ARP欺骗查找主机方法(非常实用)
2008-12-04 23:10
309 查看
1、 telnet登录到核心交换机LS7506E会看到如下的提示信息:
在交换机上输入<LS7506E>terminal monitor
%Feb 4 13:23:51:663 2008 LS7506E ARP/3/DUPIFIP:Slot=2;Duplicate address 10.200.16.65 on interface Vlan-interface100, sourced by 0020-edac-9cad //提示信息显示核心交换机网关地址与MAC地址不匹配。
核心交换机上的提示中兰色的MAC地址0020-edac-9cad表明与网关的MAC地址冲突,IP地址“10.200.16.65”是MAC地址所对应的网关IP地址。
下面是根据MAC地址表查找具体ARP欺骗的计算机的步骤。
1、 根据所对应的网关IP地址按照下表中的IP地址表和家属楼的对应关系,首先判断是10号楼内的计算机用户。
楼号 VLAN ID IP网段 网关地址
1号楼 VLAN 91 10.200.14.0-10.200.14.63 10.200.14.1
2号楼 VLAN 92 10.200.14.64-10.200.14.127 10.200.14.65
3号楼 VLAN 93 10.200.14.128-10.200.14.191 10.200.14.129
4号楼 VLAN 94 10.200.14.192-10.200.14.255 10.200.14.193
5号楼 VLAN 95 10.200.15.0-10.200.15.63 10.200.15.1
6号楼 VLAN 96 10.200.15.64-10.200.15.127 10.200.15.65
7号楼 VLAN 97 10.200.15.128-10.200.15.191 10.200.15.129
8号楼 VLAN 98 10.200.15.192-10.200.15.255 10.200.15.193
9号楼 VLAN 99 10.200.16.0-10.200.16.63 10.200.16.1
10号楼 VLAN 100 10.200.16.64-10.200.16.127 10.200.16.65
11号楼 VLAN 101 10.200.16.128-10.200.16.191 10.200.16.129
12号楼 VLAN 102 10.200.16.192-10.200.16.255 10.200.16.193
2、 利用telnet命令登陆10号楼的交换机。
Username:admin
Password:
<10haolou1danyuan>
%Apr 7 23:31:15:458 2000 10haolou1danyuan SHELL/5/LOGIN:- 1 - admin(10.200.100.2) in unit1 login
<10haolou1danyuan>dis mac
<10haolou1danyuan>dis mac-ad
<10haolou1danyuan>dis mac-address
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000a-e638-e815 100 Learned Ethernet1/0/23 AGING
000f-e273-1ec9 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-1ecb 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-1ee9 800 Learned GigabitEthernet1/1/1 AGING
000f-e27b-b671 100 Learned GigabitEthernet1/1/1 AGING
0014-22cd-e354 800 Learned GigabitEthernet1/1/1 AGING
0020-edac-9cad 100 Learned Ethernet1/0/23 AGING
000f-e273-20a8 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-20a6 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-20bf 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-20ba 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-20b3 800 Learned GigabitEthernet1/1/1 AGING
000f-e27b-b671 800 Learned GigabitEthernet1/1/1 AGING
000f-e269-2356 800 Learned GigabitEthernet1/1/1 AGING
0016-9611-743c 100 Learned Ethernet1/0/7 AGING
000f-e273-547c 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-54ae 800 Learned Ethernet1/0/23 AGING
000f-e273-54a4 800 Learned GigabitEthernet1/1/1 AGING
--- 18 mac address(es) found ---
根据以上的MAC地址对应表的接口“Ethernet1/0/23”判断是一个级联口,继续登陆所级联的下一台交换机。
<10haolou1danyuan>telnet 10.200.100.21
Trying 10.200.100.21 ...
Press CTRL+K to abort
Connected to 10.200.100.21 ...
********************************************************************************
* Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
********************************************************************************
Login authentication
Username:admin
Password:
<10haolou2danyuan>
<10haolou2danyuan>dis mac-address //用该命令查看mac-address地址表
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000a-e638-e815 100 Learned Ethernet1/0/4 AGING
000f-e273-1ee9 800 Learned Ethernet1/0/15 AGING
000f-e27b-b671 100 Learned Ethernet1/0/15 AGING
0014-22cd-e354 800 Learned Ethernet1/0/15 AGING
0020-edac-9cad 100 Learned Ethernet1/0/8 AGING//发现是该接口下的计算机
000f-e273-20a8 800 Learned Ethernet1/0/15 AGING
000f-e273-20a6 800 Learned Ethernet1/0/15 AGING
000f-e273-20bf 800 Learned Ethernet1/0/15 AGING
000f-e273-20ba 800 Learned Ethernet1/0/15 AGING
000f-e273-20b4 800 Learned Ethernet1/0/15 AGING
000f-e27b-b671 800 Learned Ethernet1/0/15 AGING
000f-e269-2356 800 Learned Ethernet1/0/15 AGING
0016-9611-743c 100 Learned Ethernet1/0/15 AGING
000f-e273-547c 800 Learned Ethernet1/0/15 AGING
000f-e273-549e 800 Learned Ethernet1/0/15 AGING
000f-e273-54a4 800 Learned Ethernet1/0/15 AGING
--- 16 mac address(es) found ---
<10haolou2danyuan>sys
System View: return to User View with Ctrl+Z.
[10haolou2danyuan]int e 1/0/8 //进入该端口
[10haolou2danyuan-Ethernet1/0/8]shut //用shutdown命令关掉该计算机的连接
[10haolou2danyuan-Ethernet1/0/8]
#Apr 14 21:18:01:584 2000 10haolou2danyuan L2INF/2/PORT LINK STATUS CHANGE:- 1 -
Trap 1.3.6.1.6.3.1.1.5.3: portIndex is 4227682, ifAdminStatus is 2, ifOperStatus is 2
%Apr 14 21:18:01:586 2000 10haolou2danyuan L2INF/5/PORT LINK STATUS CHANGE:- 1 -
Ethernet1/0/8: is DOWN
qu
[10haolou2danyuan]qu
<10haolou2danyuan>qu
The connection was closed by the remote host!
<10haolou1danyuan>
对该端口所对应的用户计算机进行检查或杀毒,用户计算机处理之后进入所对应的交换机端口用“undo shutdown”命令重新打开即可。
http://bbs.nwadmin.cn/viewthread.php?tid=111&extra=page%3D1
在交换机上输入<LS7506E>terminal monitor
%Feb 4 13:23:51:663 2008 LS7506E ARP/3/DUPIFIP:Slot=2;Duplicate address 10.200.16.65 on interface Vlan-interface100, sourced by 0020-edac-9cad //提示信息显示核心交换机网关地址与MAC地址不匹配。
核心交换机上的提示中兰色的MAC地址0020-edac-9cad表明与网关的MAC地址冲突,IP地址“10.200.16.65”是MAC地址所对应的网关IP地址。
下面是根据MAC地址表查找具体ARP欺骗的计算机的步骤。
1、 根据所对应的网关IP地址按照下表中的IP地址表和家属楼的对应关系,首先判断是10号楼内的计算机用户。
楼号 VLAN ID IP网段 网关地址
1号楼 VLAN 91 10.200.14.0-10.200.14.63 10.200.14.1
2号楼 VLAN 92 10.200.14.64-10.200.14.127 10.200.14.65
3号楼 VLAN 93 10.200.14.128-10.200.14.191 10.200.14.129
4号楼 VLAN 94 10.200.14.192-10.200.14.255 10.200.14.193
5号楼 VLAN 95 10.200.15.0-10.200.15.63 10.200.15.1
6号楼 VLAN 96 10.200.15.64-10.200.15.127 10.200.15.65
7号楼 VLAN 97 10.200.15.128-10.200.15.191 10.200.15.129
8号楼 VLAN 98 10.200.15.192-10.200.15.255 10.200.15.193
9号楼 VLAN 99 10.200.16.0-10.200.16.63 10.200.16.1
10号楼 VLAN 100 10.200.16.64-10.200.16.127 10.200.16.65
11号楼 VLAN 101 10.200.16.128-10.200.16.191 10.200.16.129
12号楼 VLAN 102 10.200.16.192-10.200.16.255 10.200.16.193
2、 利用telnet命令登陆10号楼的交换机。
Username:admin
Password:
<10haolou1danyuan>
%Apr 7 23:31:15:458 2000 10haolou1danyuan SHELL/5/LOGIN:- 1 - admin(10.200.100.2) in unit1 login
<10haolou1danyuan>dis mac
<10haolou1danyuan>dis mac-ad
<10haolou1danyuan>dis mac-address
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000a-e638-e815 100 Learned Ethernet1/0/23 AGING
000f-e273-1ec9 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-1ecb 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-1ee9 800 Learned GigabitEthernet1/1/1 AGING
000f-e27b-b671 100 Learned GigabitEthernet1/1/1 AGING
0014-22cd-e354 800 Learned GigabitEthernet1/1/1 AGING
0020-edac-9cad 100 Learned Ethernet1/0/23 AGING
000f-e273-20a8 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-20a6 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-20bf 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-20ba 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-20b3 800 Learned GigabitEthernet1/1/1 AGING
000f-e27b-b671 800 Learned GigabitEthernet1/1/1 AGING
000f-e269-2356 800 Learned GigabitEthernet1/1/1 AGING
0016-9611-743c 100 Learned Ethernet1/0/7 AGING
000f-e273-547c 800 Learned GigabitEthernet1/1/1 AGING
000f-e273-54ae 800 Learned Ethernet1/0/23 AGING
000f-e273-54a4 800 Learned GigabitEthernet1/1/1 AGING
--- 18 mac address(es) found ---
根据以上的MAC地址对应表的接口“Ethernet1/0/23”判断是一个级联口,继续登陆所级联的下一台交换机。
<10haolou1danyuan>telnet 10.200.100.21
Trying 10.200.100.21 ...
Press CTRL+K to abort
Connected to 10.200.100.21 ...
********************************************************************************
* Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
********************************************************************************
Login authentication
Username:admin
Password:
<10haolou2danyuan>
<10haolou2danyuan>dis mac-address //用该命令查看mac-address地址表
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000a-e638-e815 100 Learned Ethernet1/0/4 AGING
000f-e273-1ee9 800 Learned Ethernet1/0/15 AGING
000f-e27b-b671 100 Learned Ethernet1/0/15 AGING
0014-22cd-e354 800 Learned Ethernet1/0/15 AGING
0020-edac-9cad 100 Learned Ethernet1/0/8 AGING//发现是该接口下的计算机
000f-e273-20a8 800 Learned Ethernet1/0/15 AGING
000f-e273-20a6 800 Learned Ethernet1/0/15 AGING
000f-e273-20bf 800 Learned Ethernet1/0/15 AGING
000f-e273-20ba 800 Learned Ethernet1/0/15 AGING
000f-e273-20b4 800 Learned Ethernet1/0/15 AGING
000f-e27b-b671 800 Learned Ethernet1/0/15 AGING
000f-e269-2356 800 Learned Ethernet1/0/15 AGING
0016-9611-743c 100 Learned Ethernet1/0/15 AGING
000f-e273-547c 800 Learned Ethernet1/0/15 AGING
000f-e273-549e 800 Learned Ethernet1/0/15 AGING
000f-e273-54a4 800 Learned Ethernet1/0/15 AGING
--- 16 mac address(es) found ---
<10haolou2danyuan>sys
System View: return to User View with Ctrl+Z.
[10haolou2danyuan]int e 1/0/8 //进入该端口
[10haolou2danyuan-Ethernet1/0/8]shut //用shutdown命令关掉该计算机的连接
[10haolou2danyuan-Ethernet1/0/8]
#Apr 14 21:18:01:584 2000 10haolou2danyuan L2INF/2/PORT LINK STATUS CHANGE:- 1 -
Trap 1.3.6.1.6.3.1.1.5.3: portIndex is 4227682, ifAdminStatus is 2, ifOperStatus is 2
%Apr 14 21:18:01:586 2000 10haolou2danyuan L2INF/5/PORT LINK STATUS CHANGE:- 1 -
Ethernet1/0/8: is DOWN
qu
[10haolou2danyuan]qu
<10haolou2danyuan>qu
The connection was closed by the remote host!
<10haolou1danyuan>
对该端口所对应的用户计算机进行检查或杀毒,用户计算机处理之后进入所对应的交换机端口用“undo shutdown”命令重新打开即可。
http://bbs.nwadmin.cn/viewthread.php?tid=111&extra=page%3D1
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 非常实用的织梦dede所有标签调用方法大全
- 【非常实用】EXTJS TREE 上下级级联选择扩展方法
- jquery中操作数组非常实用的方法
- javascript数组的方法总结,非常实用的!
- Chrome有个HTTP请求报文生成插件叫postman,这插件在http服务接口调试时非常实用(Mac OS安装方法)
- oracle恢复误删除数据,解除锁定等非常经典实用方法
- 非常实用的C# backgroundworker使用方法
- ListView异步加载图片是非常实用的方法,凡是是要通过网络获取图片资源一般使用这种方法比较好,用户体验好,下面就说实现方法,先贴上主方法的代码:
- 非常实用的织梦dede所有标签调用方法大全
- 非常实用的口才训练方法
- 实用技巧:在Li 4000 nux系统中查找文件的方法
- PHP技巧分享:7个非常适合初学者使用的实用PHP方法
- Android开发中非常实用的方法,API等
- Gridview 使用方法大全----非常实用方法
- 巩固java(六)----java中可变参数方法(非常实用哦)
- 7个非常实用PHP方法
- 非常实用的C# backgroundworker使用方法
- 非常实用的织梦dede所有标签调用方法大全 .
- 一个简单不过却很非常实用的PHP加密字符串方法
- Android 建立大量的test project 的管理方法,非常实用