该机器有3个接口,这就是它所显示的:
$uname -a Linux showstore-81 2.6.35.13 #1 SMP PREEMPT Thu Feb 9 12:20:36 PST 2012 i686 GNU/Linux $LC_ALL=C /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:1b:21:ac:17:19 inet addr:192.168.81.54 Bcast:192.168.81.255 Mask:255.255.255.0 ... eth1 Link encap:Ethernet HWaddr 00:25:90:25:d0:4e inet addr:192.168.81.129 Bcast:192.168.81.255 Mask:255.255.255.128 ... eth2 Link encap:Ethernet HWaddr 00:25:90:25:d0:4f inet addr:169.254.1.1 Bcast:169.254.255.255 Mask:255.255.0.0 ...
所以无论我使用什么工具和选项,我都期望:
> IP .54 => MAC 00:1b:21:ac:17:19
> IP .129 => MAC 00:25:90:25:d0:4e
但是nmap -n -sP 192.168.81.0/24(nmap v.5.00)报告它反转:
Host 192.168.81.54 is up (0.000078s latency). MAC Address: 00:25:90:25:D0:4E (Super Micro Computer) Host 192.168.81.129 is up (0.000058s latency). MAC Address: 00:1B:21:AC:17:19 (Intel Corporate)
并且nmap -n -sP -PR 192.168.81 / 24仅报告两个IP上的一个MAC地址:
Host 192.168.81.54 is up (0.000081s latency). MAC Address: 00:1B:21:AC:17:19 (Intel Corporate) Host 192.168.81.129 is up (0.00011s latency). MAC Address: 00:1B:21:AC:17:19 (Intel Corporate)
最后,arp-scan -l(v.1.8.1)使用两个MAC地址报告两次IP地址:
192.168.81.54 00:1b:21:ac:17:19 Intel Corporate 192.168.81.54 00:25:90:25:d0:4e Super Micro Computer,Inc. 192.168.81.129 00:1b:21:ac:17:19 Intel Corporate 192.168.81.129 00:25:90:25:d0:4e Super Micro Computer,Inc.
如何进行扫描以获得正确的结果? (我只需要IP和MAC.没有端口扫描.)
解决方法
您需要手动或在/etc/sysctl.conf中设置以下sysctl条目:
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.arp_filter = 1
net.ipv4.conf.all.arp_announce = 1
net.ipv4.conf.all.arp_ignore = 2
net.ipv4.conf.all.shared_media = 0
更新此项以包含更多信息.通常情况下,无论是否在响应的NIC上配置了请求的IP,linux都将响应分配给计算机的IP地址的ARP请求,其中包含接收请求的NIC的MAC地址.此外,默认情况下,Linux将在任何发往计算机本地配置的IP地址的NIC上接受IP数据包.所以,
上面的sysctl设置限制了这种行为,以便Linux只响应IP的ARP请求(如果在IP上分配了IP,并且请求来自通过该NIC可到达的IP地址).可调参数记录在内核源代码分发中的文件ip-sysctl.txt中.
您所看到的是预期的行为以及我所建议的内容会改变您希望采取更多行动的方式.祝好运.