版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2004/07/03/000279.html
一个帐号-500被封了 两个-250的没封 通过-500的做ARP欺骗给-250的到宿舍 外面可以正常连接 而接应的早已被出口网关挡了 那么就写写ARP欺骗
平时说的混杂模式(promiscuous mode) 就是抓包常用到的 所谓混杂就是局域网上可以听到的有关的无关的都收入怀中 而不是只选择和自己有关的接受而丢弃其他
IP隧道和ARP欺骗结合起来 就可以用任何地方的IP了
比如我在28#楼我可以用35#的IP 我在教育网我可以有公众网的IP 正如开头所说 欺骗的机器IP出不去了都无所谓 只要出口网关还转发要欺骗的IP的数据包 就可以畅通无阻
% which arp /sbin/arp % rpm -qf /sbin/arp net-tools-1.60-4 % rpm -qil net-tools Name : net-tools Relocations: (not relocateable) Version : 1.60 Vendor: Red Hat, Inc. Release : 4 Build Date: Fri 12 Apr 2002 12:26:22 PM CST Install date: Sun 18 Aug 2002 07:06:06 AM CST Build Host: daffy.perf.redhat.com Group : System Environment/Base Source RPM: net-tools-1.60-4.src.rpm Size : 696658 License: GPL Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Summary : Basic networking tools. Description : The net-tools package contains basic networking tools, including ifconfig, netstat, route, and others. /bin/dnsdomainname /bin/domainname /bin/hostname /bin/netstat /bin/nisdomainname /bin/ypdomainname /sbin/arp /sbin/ether-wake /sbin/ifconfig /sbin/ipmaddr /sbin/iptunnel /sbin/mii-tool /sbin/nameif /sbin/plipconfig /sbin/route /sbin/slattach /usr/share/locale/cs/LC_MESSAGES/net-tools.mo /usr/share/locale/de/LC_MESSAGES/net-tools.mo /usr/share/locale/et_EE/LC_MESSAGES/net-tools.mo /usr/share/locale/fr/LC_MESSAGES/net-tools.mo /usr/share/locale/pt_BR/LC_MESSAGES/net-tools.mo /usr/share/man/de_DE/man1/dnsdomainname.1.gz /usr/share/man/de_DE/man1/domainname.1.gz /usr/share/man/de_DE/man1/hostname.1.gz /usr/share/man/de_DE/man1/nisdomainname.1.gz /usr/share/man/de_DE/man1/ypdomainname.1.gz /usr/share/man/de_DE/man5/ethers.5.gz /usr/share/man/de_DE/man8/arp.8.gz /usr/share/man/de_DE/man8/ifconfig.8.gz /usr/share/man/de_DE/man8/netstat.8.gz /usr/share/man/de_DE/man8/plipconfig.8.gz /usr/share/man/de_DE/man8/rarp.8.gz /usr/share/man/de_DE/man8/route.8.gz /usr/share/man/de_DE/man8/slattach.8.gz /usr/share/man/fr_FR/man1/dnsdomainname.1.gz /usr/share/man/fr_FR/man1/domainname.1.gz /usr/share/man/fr_FR/man1/hostname.1.gz /usr/share/man/fr_FR/man1/nisdomainname.1.gz /usr/share/man/fr_FR/man1/ypdomainname.1.gz /usr/share/man/fr_FR/man5/ethers.5.gz /usr/share/man/fr_FR/man8/arp.8.gz /usr/share/man/fr_FR/man8/ifconfig.8.gz /usr/share/man/fr_FR/man8/netstat.8.gz /usr/share/man/fr_FR/man8/plipconfig.8.gz /usr/share/man/fr_FR/man8/rarp.8.gz /usr/share/man/fr_FR/man8/route.8.gz /usr/share/man/fr_FR/man8/slattach.8.gz /usr/share/man/man1/dnsdomainname.1.gz /usr/share/man/man1/domainname.1.gz /usr/share/man/man1/hostname.1.gz /usr/share/man/man1/nisdomainname.1.gz /usr/share/man/man1/ypdomainname.1.gz /usr/share/man/man5/ethers.5.gz /usr/share/man/man8/arp.8.gz /usr/share/man/man8/ifconfig.8.gz /usr/share/man/man8/mii-tool.8.gz /usr/share/man/man8/nameif.8.gz /usr/share/man/man8/netstat.8.gz /usr/share/man/man8/plipconfig.8.gz /usr/share/man/man8/route.8.gz /usr/share/man/man8/slattach.8.gz /usr/share/man/pt_BR/man1/dnsdomainname.1.gz /usr/share/man/pt_BR/man1/domainname.1.gz /usr/share/man/pt_BR/man1/hostname.1.gz /usr/share/man/pt_BR/man1/nisdomainname.1.gz /usr/share/man/pt_BR/man1/ypdomainname.1.gz /usr/share/man/pt_BR/man8/arp.8.gz /usr/share/man/pt_BR/man8/ifconfig.8.gz /usr/share/man/pt_BR/man8/netstat.8.gz /usr/share/man/pt_BR/man8/rarp.8.gz /usr/share/man/pt_BR/man8/route.8.gz % man arp | col -b > arp.txt % cat arp.txt ARP(8) Linux Programmer's Manual ARP(8)
NAME arp - manipulate the system ARP cache
SYNOPSIS arp [-evn] [-H type] [-i if] -a [hostname]
arp [-v] [-i if] -d hostname [pub]
arp [-v] [-H type] [-i if] -s hostname hw_addr [temp]
arp [-v] [-H type] [-i if] -s hostname hw_addr [netmask nm] pub
arp [-v] [-H type] [-i if] -Ds hostname ifa [netmask nm] pub
arp [-vnD] [-H type] [-i if] -f [filename]
DESCRIPTION Arp manipulates the kernel's ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up one. For debugging purposes, the arp program also allows a complete dump of the ARP cache.
OPTIONS -v, --verbose Tell the user what is going on by being verbose.
-n, --numeric shows numerical addresses instead of trying to determine symbolic host, port or user names.
-H type, --hw-type type, -t type When setting or reading the ARP cache, this optional parameter tells arp which class of entries it should check for. The default value of this parameter is ether (i.e. hardware code 0x01 for IEEE 802.3 10Mbps Ethernet). Other values might include network technologies such as ARCnet (arc- net) , PROnet (pronet) , AX.25 (ax25) and NET/ROM (netrom).
-a [hostname], --display [hostname] Shows the entries of the specified hosts. If the hostname parameter is not used, all entries will be displayed. The entries will be displayed in alter- nate (BSD) style.
-d hostname, --delete hostname Remove any entry for the specified host. This can be used if the indicated host is brought down, for example.
-D, --use-device Use the interface ifa's hardware address.
-e Shows the entries in default (Linux) style.
-i If, --device If Select an interface. When dumping the ARP cache only entries matching the specified interface will be printed. When setting a permanent or temp ARP entry this interface will be associated with the entry; if this option is not used, the kernel will guess based on the routing table. For pub entries the specified interface is the interface on which ARP requests will be answered. NOTE: This has to be different from the interface to which the IP datagrams will be routed.
-s hostname hw_addr, --set hostname Manually create an ARP address mapping entry for host hostname with hardware address set to hw_addr class, but for most classes one can assume that the usual presentation can be used. For the Ethernet class, this is 6 bytes in hexadecimal, separated by colons. When adding proxy arp entries (that is those with the publish flag set a netmask may be specified to proxy arp for entire subnets. This is not good practice, but is supported by older ker- nels because it can be useful. If the temp flag is not supplied entries will be permanent stored into the ARP cache. NOTE: As of kernel 2.2.0 it is no longer possible to set an ARP entry for an entire subnet. Linux instead does automagic proxy arp when a route exists and it is forwarding. See arp(7) for details.
-f filename, --file filename Similar to the -s option, only this time the address info is taken from file filename set up. The name of the data file is very often /etc/ethers, but this is not official. If no file- name is specified /etc/ethers is used as default.
The format of the file is simple; it only contains ASCII text lines with a hostname, and a hardware address separated by whitespace. Additionally the pub, temp and netmask flags can be used.
In all places where a hostname is expected, one can also enter an IP address in dotted-decimal notation.
As a special case for compatibility the order of the host- name and the hardware address can be exchanged.
Each complete entry in the ARP cache will be marked with the C flag. Permanent entries are marked with M and pub- lished entries have the P flag.
FILES /proc/net/arp, /etc/networks /etc/hosts /etc/ethers
SEE ALSO rarp(8), route(8), ifconfig(8), netstat(8)
AUTHORS Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org> with a lot of improvements from net-tools Maintainer Bernd Ecken- fels <net-tools@lina.inka.de>.
net-tools 5 Jan 1999 ARP(8) % more addarp arp -v -H ether -i eth0 -Ds $1 eth0 pub % more delarp arp -v -i eth0 -d $1 pub % % arp -v -H ether -i eth0 -Ds 166.111.XXX.YYY eth0 pub % arp -Ds 166.111.XXX.YYY eth0 pub % arp -n Address HWtype HWaddress Flags Mask Iface 166.111.XXX.GGG ether 52:38:52:38:52:38 C eth0 166.111.XXX.YYY * * MP eth0
|
|