之前都是在windows上使用的 科来网络分析系统
Linux倒是没怎么使用过
一、arp 命令可以查看系统的arp表
具体使用可以man arp查看帮助
1.1、懒得话就敲个arp -a
-a以BSD方式输出,会显示一大堆,没有固定列
[qqq@client ~]$ arp -a
? (10.0.3.153) at 00:0c:29:e5:dd:80 [ether] on ens33
? (10.0.3.253) at 84:d9:31:0b:2a:91 [ether] on ens33
? (10.0.3.80) at 00:0c:29:f8:60:c9 [ether] on ens33
? (10.0.3.8) at 88:d7:f6:c6:c0:a2 [ether] on ens33
? (10.0.3.201) at 52:54:00:ee:f1:61 [ether] on ens33
? (10.0.3.76) at 00:0c:29:48:f0:a3 [ether] on ens33
? (10.0.3.223) at 86:be:03:1a:fa:ba [ether] on ens33
? (10.0.3.45) at 90:2b:34:34:9d:5f [ether] on ens33
? (10.0.3.65) at 00:0c:29:c0:5b:59 [ether] on ens33
? (10.0.3.14) at 88:d7:f6:c5:f7:22 [ether] on ens33
? (10.0.3.198) at 00:0c:29:2a:08:3b [ether] on ens33
gateway (10.0.3.1) at 5c:c9:99:1e:7f:b8 [ether] on ens33
1.2、arp -nv会好点,n是numberic,v是verbose
[qqq@client ~]$ arp -nv
Address HWtype HWaddress Flags Mask Iface
10.0.3.153 ether 00:0c:29:e5:dd:80 C ens33
10.0.3.253 ether 84:d9:31:0b:2a:91 C ens33
10.0.3.80 ether 00:0c:29:f8:60:c9 C ens33
10.0.3.8 ether 88:d7:f6:c6:c0:a2 C ens33
10.0.3.201 ether 52:54:00:ee:f1:61 C ens33
10.0.3.76 ether 00:0c:29:48:f0:a3 C ens33
10.0.3.223 ether 86:be:03:1a:fa:ba C ens33
10.0.3.45 ether 90:2b:34:34:9d:5f C ens33
10.0.3.65 ether 00:0c:29:c0:5b:59 C ens33
10.0.3.14 ether 88:d7:f6:c5:f7:22 C ens33
10.0.3.198 ether 00:0c:29:2a:08:3b C ens33
10.0.3.1 ether 5c:c9:99:1e:7f:b8 C ens33
Entries: 12 Skipped: 0 Found: 12
二、显然这些是不够的,我需要一款扫描工具来扫,像科来网络工具里面那个MAC扫描一样
这个可以直接apt安装
root@qqq:~/arp-scan# apt install arp-scan -y
2.1、克隆代码安装
root@qqq:~# git clone https://github.com/royhills/arp-scan.git
三、使用
我当前网段只有256个ip,直接扫
arp-scan -l
root@qqq:~/arp-scan# arp-scan -l
Interface: ens3, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9.5 with 256 hosts (https://github.com/royhills/arp-scan)
10.0.3.1 5c:c9:99:1e:7f:b8 (Unknown)
10.0.3.3 00:17:61:10:35:da Private
10.0.3.4 60:45:cb:60:36:c4 ASUSTek COMPUTER INC.
10.0.3.8 88:d7:f6:c6:c0:a2 ASUSTek COMPUTER INC.
10.0.3.9 88:d7:f6:c5:f7:62 ASUSTek COMPUTER INC.
10.0.3.10 fc:aa:14:11:27:3f GIGA-BYTE TECHNOLOGY CO.,LTD.
10.0.3.11 00:e0:4c:6c:1c:be REALTEK SEMICONDUCTOR CORP.
10.0.3.12 70:3d:15:7f:e5:40 Hangzhou H3C Technologies Co., Limited
10.0.3.13 74:d4:35:d8:8a:94 GIGA-BYTE TECHNOLOGY CO.,LTD.
10.0.3.14 88:d7:f6:c5:f7:22 ASUSTek COMPUTER INC.
10.0.3.16 60:45:cb:83:0e:2c ASUSTek COMPUTER INC.
10.0.3.22 00:0c:29:73:fe:74 VMware, Inc.
10.0.3.23 88:d7:f6:c5:ee:b5 ASUSTek COMPUTER INC.
10.0.3.21 00:0c:29:3e:13:c5 VMware, Inc.
10.0.3.20 00:0c:29:1a:5f:f7 VMware, Inc.
10.0.3.25 b8:27:eb:5f:dc:00 Raspberry Pi Foundation
10.0.3.19 00:0c:29:db:c9:5f VMware, Inc.
10.0.3.27 e0:3f:49:a5:29:a1 ASUSTek COMPUTER INC.
10.0.3.28 58:ef:68:e6:62:6f Belkin International Inc.
10.0.3.45 90:2b:34:34:9d:5f GIGA-BYTE TECHNOLOGY CO.,LTD.
10.0.3.58 52:54:00:19:c9:36 QEMU
10.0.3.60 2c:4d:54:59:ad:ca ASUSTek COMPUTER INC.
10.0.3.63 d0:94:66:4b:16:7e Dell Inc.
10.0.3.64 00:0c:29:4f:81:47 VMware, Inc.
10.0.3.65 00:0c:29:c0:5b:59 VMware, Inc.
10.0.3.76 00:0c:29:48:f0:a3 VMware, Inc.
10.0.3.80 00:0c:29:f8:60:c9 VMware, Inc.
10.0.3.90 00:0c:29:ee:f4:54 VMware, Inc.
10.0.3.94 30:85:a9:7c:fb:24 ASUSTek COMPUTER INC.
10.0.3.102 00:1b:21:b1:c4:91 Intel Corporate
10.0.3.121 08:00:27:df:9b:f9 PCS Systemtechnik GmbH
10.0.3.123 00:26:73:36:84:19 RICOH COMPANY,LTD.
10.0.3.152 10:7b:44:4a:ba:3c ASUSTek COMPUTER INC.
10.0.3.153 00:0c:29:e5:dd:80 VMware, Inc.
10.0.3.198 00:0c:29:2a:08:3b VMware, Inc.
10.0.3.200 ca:13:a0:85:a3:91 (Unknown: locally administered)
10.0.3.201 52:54:00:ee:f1:61 QEMU
10.0.3.202 52:54:00:62:d9:5a QEMU
10.0.3.203 52:54:00:06:38:20 QEMU
10.0.3.205 52:54:00:3e:38:b7 QEMU
10.0.3.210 52:54:00:25:0a:dc QEMU
10.0.3.211 52:54:00:c7:b7:8b QEMU
10.0.3.212 52:54:00:e3:99:fe QEMU
10.0.3.220 52:54:00:3c:a0:9d QEMU
10.0.3.223 86:be:03:1a:fa:ba (Unknown: locally administered)
10.0.3.253 84:d9:31:0b:2a:91 Hangzhou H3C Technologies Co., Limited
49 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.5: 256 hosts scanned in 2.069 seconds (123.73 hosts/sec). 46 responded
指定一个小网段去扫
更多参数–help吧
root@qqq:~/arp-scan# arp-scan 10.0.3.1/28
Interface: ens3, datalink type: EN10MB (Ethernet)
WARNING: host part of 10.0.3.1/28 is non-zero
Starting arp-scan 1.9.5 with 16 hosts (https://github.com/royhills/arp-scan)
10.0.3.1 5c:c9:99:1e:7f:b8 (Unknown)
10.0.3.3 00:17:61:10:35:da Private
10.0.3.4 60:45:cb:60:36:c4 ASUSTek COMPUTER INC.
10.0.3.8 88:d7:f6:c6:c0:a2 ASUSTek COMPUTER INC.
10.0.3.9 88:d7:f6:c5:f7:62 ASUSTek COMPUTER INC.
10.0.3.10 fc:aa:14:11:27:3f GIGA-BYTE TECHNOLOGY CO.,LTD.
10.0.3.11 00:e0:4c:6c:1c:be REALTEK SEMICONDUCTOR CORP.
10.0.3.12 70:3d:15:7f:e5:40 Hangzhou H3C Technologies Co., Limited
10.0.3.13 74:d4:35:d8:8a:94 GIGA-BYTE TECHNOLOGY CO.,LTD.
10.0.3.14 88:d7:f6:c5:f7:22 ASUSTek COMPUTER INC.
12 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.5: 16 hosts scanned in 1.378 seconds (11.61 hosts/sec). 10 responded