版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2004/07/03/000279.html
一个帐号-500被封了 两个-250的没封
通过-500的做ARP欺骗给-250的到宿舍
外面可以正常连接 而接应的早已被出口网关挡了
那么就写写ARP欺骗
平时说的混杂模式(promiscuous mode)
就是抓包常用到的
所谓混杂就是局域网上可以听到的有关的无关的都收入怀中
而不是只选择和自己有关的接受而丢弃其他
IP隧道和ARP欺骗结合起来
就可以用任何地方的IP了
比如我在28#楼我可以用35#的IP
我在教育网我可以有公众网的IP
正如开头所说
欺骗的机器IP出不去了都无所谓
只要出口网关还转发要欺骗的IP的数据包
就可以畅通无阻
% which arp
/sbin/arp
% rpm -qf /sbin/arp
net-tools-1.60-4
% rpm -qil net-tools
Name : net-tools Relocations: (not relocateable)
Version : 1.60 Vendor: Red Hat, Inc.
Release : 4 Build Date: Fri 12 Apr 2002 12:26:22 PM CST
Install date: Sun 18 Aug 2002 07:06:06 AM CST Build Host: daffy.perf.redhat.com
Group : System Environment/Base Source RPM: net-tools-1.60-4.src.rpm
Size : 696658 License: GPL
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary : Basic networking tools.
Description :
The net-tools package contains basic networking tools, including
ifconfig, netstat, route, and others.
/bin/dnsdomainname
/bin/domainname
/bin/hostname
/bin/netstat
/bin/nisdomainname
/bin/ypdomainname
/sbin/arp
/sbin/ether-wake
/sbin/ifconfig
/sbin/ipmaddr
/sbin/iptunnel
/sbin/mii-tool
/sbin/nameif
/sbin/plipconfig
/sbin/route
/sbin/slattach
/usr/share/locale/cs/LC_MESSAGES/net-tools.mo
/usr/share/locale/de/LC_MESSAGES/net-tools.mo
/usr/share/locale/et_EE/LC_MESSAGES/net-tools.mo
/usr/share/locale/fr/LC_MESSAGES/net-tools.mo
/usr/share/locale/pt_BR/LC_MESSAGES/net-tools.mo
/usr/share/man/de_DE/man1/dnsdomainname.1.gz
/usr/share/man/de_DE/man1/domainname.1.gz
/usr/share/man/de_DE/man1/hostname.1.gz
/usr/share/man/de_DE/man1/nisdomainname.1.gz
/usr/share/man/de_DE/man1/ypdomainname.1.gz
/usr/share/man/de_DE/man5/ethers.5.gz
/usr/share/man/de_DE/man8/arp.8.gz
/usr/share/man/de_DE/man8/ifconfig.8.gz
/usr/share/man/de_DE/man8/netstat.8.gz
/usr/share/man/de_DE/man8/plipconfig.8.gz
/usr/share/man/de_DE/man8/rarp.8.gz
/usr/share/man/de_DE/man8/route.8.gz
/usr/share/man/de_DE/man8/slattach.8.gz
/usr/share/man/fr_FR/man1/dnsdomainname.1.gz
/usr/share/man/fr_FR/man1/domainname.1.gz
/usr/share/man/fr_FR/man1/hostname.1.gz
/usr/share/man/fr_FR/man1/nisdomainname.1.gz
/usr/share/man/fr_FR/man1/ypdomainname.1.gz
/usr/share/man/fr_FR/man5/ethers.5.gz
/usr/share/man/fr_FR/man8/arp.8.gz
/usr/share/man/fr_FR/man8/ifconfig.8.gz
/usr/share/man/fr_FR/man8/netstat.8.gz
/usr/share/man/fr_FR/man8/plipconfig.8.gz
/usr/share/man/fr_FR/man8/rarp.8.gz
/usr/share/man/fr_FR/man8/route.8.gz
/usr/share/man/fr_FR/man8/slattach.8.gz
/usr/share/man/man1/dnsdomainname.1.gz
/usr/share/man/man1/domainname.1.gz
/usr/share/man/man1/hostname.1.gz
/usr/share/man/man1/nisdomainname.1.gz
/usr/share/man/man1/ypdomainname.1.gz
/usr/share/man/man5/ethers.5.gz
/usr/share/man/man8/arp.8.gz
/usr/share/man/man8/ifconfig.8.gz
/usr/share/man/man8/mii-tool.8.gz
/usr/share/man/man8/nameif.8.gz
/usr/share/man/man8/netstat.8.gz
/usr/share/man/man8/plipconfig.8.gz
/usr/share/man/man8/route.8.gz
/usr/share/man/man8/slattach.8.gz
/usr/share/man/pt_BR/man1/dnsdomainname.1.gz
/usr/share/man/pt_BR/man1/domainname.1.gz
/usr/share/man/pt_BR/man1/hostname.1.gz
/usr/share/man/pt_BR/man1/nisdomainname.1.gz
/usr/share/man/pt_BR/man1/ypdomainname.1.gz
/usr/share/man/pt_BR/man8/arp.8.gz
/usr/share/man/pt_BR/man8/ifconfig.8.gz
/usr/share/man/pt_BR/man8/netstat.8.gz
/usr/share/man/pt_BR/man8/rarp.8.gz
/usr/share/man/pt_BR/man8/route.8.gz
% man arp | col -b > arp.txt
% cat arp.txt
ARP(8) Linux Programmer's Manual ARP(8)
NAME
arp - manipulate the system ARP cache
SYNOPSIS
arp [-evn] [-H type] [-i if] -a [hostname]
arp [-v] [-i if] -d hostname [pub]
arp [-v] [-H type] [-i if] -s hostname hw_addr [temp]
arp [-v] [-H type] [-i if] -s hostname hw_addr [netmask
nm] pub
arp [-v] [-H type] [-i if] -Ds hostname ifa [netmask nm]
pub
arp [-vnD] [-H type] [-i if] -f [filename]
DESCRIPTION
Arp manipulates the kernel's ARP cache in various ways.
The primary options are clearing an address mapping entry
and manually setting up one. For debugging purposes, the
arp program also allows a complete dump of the ARP cache.
OPTIONS
-v, --verbose
Tell the user what is going on by being verbose.
-n, --numeric
shows numerical addresses instead of trying to
determine symbolic host, port or user names.
-H type, --hw-type type, -t type
When setting or reading the ARP cache, this
optional parameter tells arp which class of entries
it should check for. The default value of this
parameter is ether (i.e. hardware code 0x01 for
IEEE 802.3 10Mbps Ethernet). Other values might
include network technologies such as ARCnet (arc-
net) , PROnet (pronet) , AX.25 (ax25) and NET/ROM
(netrom).
-a [hostname], --display [hostname]
Shows the entries of the specified hosts. If the
hostname parameter is not used, all entries will be
displayed. The entries will be displayed in alter-
nate (BSD) style.
-d hostname, --delete hostname
Remove any entry for the specified host. This can
be used if the indicated host is brought down, for
example.
-D, --use-device
Use the interface ifa's hardware address.
-e Shows the entries in default (Linux) style.
-i If, --device If
Select an interface. When dumping the ARP cache
only entries matching the specified interface will
be printed. When setting a permanent or temp ARP
entry this interface will be associated with the
entry; if this option is not used, the kernel will
guess based on the routing table. For pub entries
the specified interface is the interface on which
ARP requests will be answered.
NOTE: This has to be different from the interface
to which the IP datagrams will be routed.
-s hostname hw_addr, --set hostname
Manually create an ARP address mapping entry for
host hostname with hardware address set to hw_addr
class, but for most classes one can assume that the
usual presentation can be used. For the Ethernet
class, this is 6 bytes in hexadecimal, separated by
colons. When adding proxy arp entries (that is
those with the publish flag set a netmask may be
specified to proxy arp for entire subnets. This is
not good practice, but is supported by older ker-
nels because it can be useful. If the temp flag is
not supplied entries will be permanent stored into
the ARP cache.
NOTE: As of kernel 2.2.0 it is no longer possible
to set an ARP entry for an entire subnet. Linux
instead does automagic proxy arp when a route
exists and it is forwarding. See arp(7) for
details.
-f filename, --file filename
Similar to the -s option, only this time the
address info is taken from file filename set up.
The name of the data file is very often
/etc/ethers, but this is not official. If no file-
name is specified /etc/ethers is used as default.
The format of the file is simple; it only contains
ASCII text lines with a hostname, and a hardware
address separated by whitespace. Additionally the
pub, temp and netmask flags can be used.
In all places where a hostname is expected, one can also
enter an IP address in dotted-decimal notation.
As a special case for compatibility the order of the host-
name and the hardware address can be exchanged.
Each complete entry in the ARP cache will be marked with
the C flag. Permanent entries are marked with M and pub-
lished entries have the P flag.
FILES
/proc/net/arp,
/etc/networks
/etc/hosts
/etc/ethers
SEE ALSO
rarp(8), route(8), ifconfig(8), netstat(8)
AUTHORS
Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org> with a
lot of improvements from net-tools Maintainer Bernd Ecken-
fels <net-tools@lina.inka.de>.
net-tools 5 Jan 1999 ARP(8)
% more addarp
arp -v -H ether -i eth0 -Ds $1 eth0 pub
% more delarp
arp -v -i eth0 -d $1 pub
%
% arp -v -H ether -i eth0 -Ds 166.111.XXX.YYY eth0 pub
% arp -Ds 166.111.XXX.YYY eth0 pub
% arp -n
Address HWtype HWaddress Flags Mask Iface
166.111.XXX.GGG ether 52:38:52:38:52:38 C eth0
166.111.XXX.YYY * * MP eth0
|
|
