如何在 Windows 上使用 Zenmap 扫描 vpn 上的主机?

如何在 Windows 上使用 Zenmap 扫描 vpn 上的主机?

我已成功从 Windows 笔记本电脑连接到 VPN,我想查看名为“Boston”的工作组中有哪些主机正在运行。目前,该工作组的 DNS 未配置为列出大多数计算机名称,因此我只是尝试 IP 地址。当我输入时,ipconfig我看到以下内容(以及其他几个界面):

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix  . : Boston.local
Link-local IPv6 Address . . . . . : fe80::2c21:fcc4:3359:e748%55
IPv4 Address. . . . . . . . . . . : 10.1.1.132
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

我大胆猜测,“以太网 2” 指的是接口 eth2,因此我在 Zenmap 中尝试了以下操作

nmap -sn -T4 -e eth2 10.1.1.0/24

但我得到的只是如下的内容:

Starting Nmap 7.12 ( https://nmap.org ) at 2018-09-20 15:12 Mountain Daylight Time
setup_target: failed to determine route to 10.1.1.0
setup_target: failed to determine route to 10.1.1.1
setup_target: failed to determine route to 10.1.1.2
setup_target: failed to determine route to 10.1.1.3

适用于所有地址,包括我自己的地址。当我尝试 10.0.1.0/24 和 10.1.0.0/24 时,尽管这三个子网都在我的路由中,但我也得到了相同的结果

route PRINT
===========================================================================
Interface List
 55...00 60 73 3b 9d 0b ......SonicWALL Virtual NIC
 12...28 f1 0e 09 37 a6 ......Killer e2400 Gigabit Ethernet Controller
 11...e6 b3 18 67 40 17 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  8...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 16...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
 17...e4 b3 18 67 40 17 ......Intel(R) Dual Band Wireless-AC 8260
  6...e4 b3 18 67 40 1b ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.240     35
         10.0.1.0    255.255.255.0         On-link        10.1.1.132      2
         10.0.1.6  255.255.255.255         On-link        10.1.1.132      2
       10.0.1.255  255.255.255.255         On-link        10.1.1.132    257
         10.1.0.0    255.255.255.0         On-link        10.1.1.132      2
       10.1.0.255  255.255.255.255         On-link        10.1.1.132    257
         10.1.1.0    255.255.255.0         On-link        10.1.1.132    257
       10.1.1.132  255.255.255.255         On-link        10.1.1.132    257
       10.1.1.255  255.255.255.255         On-link        10.1.1.132    257
         10.5.0.0    255.255.255.0         On-link        10.1.1.132      2
       10.5.0.255  255.255.255.255         On-link        10.1.1.132    257
         10.8.0.0    255.255.255.0         On-link        10.1.1.132      2
       10.8.0.255  255.255.255.255         On-link        10.1.1.132    257
         10.8.1.0    255.255.255.0         On-link        10.1.1.132      2
       10.8.1.255  255.255.255.255         On-link        10.1.1.132    257
     70.91.168.73  255.255.255.255      192.168.1.1    192.168.1.240     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
       172.16.0.0    255.255.255.0         On-link        10.1.1.132      2
     172.16.0.255  255.255.255.255         On-link        10.1.1.132    257
       172.16.1.0    255.255.255.0         On-link        10.1.1.132      2
     172.16.1.255  255.255.255.255         On-link        10.1.1.132    257
      172.16.31.0    255.255.255.0         On-link        10.1.1.132      2
    172.16.31.255  255.255.255.255         On-link        10.1.1.132    257
      192.168.1.0    255.255.255.0         On-link     192.168.1.240    291
    192.168.1.240  255.255.255.255         On-link     192.168.1.240    291
    192.168.1.255  255.255.255.255         On-link     192.168.1.240    291
     192.168.47.0    255.255.255.0         On-link      192.168.47.1    291
     192.168.47.1  255.255.255.255         On-link      192.168.47.1    291
   192.168.47.255  255.255.255.255         On-link      192.168.47.1    291
     192.168.80.0    255.255.255.0         On-link      192.168.80.1    291
     192.168.80.1  255.255.255.255         On-link      192.168.80.1    291
   192.168.80.255  255.255.255.255         On-link      192.168.80.1    291
    192.168.100.0    255.255.255.0         On-link        10.1.1.132      2
  192.168.100.255  255.255.255.255         On-link        10.1.1.132    257
    192.168.101.0    255.255.255.0         On-link        10.1.1.132      2
  192.168.101.255  255.255.255.255         On-link        10.1.1.132    257
    192.168.150.0    255.255.255.0         On-link        10.1.1.132      2
  192.168.150.255  255.255.255.255         On-link        10.1.1.132    257
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.47.1    291
        224.0.0.0        240.0.0.0         On-link      192.168.80.1    291
        224.0.0.0        240.0.0.0         On-link     192.168.1.240    291
        224.0.0.0        240.0.0.0         On-link        10.1.1.132    257
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.47.1    291
  255.255.255.255  255.255.255.255         On-link      192.168.80.1    291
  255.255.255.255  255.255.255.255         On-link     192.168.1.240    291
  255.255.255.255  255.255.255.255         On-link        10.1.1.132    257
===========================================================================
Persistent Routes:
  None

使用 eth1 可得到相同的结果,使用 eth0 可得到

Starting Nmap 7.12 ( https://nmap.org ) at 2018-09-20 16:27 Mountain Daylight Time
dnet: Failed to open device eth0
QUITTING!

更新 #1

我完全被迷惑了——我刚刚运行nmap --iflist并得到了以下输出,但它仍然抱怨 eth0(无论我是否用 -e 指定它)

Starting Nmap 7.12 ( https://nmap.org ) at 2018-09-21 13:21 Mountain Daylight Time
************************INTERFACES************************
DEV  (SHORT) IP/MASK                      TYPE     UP   MTU  MAC
eth0 (eth0)  fe80::2c21:fcc4:3359:e748/64 ethernet up   1418 00:60:73:3B:9D:0B
eth0 (eth0)  10.1.1.132/24                ethernet up   1418 00:60:73:3B:9D:0B
eth1 (eth1)  fe80::91aa:d87e:1a49:4d58/64 ethernet down 1500 28:F1:0E:09:37:A6
eth1 (eth1)  169.254.77.88/4              ethernet down 1500 28:F1:0E:09:37:A6
eth2 (eth2)  fe80::956:1f96:1f35:8785/64  ethernet down 1500 E6:B3:18:67:40:17
eth2 (eth2)  169.254.135.133/4            ethernet down 1500 E6:B3:18:67:40:17
eth3 (eth3)  fe80::350a:77b7:3bc8:3e99/64 ethernet up   1500 00:50:56:C0:00:01
eth3 (eth3)  192.168.47.1/24              ethernet up   1500 00:50:56:C0:00:01
eth4 (eth4)  fe80::1c8e:b518:9d75:dc50/64 ethernet up   1500 00:50:56:C0:00:08
eth4 (eth4)  192.168.80.1/24              ethernet up   1500 00:50:56:C0:00:08
eth5 (eth5)  fe80::11db:9e0a:4913:3823/64 ethernet up   1500 E4:B3:18:67:40:17
eth5 (eth5)  192.168.1.240/24             ethernet up   1500 E4:B3:18:67:40:17
eth6 (eth6)  fe80::1560:3bf9:44e8:c2d5/64 ethernet down 1500 E4:B3:18:67:40:1B
eth6 (eth6)  169.254.194.213/4            ethernet down 1500 E4:B3:18:67:40:1B
lo0  (lo0)   ::1/128                      loopback up   -1
lo0  (lo0)   127.0.0.1/8                  loopback up   -1

DEV  WINDEVICE
eth0 <none>
eth0 <none>
eth1 \Device\NPF_{8A8B5341-C773-4892-8D8F-C1DC84272FD6}
eth1 \Device\NPF_{8A8B5341-C773-4892-8D8F-C1DC84272FD6}
eth2 \Device\NPF_{8A1E85B7-D29F-4346-B4ED-E52F8558DFF3}
eth2 \Device\NPF_{8A1E85B7-D29F-4346-B4ED-E52F8558DFF3}
eth3 \Device\NPF_{6771C502-791A-42C4-8769-1835C8194B3E}
eth3 \Device\NPF_{6771C502-791A-42C4-8769-1835C8194B3E}
eth4 \Device\NPF_{B5851DDD-8079-43BB-A5EB-3249ABF478E7}
eth4 \Device\NPF_{B5851DDD-8079-43BB-A5EB-3249ABF478E7}
eth5 \Device\NPF_{BBD3B26B-B578-4E49-82C0-132666231D08}
eth5 \Device\NPF_{BBD3B26B-B578-4E49-82C0-132666231D08}
eth6 \Device\NPF_{5E60BD83-E486-4881-A7E1-79F498E06387}
eth6 \Device\NPF_{5E60BD83-E486-4881-A7E1-79F498E06387}
lo0  <none>
lo0  <none>

**************************ROUTES**************************
DST/MASK                      DEV  METRIC GATEWAY
10.0.1.6/32                   eth0 2
70.91.168.73/32               eth5 35     192.168.1.1
192.168.150.255/32            eth0 257
255.255.255.255/32            eth0 257
10.8.0.255/32                 eth0 257
10.1.0.255/32                 eth0 257
172.16.0.255/32               eth0 257
10.1.1.132/32                 eth0 257
10.1.1.255/32                 eth0 257
192.168.101.255/32            eth0 257
10.5.0.255/32                 eth0 257
10.8.1.255/32                 eth0 257
172.16.1.255/32               eth0 257
192.168.100.255/32            eth0 257
172.16.31.255/32              eth0 257
10.0.1.255/32                 eth0 257
255.255.255.255/32            eth1 261
255.255.255.255/32            eth2 281
255.255.255.255/32            eth3 291
192.168.47.255/32             eth3 291
255.255.255.255/32            eth5 291
192.168.80.1/32               eth4 291
255.255.255.255/32            eth4 291
192.168.80.255/32             eth4 291
192.168.47.1/32               eth3 291
192.168.1.255/32              eth5 291
192.168.1.240/32              eth5 291
255.255.255.255/32            eth6 321
255.255.255.255/32            lo0  331
127.255.255.255/32            lo0  331
127.0.0.1/32                  lo0  331
10.1.0.0/24                   eth0 2
10.0.1.0/24                   eth0 2
172.16.31.0/24                eth0 2
172.16.0.0/24                 eth0 2
10.8.1.0/24                   eth0 2
10.8.0.0/24                   eth0 2
10.5.0.0/24                   eth0 2
172.16.1.0/24                 eth0 2
192.168.101.0/24              eth0 2
192.168.100.0/24              eth0 2
192.168.150.0/24              eth0 2
10.1.1.0/24                   eth0 257
192.168.47.0/24               eth3 291
192.168.1.0/24                eth5 291
192.168.80.0/24               eth4 291
127.0.0.0/8                   lo0  331
224.0.0.0/4                   eth0 257
224.0.0.0/4                   eth1 261
224.0.0.0/4                   eth2 281
224.0.0.0/4                   eth5 291
224.0.0.0/4                   eth3 291
224.0.0.0/4                   eth4 291
224.0.0.0/4                   eth6 321
224.0.0.0/4                   lo0  331
0.0.0.0/0                     eth5 35     192.168.1.1
fe80::91aa:d87e:1a49:4d58/128 eth1 261
fe80::956:1f96:1f35:8785/128  eth2 281
fe80::1c8e:b518:9d75:dc50/128 eth4 291
fe80::350a:77b7:3bc8:3e99/128 eth3 291
fe80::2c21:fcc4:3359:e748/128 eth0 291
fe80::11db:9e0a:4913:3823/128 eth5 291
fe80::1560:3bf9:44e8:c2d5/128 eth6 321
::1/128                       lo0  331
fe80::/64                     eth1 261
fe80::/64                     eth2 281
fe80::/64                     eth0 291
fe80::/64                     eth5 291
fe80::/64                     eth4 291
fe80::/64                     eth3 291
fe80::/64                     eth6 321
ff00::/8                      eth1 261
ff00::/8                      eth2 281
ff00::/8                      eth0 291
ff00::/8                      eth5 291
ff00::/8                      eth4 291
ff00::/8                      eth3 291
ff00::/8                      eth6 321
ff00::/8                      lo0  331

更新 #2

仔细阅读后这次讨论关于界面命名混乱的问题,我已下载并运行最新的 zenmap 安装程序 7.70 版。现在的输出nmap -sn -T4 10.0.1.0/24产生以下内容

Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-21 14:44 Mountain Daylight Time
Nmap scan report for 10.0.1.0
Host is up (0.00s latency).
MAC Address: 00:60:73:3B:9D:0C (Redcreek Communications)
Nmap scan report for 10.0.1.1
Host is up (0.00s latency).
MAC Address: 00:60:73:3B:9D:0C (Redcreek Communications)
Nmap scan report for 10.0.1.2
Host is up (0.00s latency).
MAC Address: 00:60:73:3B:9D:0C (Redcreek Communications)
...[snip]...
Nmap scan report for 10.0.1.254
Host is up (0.00s latency).
MAC Address: 00:60:73:3B:9D:0C (Redcreek Communications)
Nmap scan report for 10.0.1.255
Host is up (0.00s latency).
MAC Address: 00:60:73:3B:9D:0C (Redcreek Communications)
Nmap done: 256 IP addresses (256 hosts up) scanned in 17.56 seconds

所以我又近了一步,但我知道子网中没有 256 个主机,并且注意到 MAC 地址始终相同(并且恰好是输出中列出的 MAC 地址)ipconfig /all

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : Boston.local
   Description . . . . . . . . . . . : SonicWALL Virtual NIC
   Physical Address. . . . . . . . . : 00-60-73-3B-9D-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2c21:fcc4:3359:e748%55(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.1.1.132(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, September 20, 2018 2:17:55 PM
   Lease Expires . . . . . . . . . . : Saturday, September 22, 2018 12:48:30 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.1.1.1
   DHCPv6 IAID . . . . . . . . . . . : 922771571
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-EE-C8-89-28-F1-0E-09-37-A6
   DNS Servers . . . . . . . . . . . : 10.0.1.6
                                       204.130.255.3
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled

答案1

在 Windows 上,Nmap 必须发送原始以太网帧才能执行其特殊功能,如“隐形”SYN 扫描、OS 指纹识别和跟踪路由。这意味着它只能使用能够处理原始以太网帧的网络适配器。如果您的 VPN 使用其他设备,Nmap 将无法使用这些方法。PPTP 隧道就是一个已知的坏例子。

但这并不意味着您不能使用 Nmap!Nmap 还具有许多不使用原始以太网帧的功能,而是使用适用于几乎所有网络类型的本机套接字操作。端口扫描、反向 DNS、服务版本检测和 NSE 脚本都可以以这种方式工作。使用这些的一种简单方法是添加选项,因为它告诉 Nmap 使用基本函数调用来执行任何它可以执行的操作。这通常最终与用于主机发现和(TCP Connect)用于端口扫描技术--unprivileged相同。如果您尝试任何类似或它无法支持的操作,它将产生错误。-PS80,443-sT-O--traceroute

但在你限制自己使用这些功能之前,请确保你拥有Npcap 的最新版本(回答此问题时版本为 0.99-r7)并npcap在启动 VPN 后重新启动了服务,以便它可以观察并连接到 VPN 网络适配器(在管理员命令提示符下,运行:net stop npcapthen net start npcap)。这可能会让一切顺利进行。

相关内容