Mar*_*arc 8 networking linux arp nmap
我知道我可以在 Linux 上使用 NMAP 或 arp-scan 之类的工具来识别本地网络上所有设备的 IP 和 MAC 地址。我也知道 arp-scan 会进行 MAC 地址查找以获取设备制造商。但是这些命令(或任何其他命令)上是否有任何选项集可以告诉我设备在给定 IP 上的实际设备名称?例如,如果“Joe's iPad”在 192.168.1.113 上,我需要一个命令来获取该名称。
一些主机可以简单地配置为不共享该信息。它应该像这样工作:
user@host:~$ nmap 192.168.1.113
Starting Nmap 7.00 ( https://nmap.org ) at 2015-12-11 08:45 AWST
Nmap scan report for Joes iPad (192.168.1.113)
Host is up (0.0038s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
62078/tcp open iphone-sync
Nmap done: 1 IP address (1 host up) scanned in 41.88 seconds
您可以使用以下选项强制 Nmap 尝试对所有目标进行反向 DNS 解析:
-R (DNS resolution for all targets).
Tells Nmap to always do reverse DNS resolution on the target
IP addresses. Normally reverse DNS is only performed against
responsive (online) hosts.
这在某些情况下可能会有所帮助。输出看起来或多或少相同:
user@host:~$ nmap -R 192.168.1.113
Starting Nmap 7.00 ( https://nmap.org ) at 2015-12-11 08:46 AWST
Nmap scan report for joes-ipad.local (192.168.1.113)
Host is up (0.0047s latency).
rDNS record for 192.168.1.113: joes-ipad.local
Not shown: 999 closed ports
PORT STATE SERVICE
62078/tcp open iphone-sync
Nmap done: 1 IP address (1 host up) scanned in 42.61 seconds
无论哪种方式; 您始终可以通过外部工具解析输出,例如grep. 如果您一次扫描多个地址,甚至整个网络范围,这将特别有用:
user@host:~$ nmap 192.168.1.0/24 | grep '(192.168.1.113)'
Nmap scan report for Joes iPad (192.168.1.113)
All 1000 scanned ports on Joes iPad (192.168.1.113) are closed
user@host:~$ nmap -R 192.168.1.0/24 | grep '(192.168.1.113)'
Nmap scan report for Joes iPad (192.168.1.113)
All 1000 scanned ports on Joes iPad (192.168.1.133) are closed
您(可能)实际上想要做的是:
*输出会因操作系统和软件版本而异。
user@gnu:~$ arp 192.168.1.113
Address HWtype HWaddress Flags Mask Iface
Joes iPad ether a1:b2:c3:d4:e5:f6 C wlan0
user@bsd:~$ arp 192.168.1.113
Joes iPad (192.168.1.113) at a1:b2:c3:d4:e5:f6 on en0 ifscope [ethernet]
查看nmblookup和/或smbutil lookup命令。
| 归档时间: |
|
| 查看次数: |
79135 次 |
| 最近记录: |