【安全牛学习笔记】主动信息收集-发现（三） / 憋错料

╋━━━━━━━━━━━━━╋

┃发现-----三层发现 ┃

┃优点 ┃

┃ 可路由 ┃

┃ 速度比较快 ┃

┃缺点 ┃

┃ 速度比二层慢 ┃

┃ 经常被边界防火墙过滤 ┃

┃IP、icmp协议 ┃

╋━━━━━━━━━━━━━╋

╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋

┃发现-----三层发现 ┃

┃Ping 1.1.1.1 -c 2 ┃

┃Ping -R 1.1.1.1 / traceroute 1.1.1.1 ┃

┃Ping 1.1.1.1 -c 1 | grep "bytes from" | cut -d " " -f 4 | cut -d ":" -f 1 ┃

┃脚本 ┃

┃ Ping.sh 1.1.1.0 ┃

╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋

[email protected]:~# ping 192.168.1.1 -c 5

[email protected]:~# traceroute www.sina.com

[email protected]:~# ping -R www.sina.com

[email protected]:~# ping -h

Usage: ping [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface]

[-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos]

[-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option]

[-w deadline] [-W timeout] [hop1 ...] destination

▉→●→●→●→●→▉ 从我的机器跳过四个路由器

[email protected]:~# man ping

PING(8) System Manager‘s Manual: iputils PING(8)

NAME

ping, ping6 - send ICMP ECHO_REQUEST to network hosts

SYNOPSIS

ping [-aAbBdDfhLnOqrRUvV] [-c count] [-F flowlabel] [-i interval] [-I

interface] [-l preload] [-m mark] [-M pmtudisc_option] [-N node‐

info_option] [-w deadline] [-W timeout] [-p pattern] [-Q tos] [-s pack‐

etsize] [-S sndbuf] [-t ttl] [-T timestamp option] [hop ...] destina‐

tion

DESCRIPTION

ping uses the ICMP protocol‘s mandatory ECHO_REQUEST datagram to elicit

an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams

(``pings‘‘) have an IP and ICMP header, followed by a struct timeval

and then an arbitrary number of ``pad‘‘ bytes used to fill out the

packet.

ping6 is IPv6 version of ping, and can also send Node Information

Queries (RFC4620). Intermediate hops may not be allowed, because IPv6

source routing was deprecated (RFC5095).

OPTIONS

-a Audible ping.

-A Adaptive ping. Interpacket interval adapts to round-trip time,

so that effectively not more than one (or more, if preload is

set) unanswered probe is present in the network. Minimal inter‐

val is 200msec for not super-user. On networks with low rtt

this mode is essentially equivalent to flood mode.

-b Allow pinging a broadcast address.

-B Do not allow ping to change source address of probes. The

address is bound to one selected when ping starts.

-c count

Stop after sending count ECHO_REQUEST packets. With deadline

option, ping waits for count ECHO_REPLY packets, until the time‐

out expires.

-d Set the SO_DEBUG option on the socket being used. Essentially,

this socket option is not used by Linux kernel.

-D Print timestamp (unix time + microseconds as in gettimeofday)

before each line.

-f Flood ping. For every ECHO_REQUEST sent a period ``.‘‘ is

printed, while for ever ECHO_REPLY received a backspace is

printed. This provides a rapid display of how many packets are

being dropped. If interval is not given, it sets interval to

zero and outputs packets as fast as they come back or one hun‐

dred times per second, whichever is more. Only the super-user

may use this option with zero interval.

-F flow label

ping6 only. Allocate and set 20 bit flow label (in hex) on echo

request packets. If value is zero, kernel allocates random flow

label.

-h Show help.

-i interval

Wait interval seconds between sending each packet. The default

is to wait for one second between each packet normally, or not

to wait in flood mode. Only super-user may set interval to val‐

ues less 0.2 seconds.

-I interface

interface is either an address, or an interface name. If inter‐

face is an address, it sets source address to specified inter‐

face address. If interface in an interface name, it sets source

interface to specified interface. For ping6, when doing ping to

a link-local scope address, link specification (by the ‘%‘-nota‐

tion in destination, or by this option) is required.

-l preload

If preload is specified, ping sends that many packets not wait‐

ing for reply. Only the super-user may select preload more than

-L Suppress loopback of multicast packets. This flag only applies

if the ping destination is a multicast address.

-m mark

use mark to tag the packets going out. This is useful for vari‐

ety of reasons within the kernel such as using policy routing to

select specific outbound processing.

-M pmtudisc_opt

Select Path MTU Discovery strategy. pmtudisc_option may be

either do (prohibit fragmentation, even local one), want (do

PMTU discovery, fragment locally when packet size is large), or

dont (do not set DF flag).

-N nodeinfo_option

ping6 only. Send ICMPv6 Node Information Queries (RFC4620),

instead of Echo Request.

help Show help for NI support.

name Queries for Node Names.

ipv6 Queries for IPv6 Addresses. There are several IPv6 spe‐

cific flags.

ipv6-global

Request IPv6 global-scope addresses.

ipv6-sitelocal

Request IPv6 site-local addresses.

ipv6-linklocal

Request IPv6 link-local addresses.

ipv6-all

Request IPv6 addresses on other interfaces.

ipv4 Queries for IPv4 Addresses. There is one IPv4 specific

flag.

ipv4-all

Request IPv4 addresses on other interfaces.

subject-ipv6=ipv6addr

IPv6 subject address.

subject-ipv4=ipv4addr

IPv4 subject address.

subject-name=nodename

Subject name. If it contains more than one dot, fully-

qualified domain name is assumed.

subject-fqdn=nodename

Subject name. Fully-qualified domain name is always

assumed.

-n Numeric output only. No attempt will be made to lookup symbolic

names for host addresses.

-O Report outstanding ICMP ECHO reply before sending next packet.

This is useful together with the timestamp -D to log output to a

diagnostic file and search for missing answers.

-p pattern

You may specify up to 16 ``pad‘‘ bytes to fill out the packet

you send. This is useful for diagnosing data-dependent problems

in a network. For example, -p ff will cause the sent packet to

be filled with all ones.

-q Quiet output. Nothing is displayed except the summary lines at

startup time and when finished.

-Q tos Set Quality of Service -related bits in ICMP datagrams. tos can

be decimal (ping only) or hex number.

In RFC2474, these fields are interpreted as 8-bit Differentiated

Services (DS), consisting of: bits 0-1 (2 lowest bits) of sepa‐

rate data, and bits 2-7 (highest 6 bits) of Differentiated Ser‐

vices Codepoint (DSCP). In RFC2481 and RFC3168, bits 0-1 are

used for ECN.

Historically (RFC1349, obsoleted by RFC2474), these were inter‐

preted as: bit 0 (lowest bit) for reserved (currently being

redefined as congestion control), 1-4 for Type of Service and

bits 5-7 (highest bits) for Precedence.

-r Bypass the normal routing tables and send directly to a host on

an attached interface. If the host is not on a directly-

attached network, an error is returned. This option can be used

to ping a local host through an interface that has no route

through it provided the option -I is also used.

-R ping only. Record route. Includes the RECORD_ROUTE option in

the ECHO_REQUEST packet and displays the route buffer on

returned packets. Note that the IP header is only large enough

for nine such routes. Many hosts ignore or discard this option.

-s packetsize

Specifies the number of data bytes to be sent. The default is

56, which translates into 64 ICMP data bytes when combined with

the 8 bytes of ICMP header data.

-S sndbuf

Set socket sndbuf. If not specified, it is selected to buffer

not more than one packet.

-t ttl ping only. Set the IP Time to Live.

-T timestamp option

Set special IP timestamp options. timestamp option may be

either tsonly (only timestamps), tsandaddr (timestamps and

addresses) or tsprespec host1 [host2 [host3 [host4]]] (timestamp

prespecified hops).

-U Print full user-to-user latency (the old behaviour). Normally

ping prints network round trip time, which can be different f.e.

due to DNS failures.

-v Verbose output.

-V Show version and exit.

-w deadline

Specify a timeout, in seconds, before ping exits regardless of

how many packets have been sent or received. In this case ping

does not stop after count packet are sent, it waits either for

deadline expire or until count probes are answered or for some

error notification from network.

-W timeout

Time to wait for a response, in seconds. The option affects only

timeout in absence of any responses, otherwise ping waits for

two RTTs.

When using ping for fault isolation, it should first be run on the

local host, to verify that the local network interface is up and run‐

ning. Then, hosts and gateways further and further away should be

``pinged‘‘. Round-trip times and packet loss statistics are computed.

If duplicate packets are received, they are not included in the packet

loss calculation, although the round trip time of these packets is used

in calculating the minimum/average/maximum round-trip time numbers.

When the specified number of packets have been sent (and received) or

if the program is terminated with a SIGINT, a brief summary is dis‐

played. Shorter current statistics can be obtained without termination

of process with signal SIGQUIT.

If ping does not receive any reply packets at all it will exit with

code 1. If a packet count and deadline are both specified, and fewer

than count packets are received by the time the deadline has arrived,

it will also exit with code 1. On other error it exits with code 2.

Otherwise it exits with code 0. This makes it possible to use the exit

code to see if a host is alive or not.

This program is intended for use in network testing, measurement and

management. Because of the load it can impose on the network, it is

unwise to use ping during normal operations or from automated scripts.

ICMP PACKET DETAILS

An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet

contains an additional 8 bytes worth of ICMP header followed by an

arbitrary amount of data. When a packetsize is given, this indicated

the size of this extra piece of data (the default is 56). Thus the

amount of data received inside of an IP packet of type ICMP ECHO_REPLY

will always be 8 bytes more than the requested data space (the ICMP

header).

If the data space is at least of size of struct timeval ping uses the

beginning bytes of this space to include a timestamp which it uses in

the computation of round trip times. If the data space is shorter, no

round trip times are given.

DUPLICATE AND DAMAGED PACKETS

ping will report duplicate and damaged packets. Duplicate packets

should never occur, and seem to be caused by inappropriate link-level

retransmissions. Duplicates may occur in many situations and are

rarely (if ever) a good sign, although the presence of low levels of

duplicates may not always be cause for alarm.

Damaged packets are obviously serious cause for alarm and often indi‐

cate broken hardware somewhere in the ping packet‘s path (in the net‐

work or in the hosts).

TRYING DIFFERENT DATA PATTERNS

The (inter)network layer should never treat packets differently depend‐

ing on the data contained in the data portion. Unfortunately, data-

dependent problems have been known to sneak into networks and remain

undetected for long periods of time. In many cases the particular pat‐

tern that will have problems is something that doesn‘t have sufficient

``transitions‘‘, such as all ones or all zeros, or a pattern right at

the edge, such as almost all zeros. It isn‘t necessarily enough to

specify a data pattern of all zeros (for example) on the command line

because the pattern that is of interest is at the data link level, and

the relationship between what you type and what the controllers trans‐

mit can be complicated.

This means that if you have a data-dependent problem you will probably

have to do a lot of testing to find it. If you are lucky, you may man‐

age to find a file that either can‘t be sent across your network or

that takes much longer to transfer than other similar length files.

You can then examine this file for repeated patterns that you can test

using the -p option of ping.

TTL DETAILS

The TTL value of an IP packet represents the maximum number of IP

routers that the packet can go through before being thrown away. In

current practice you can expect each router in the Internet to decre‐

ment the TTL field by exactly one.

The TCP/IP specification states that the TTL field for TCP packets

should be set to 60, but many systems use smaller values (4.3 BSD uses

30, 4.2 used 15).

The maximum possible value of this field is 255, and most Unix systems

set the TTL field of ICMP ECHO_REQUEST packets to 255. This is why you

will find you can ``ping‘‘ some hosts, but not reach them with tel‐

net(1) or ftp(1).

In normal operation ping prints the TTL value from the packet it

receives. When a remote system receives a ping packet, it can do one

of three things with the TTL field in its response:

· Not change it; this is what Berkeley Unix systems did before the

4.3BSD Tahoe release. In this case the TTL value in the received

packet will be 255 minus the number of routers in the round-trip

path.

· Set it to 255; this is what current Berkeley Unix systems do. In

this case the TTL value in the received packet will be 255 minus the

number of routers in the path from the remote system to the pinging

host.

· Set it to some other value. Some machines use the same value for ICMP

packets that they use for TCP packets, for example either 30 or 60.

Others may use completely wild values.

BUGS

· Many Hosts and Gateways ignore the RECORD_ROUTE option.

· The maximum IP header length is too small for options like

RECORD_ROUTE to be completely useful. There‘s not much that that can

be done about this, however.

· Flood pinging is not recommended in general, and flood pinging the

broadcast address should only be done under very controlled condi‐

tions.

SEE ALSO

netstat(1), ifconfig(8).

HISTORY

The ping command appeared in 4.3BSD.

The version described here is its descendant specific to Linux.

SECURITY

ping requires CAP_NET_RAW capability to be executed. It may be used as

set-uid root.

AVAILABILITY

ping is part of iputils package and the latest versions are available

in source form at http://www.skbuff.net/iputils/iputils-cur‐

rent.tar.bz2.

[email protected]:~# ping 1.1.1.1 -c 1 | grep "bytes from" | cut -d " " -f 4 | cut -d ":" -f 1

[email protected]:~# ping 192.168.1 -c 1 | grep "bytes from" | cut -d " " -f 4 | cut -d ":" -f 1

192.168.1.1

[email protected]:~# ifconfig sinterface | grep "inet addr" | cut -d ‘:‘ -f 2 | cut -d ":" -f 1| cut -d ‘.‘ -f 1-3

[email protected]:~# ifconfig eth0 | grep grep "inet addr" | cut -d ‘:‘ -f 2 | cut -d ":" -f 1| cut -d ‘.‘ -f 1-31

╭────────────────────────────────────────────╮

[pinger1.py]

#!/bin/bash

if{"#$" -ne 1};then

echo "Usage - ./pinger.sh {/24 network address}"

echo "Example - ./pinger.sh 172.16.36.0"

echo "Example will perform an ICMP ping sweep of the 172.16.36.0/24 network"

exit

prefix=$(echo $1 | cut -d ‘.‘ -f 1-3)

for addr in$(seq 1 254);do

ping -c 1 Sprefix.Saddr | grep "bytes from" | cut -d ‘ ‘ -f 4 | cut -d ‘.‘ -f 1 &

done

╰────────────────────────────────────────────╯

[email protected]:~# chmod u+x pinger

[email protected]:~# chmod u+x pinger.sh

[email protected]:~# ./pinger.sh

[email protected]:~# ./pinger.sh 211.144.145.0

╋━━━━━━━━━━━━━━━━━━━━━━╋

┃发现-----三层发现 ┃

┃Scapy ┃

┃ OSI多层堆叠手工声称ICMP包-----IP/ICMP ┃

┃ ip=IP() ┃

┃ ip.ds="1.1.1.1" ┃

┃ ping=ICMP() ┃

┃ a=sr1(ip/ping) ┃

┃ a.display() ┃

┃Ping不存在的地址 ┃

┃ a=sr1(ip/ping.timeout=1) ┃

┃ ┃

┃ a=sr1(IP(dst="1.1.1.1")/ICMP(),timeout=1) ┃

╋━━━━━━━━━━━━━━━━━━━━━━╋

[email protected]:~# scapy

WARNING: No route found for IPv6 destination :: (no default route?)

Welcome to Scapy (2.2.0)

>>> i=IP()

>>> p=ICMP()

>>> ping=(i/p)

>>> ping.display()

###[ IP ]###

version= 4

ihl= None

tos= 0x0

len= None

id= 1

flags=

frag= 0

ttl= 64

proto= icmp

chksum= None

src= 127.0.0.1

dst= 127.0.0.1

\options\

###[ ICMP ]###

type= echo-request

code= 0

chksum= None

id= 0x0

seq= 0x0

>>> ping[IP].dst="192.168.1.1"

>>> ping.display()

###[ IP ]###

version= 4

ihl= None

tos= 0x0

len= None

id= 1

flags=

frag= 0

ttl= 64

proto= icmp

chksum= None

src= 192.168.77.129

dst= 192.168.1.1

\options\

###[ ICMP ]###

type= echo-request

code= 0

chksum= None

id= 0x0

seq= 0x0

>>> a=sr1(ping)

Begin emission:

.Finished to send 1 packets.

Received 2 packets, got 1 answers, remaining 0 packets

>>> a.display()

###[ IP ]###

version= 4L

ihl= 5L

tos= 0x0

len= 28

id= 63695

flags=

frag= 0L

ttl= 128

proto= icmp

chksum= 0x723e

src= 192.168.1.1

dst= 192.168.77.129

\options\

###[ ICMP ]###

type= echo-reply

code= 0

chksum= 0xffff

id= 0x0

seq= 0x0

###[ Padding ]###

load= ‘\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00‘

>>> sr1(IP(dst="192.168.1.1")/ICMP())

Begin emission:

.Finished to send 1 packets.

Received 2 packets, got 1 answers, remaining 0 packets

>>> sr1(IP(dst="192.168.1.11")/ICMP())

Begin emission:

Finished to send 1 packets.

Received 1 packets, got 1 answers, remaining 0 packets

>>> sr1(IP(dst="192.168.1.11")/ICMP(),timeout=1)

Begin emission:

.Finished to send 1 packets.

Received 1 packets, got 0 answers, remaining 1 packets

╭────────────────────────────────────────────╮

[pinger1.py]

#!/bin/bash

import logging

import subprocess

logging.getLogger("scapy.runtime").setLevel(logging.ERROR)

from scapy.all import *

if len(sys.argv)1=2;

echo "Usage - ./pinger.sh {/24 network address}"

echo "Example - ./pinger.sh 172.16.36.0"

echo "Example will perform an ICMP ping sweep of the 172.16.36.0/24 network"

sys.exit()

address=str(sys.argv[1])

prefix=address.split(‘.‘)[0]+‘.‘+address.split(‘.‘)[1]+‘.‘+address.split(‘.‘)[2]+‘.‘

for addr in range(1,254);

a=sr1(IP(dst=prefix+str(addr)/ICMP().timeout=0.1,verbose=0)

if a==None;

pass

else:

print prefix+str(addr)

╰────────────────────────────────────────────╯

[email protected]:~# chmod u+x pinger1.sh

[email protected]:~# ./pinger1.sh

[email protected]:~# ./pinger1.sh 211.144.145.0

╭────────────────────────────────────────────╮

[pinger1.py]

#!/bin/bash

import logging

import subprocess

logging.getLogger("scapy.runtime").setLevel(logging.ERROR)

from scapy.all import *

if len(sys.argv)1=2;

echo "Usage - ./pinger.sh {/24 network address}"

echo "Example - ./pinger.sh 172.16.36.0"

echo "Example will perform an ICMP ping sweep of the 172.16.36.0/24 network"

sys.exit()

filename=str(sys.argv[1])

file=open(filename,‘|‘)

for addr in file;

a=sr1(IP(dst=prefix+str(addr)/ICMP().timeout=0.1,verbose=0)

if a==None;

pass

else:

print addr.srtip()

╰────────────────────────────────────────────╯

[email protected]:~# ./pinger2.sh addr

[email protected]:~# nmap 192.168.1.1 -sn

╋━━━━━━━━━━━━━╋

┃发现-----三层发现 ┃

┃fping 1.1.1.1 -c 1 ┃

┃fping -g 1.1.1.1 1.1.2 ┃

┃fping -g 1.1.1.0/24 ┃

┃fping -f iplist.txt ┃

╋━━━━━━━━━━━━━╋

fping的命令和参数详解

Usage: fping [options] [targets...]

用法：fping [选项] [ping的目标]

-a show targets that are alive

显示可ping通的目标

-A show targets by address

将目标以ip地址的形式显示

-b n amount of ping data to send, in bytes (default 56)

ping 数据包的大小。（默认为56）

-B f set exponential backoff factor to f

设置指数反馈因子到f 【这个不懂，求指教~】

-c n count of pings to send to each target (default 1)

ping每个目标的次数 (默认为1)

-C n same as -c, report results in verbose format

同-c, 返回的结果为冗长格式

-e show elapsed time on return packets

显示返回数据包所费时间

-f file read list of targets from a file ( - means stdin) (only if no -g specified)

从文件获取目标列表( - 表示从标准输入)(不能与 -g 同时使用)

-g generate target list (only if no -f specified)

生成目标列表(不能与 -f 同时使用)

(specify the start and end IP in the target list, or supply a IP netmask)

(ex. fping -g 192.168.1.0 192.168.1.255 or fping -g 192.168.1.0/24)

(可指定目标的开始和结束IP，或者提供ip的子网掩码)

(例：fping -g 192.168.1.0 192.168.1.255 或 fping -g 192.168.1.0/24)

-H n Set the IP TTL value (Time To Live hops)

设置ip的TTL值 (生存时间)

-i n interval between sending ping packets (in millisec) (default 25)

ping包之间的间隔(单位：毫秒)(默认25)

-l loop sending pings forever

循环发送ping

-m ping multiple interfaces on target host

ping目标主机的多个网口

-n show targets by name (-d is equivalent)

将目标以主机名或域名显示(等价于 -d )

-p n interval between ping packets to one target (in millisec)

对同一个目标的ping包间隔(毫秒)

(in looping and counting modes, default 1000)

(在循环和统计模式中，默认为1000)

-q quiet (don‘t show per-target/per-ping results)

安静模式(不显示每个目标或每个ping的结果)

-Q n same as -q, but show summary every n seconds

同-q, 但是每n秒显示信息概要

-r n number of retries (default 3)

当ping失败时，最大重试次数(默认为3次)

-s print final stats

打印最后的统计数据

-I if bind to a particular interface

绑定到特定的网卡

-S addr set source address

设置源ip地址

-t n individual target initial timeout (in millisec) (default 500)

单个目标的超时时间(毫秒)(默认500)

-T n ignored (for compatibility with fping 2.4)

请忽略(为兼容fping 2.4)

-u show targets that are unreachable

显示不可到达的目标

-O n set the type of service (tos) flag on the ICMP packets

在icmp包中设置tos（服务类型）

-v show version

显示版本号

targets list of targets to check (if no -f specified)

需要ping的目标列表(不能和 -f 同时使用)

-h show this page

显示本帮助页

[email protected]:~# fping 192.168.1.1 -c 1

[email protected]:~# fping 192.168.1.1 -c 10

[email protected]:~# fping 192.168.1.100 192.168.1.200 -c 1

[email protected]:~# fping 192.168.1.100 192.168.1.200 -c 1 | egrep -v 100%

[email protected]:~# fping 192.168.1.100 192.168.1.200 -c 1 | grep min/avg/max

[email protected]:~# fping 192.168.1.100 192.168.1.200 -c 1 >> result.txt

[email protected]:~# cat result.txt | grep min/avg/max

[email protected]:~# cat result.txt

[email protected]:~# fping 192.168.1.0/24

╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋

┃发现-----三层发现 ┃

┃Hping ┃

┃ 能够发送几乎任意TCP/IP包 ┃

┃ 功能请发但每次只能扫描一个目标 ┃

┃hping3 1.1.1.1 --icmp -c 2 ┃

┃for addr in $(seq 1 254);do hping3 1.1.1.$addr --icmp -c 1 >>handle.txt & done ┃

╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋

[email protected]:~# hping3 192.168.1.1 --icmp -c 2

HPING 192.168.1.1 (eth0 192.168.1.1): icmp mode set, 28 headers + 0 data bytes

len=46 ip=192.168.1.1 ttl=128 id=63816 icmp_seq=0 rtt=8.4 ms

len=46 ip=192.168.1.1 ttl=128 id=63817 icmp_seq=1 rtt=3.2 ms

--- 192.168.1.1 hping statistic ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 3.2/5.8/8.4 ms

[email protected]:~# for addr in $(seq 1 254);do hping3 192.168.1.$addr --icmp -c 1 >>handle.txt & done

1] 8236

[2] 8237

[3] 8238

[4] 8239

[5] 8240

[6] 8241

[7] 8242

[8] 8243

[9] 8244

[10] 8245

[11] 8246

[12] 8247

......

[email protected]:~# cat handle.txt

HPING 1.1.1.4 (eth0 1.1.1.4): icmp mode set, 28 headers + 0 data bytes

HPING 1.1.1.6 (eth0 1.1.1.6): icmp mode set, 28 headers + 0 data bytes

HPING 1.1.1.3 (eth0 1.1.1.3): icmp mode set, 28 headers + 0 data bytes

HPING 1.1.1.9 (eth0 1.1.1.9): icmp mode set, 28 headers + 0 data bytes

HPING 1.1.1.11 (eth0 1.1.1.11): icmp mode set, 28 headers + 0 data bytes

HPING 1.1.1.8 (eth0 1.1.1.8): icmp mode set, 28 headers + 0 data bytes

HPING 1.1.1.5 (eth0 1.1.1.5): icmp mode set, 28 headers + 0 data bytes

HPING 1.1.1.7 (eth0 1.1.1.7): icmp mode set, 28 headers + 0 data bytes

HPING 1.1.1.12 (eth0 1.1.1.12): icmp mode set, 28 headers + 0 data bytes

HPING 1.1.1.2 (eth0 1.1.1.2): icmp mode set, 28 headers + 0 data bytes

......

[email protected]:~# cat handle.txt | grep ^len //以这个行的启始位置

[email protected]:~# cat handle.txt | grep ^len

len=46 ip=192.168.1.1 ttl=128 id=63818 icmp_seq=0 rtt=45.0 ms

len=46 ip=192.168.1.101 ttl=128 id=63819 icmp_seq=0 rtt=38.2 ms

该笔记为安全牛课堂学员笔记，想看此课程或者信息安全类干货可以移步到安全牛课堂

Security+认证为什么是互联网+时代最火爆的认证？

牛妹先给大家介绍一下Security+

Security+ 认证是一种中立第三方认证，其发证机构为美国计算机行业协会CompTIA ；是和CISSP、ITIL 等共同包含在内的国际 IT 业 10 大热门认证之一，和CISSP偏重信息安全管理相比，Security+ 认证更偏重信息安全技术和操作。

通过该认证证明了您具备网络安全，合规性和操作安全，威胁和漏洞，应用程序、数据和主机安全，访问控制和身份管理以及加密技术等方面的能力。因其考试难度不易，含金量较高，目前已被全球企业和安全专业人士所普遍采纳。

Security+认证如此火爆的原因？

原因一：在所有信息安全认证当中，偏重信息安全技术的认证是空白的， Security+认证正好可以弥补信息安全技术领域的空白。

目前行业内受认可的信息安全认证主要有CISP和CISSP，但是无论CISP还是CISSP都是偏重信息安全管理的，技术知识讲的宽泛且浅显，考试都是一带而过。而且CISSP要求持证人员的信息安全工作经验都要5年以上，CISP也要求大专学历4年以上工作经验，这些要求无疑把有能力且上进的年轻人的持证之路堵住。在现实社会中，无论是找工作还是升职加薪，或是投标时候报人员，认证都是必不可少的，这给年轻人带来了很多不公平。而Security+的出现可以扫清这些年轻人职业发展中的障碍，由于Security+偏重信息安全技术，所以对工作经验没有特别的要求。只要你有IT相关背景，追求进步就可以学习和考试。

原因二： IT运维人员工作与翻身的利器。

在银行、证券、保险、信息通讯等行业，IT运维人员非常多，IT运维涉及的工作面也非常广。是一个集网络、系统、安全、应用架构、存储为一体的综合性技术岗。虽然没有程序猿们“生当做光棍，死亦写代码”的悲壮，但也有着“锄禾日当午，不如运维苦“的感慨。天天对着电脑和机器，时间长了难免有对于职业发展的迷茫和困惑。Security+国际认证的出现可以让有追求的IT运维人员学习网络安全知识，掌握网络安全实践。职业发展朝着网络安全的方向发展，解决国内信息安全人才的匮乏问题。另外，即使不转型，要做好运维工作，学习安全知识取得安全认证也是必不可少的。

原因三：接地气、国际范儿、考试方便、费用适中！

CompTIA作为全球ICT领域最具影响力的全球领先机构,在信息安全人才认证方面是专业、公平、公正的。Security+认证偏重操作且和一线工程师的日常工作息息相关。适合银行、证券、保险、互联网公司等IT相关人员学习。作为国际认证在全球147个国家受到广泛的认可。

在目前的信息安全大潮之下，人才是信息安全发展的关键。而目前国内的信息安全人才是非常匮乏的，相信Security+认证一定会成为最火爆的信息安全认证。

近期，安全牛课堂在做此类线上培训，感兴趣可以了解

时间： 2024-10-22 11:14:09

【安全牛学习笔记】主动信息收集-发现（三）

【安全牛学习笔记】主动信息收集-发现（三）的相关文章

【安全牛学习笔记】主动信息收集 - 发现

Kali 渗透测试- 全主动信息收集-发现

小白日记7：kali渗透测试之主动信息收集-发现（一）--二层发现：arping/shell脚本，Netdiscover，scapy

【安全牛学习笔记】主动信息收集-发现（二）

主动信息收集-发现（四）

【安全牛学习笔记】Kali Linux渗透测试方法

信息收集之主动信息收集（一）

信息收集之主动信息收集（二）

主动信息收集(一)