iputils PING(8)
NAME
ping, ping6 - send ICMP ECHO_REQUEST to network hosts
SYNOPSIS
ping [-aAbBdDfhLnOqrRUvV] [-c count] [-F flowlabel] [-i interval] [-I
interface] [-l preload] [-m mark] [-M pmtudisc_option] [-N node‐
info_option] [-w deadline] [-W timeout] [-p pattern] [-Q tos] [-s pack‐
etsize] [-S sndbuf] [-t ttl] [-T timestamp option] [hop ...] destina‐
tion
DESCRIPTION
ping uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit
an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams
(``pings'') have an IP and ICMP header, followed by a struct timeval
and then an arbitrary number of ``pad'' bytes used to fill out the
packet.
ping6 is IPv6 version of ping, and can also send Node Information
Queries (RFC4620). Intermediate hops may not be allowed, because IPv6
source routing was deprecated (RFC5095).
OPTIONS
-a Audible ping.
-A Adaptive ping. Interpacket interval adapts to round-trip time,
so that effectively not more than one (or more, if preload is
set) unanswered probe is present in the network. Minimal inter‐
val is 200msec for not super-user. On networks with low rtt
this mode is essentially equivalent to flood mode.
-b Allow pinging a broadcast address.
-B Do not allow ping to change source address of probes. The
address is bound to one selected when ping starts.
-c count
Stop after sending count ECHO_REQUEST packets. With deadline
option, ping waits for count ECHO_REPLY packets, until the time‐
out expires.
-d Set the SO_DEBUG option on the socket being used. Essentially,
this socket option is not used by Linux kernel.
-D Print timestamp (unix time + microseconds as in gettimeofday)
before each line.
-f Flood ping. For every ECHO_REQUEST sent a period ``.'' is
printed, while for ever ECHO_REPLY received a backspace is
printed. This provides a rapid display of how many packets are
being dropped. If interval is not given, it sets interval to
zero and outputs packets as fast as they come back or one hun‐
dred times per second, whichever is more. Only the super-user
may use this option with zero interval.
-F flow label
ping6 only. Allocate and set 20 bit flow label (in hex) on echo
request packets. If value is zero, kernel allocates random flow
label.
-h Show help.
-i interval
Wait interval seconds between sending each packet. The default
is to wait for one second between each packet normally, or not
to wait in flood mode. Only super-user may set interval to val‐
ues less 0.2 seconds.
-I interface
interface is either an address, or an interface name. If inter‐
face is an address, it sets source address to specified inter‐
face address. If interface in an interface name, it sets source
interface to specified interface. For ping6, when doing ping to
a link-local scope address, link specification (by the '%'-nota‐
tion in destination, or by this option) is required.
-l preload
If preload is specified, ping sends that many packets not wait‐
ing for reply. Only the super-user may select preload more than
3.
-L Suppress loopback of multicast packets. This flag only applies
if the ping destination is a multicast address.
-m mark
use mark to tag the packets going out. This is useful for vari‐
ety of reasons within the kernel such as using policy routing to
select specific outbound processing.
-M pmtudisc_opt
Select Path MTU Discovery strategy. pmtudisc_option may be
either do (prohibit fragmentation, even local one), want (do
PMTU discovery, fragment locally when packet size is large), or
dont (do not set DF flag).
-N nodeinfo_option
ping6 only. Send ICMPv6 Node Information Queries (RFC4620),
instead of Echo Request.
help Show help for NI support.
name Queries for Node Names.
ipv6 Queries for IPv6 Addresses. There are several IPv6 spe‐
cific flags.
ipv6-global
Request IPv6 global-scope addresses.
ipv6-sitelocal
Request IPv6 site-local addresses.
ipv6-linklocal
Request IPv6 link-local addresses.
ipv6-all
Request IPv6 addresses on other interfaces.
ipv4 Queries for IPv4 Addresses. There is one IPv4 specific
flag.
ipv4-all
Request IPv4 addresses on other interfaces.
subject-ipv6=ipv6addr
IPv6 subject address.
subject-ipv4=ipv4addr
IPv4 subject address.
subject-name=nodename
最低0.47元/天 解锁文章
扫一扫
4644
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
