我怀疑我的家庭网络可能被恶意行为者入侵和利用。
我是一名网络新手,所以我想知道发送邻居请求 >2000 是否正常?
我通过运行以下命令获取了以下统计数据netstat -s:
IPv4 Statistics
Packets Received = 44873
Received Header Errors = 0
Received Address Errors = 0
Datagrams Forwarded = 0
Unknown Protocols Received = 1
Received Packets Discarded = 3479
Received Packets Delivered = 62550
Output Requests = 48541
Routing Discards = 0
Discarded Output Packets = 389
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
IPv6 Statistics
Packets Received = 1991
Received Header Errors = 0
Received Address Errors = 0
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 1229
Received Packets Delivered = 34570
Output Requests = 36382
Routing Discards = 0
Discarded Output Packets = 1979
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
ICMPv4 Statistics
Received Sent
Messages 509 444
Errors 0 0
Destination Unreachable 462 416
Time Exceeded 19 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echo Replies 16 12
Echos 12 16
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
Router Solicitations 0 0
Router Advertisements 0 0
ICMPv6 Statistics
Received Sent
Messages 947 3080
Errors 0 0
Destination Unreachable 943 943
Packet Too Big 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Echos 0 0
Echo Replies 0 0
MLD Queries 0 0
MLD Reports 0 0
MLD Dones 0 0
Router Solicitations 0 6
Router Advertisements 0 0
Neighbor Solicitations 2 2127
Neighbor Advertisements 2 4
Redirects 0 0
Router Renumberings 0 0
TCP Statistics for IPv4
Active Opens = 1454
Passive Opens = 543
Failed Connection Attempts = 132
Reset Connections = 219
Current Connections = 36
Segments Received = 38050
Segments Sent = 34308
Segments Retransmitted = 743
TCP Statistics for IPv6
Active Opens = 85
Passive Opens = 5
Failed Connection Attempts = 79
Reset Connections = 2
Current Connections = 0
Segments Received = 914
Segments Sent = 667
Segments Retransmitted = 251
UDP Statistics for IPv4
Datagrams Received = 26358
No Ports = 772
Receive Errors = 2818
Datagrams Sent = 11585
UDP Statistics for IPv6
Datagrams Received = 34871
No Ports = 234
Receive Errors = 1104
Datagrams Sent = 32306
正如您所看到的,邻居恳求是唯一让我感到不正常的事情,还是上面或下面显示的其他东西可能不正常?
ICMPv6 Statistics
Received Sent
Messages 947 3080
Errors 0 0
Destination Unreachable 943 943
Packet Too Big 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Echos 0 0
Echo Replies 0 0
MLD Queries 0 0
MLD Reports 0 0
MLD Dones 0 0
Router Solicitations 0 6
Router Advertisements 0 0
Neighbor Solicitations 2 2127
Neighbor Advertisements 2 4
Redirects 0 0
Router Renumberings 0 0
谢谢!
答案1
是也不是——单独来看,这个数字看起来是正常的,尽管与已收到邻居请求(以及与收到的邻居广告响应的数量相比),因为这四个计数器通常应该大致在同一范围内。
ICMPv6 邻居请求的主要目的与 IPv4 中的 ARP 查询相同 - 它们将 IP 地址转换为 MAC 地址。因此,每当您的计算机想要联系其自身子网中的 IPv6 地址时,它都会发送 ICMPv6 NS,因此需要知道 MAC 地址。(这包括使用该地址作为网关,而不仅仅是直接与其通信 - 因此如果您有 IPv6,那么邻居请求将发送到您的路由器地址。)
如果没有具有该地址的设备,则可能会有最多 3 次(或 5 次?)NS 尝试,直到您的计算机放弃。几分钟后,如果某个程序仍在尝试联系该地址,则会再进行几次 NS 查询,等等。(例如,我的台式机上安装了 Syncthing,它经常尝试联系我的笔记本电脑,而笔记本电脑当时可能处于睡眠状态。)
它们还有一个次要用途,即邻居不可达性检测(尽管 IPv4 中的 ARP 查询有时也以这种方式使用,但它不是标准的一部分)——在 IPv6 中,不活动的邻居缓存条目更主动地标记为“过时”,并且新的邻居请求直接发送到该设备以验证其活动性,即使其 MAC 地址仍然已知。(不过我忘记了具体细节。)
(注意:即使你的 ISP 不提供 IPv6,并且你没有全局 IPv6 地址,你的路由器仍然很有可能会有一个当地的‘fdXX:’IPv6 网络设置 - 它将自动用于 Windows 文件共享等。)
一般来说,有一种非常简单的方法可以查看这些统计数据背后的情况:使用数据包捕获工具,例如 Wireshark 或 Microsoft Network Monitor(或命令行 tshark、tcpdump、pktmon)。它们会直接显示实际发出的邻居请求数据包。