Thomas Schöpfer <t.schoepfer@tmx.ch> (Mo 12 Dez 2011 01:04:48 CET): > > # nmap -sP -n -v --send-ip -iL ip-list > Starting Nmap 5.00 ( http://nmap.org ) at 2011-12-12 00:58 CET > NSE: Loaded 0 scripts for scanning. > Initiating Ping Scan at 00:58 > Scanning 2 hosts [4 ports/host] > Completed Ping Scan at 00:58, 0.08s elapsed (2 total hosts) > Host 192.168.16.1 is up (0.00026s latency). > Host 192.168.16.3 is up (0.00031s latency). > Host 192.168.16.202 is up. > Initiating Ping Scan at 00:58 > Scanning 5 hosts [4 ports/host] > Completed Ping Scan at 00:58, 1.44s elapsed (5 total hosts) > Host 192.168.16.203 is down. > Host 192.168.16.213 is up (0.0035s latency). > Host 192.168.16.226 is up (0.0016s latency). > Host 192.168.16.227 is up (0.17s latency). > Host 192.168.16.229 is up (0.11s latency). > Read data files from: /usr/share/nmap > Nmap done: 8 IP addresses (7 hosts up) scanned in 1.79 seconds > Raw packets sent: 29 (1096B) | Rcvd: 14 (500B) > > # ping 192.168.16.203 > PING 192.168.16.203 (192.168.16.203) 56(84) bytes of data. > 64 bytes from 192.168.16.203: icmp_seq=1 ttl=64 time=0.050 ms > 64 bytes from 192.168.16.203: icmp_seq=2 ttl=64 time=0.044 ms > 64 bytes from 192.168.16.203: icmp_seq=3 ttl=64 time=0.033 ms > ^C > --- 192.168.16.203 ping statistics --- > 3 packets transmitted, 3 received, 0% packet loss, time 1998ms > rtt min/avg/max/mdev = 0.033/0.042/0.050/0.008 ms Spätestens jetzt würde ich tcpdump auspacken und gucken, was da los ist. Etwa so: tcpdump -i eth0 -n arp or icmp oder tcpdump -w /tmp/log.pcap -i eth0 -n arp or icmp … und dann log.pcap in Ruhe analysieren (mit tcpdump, wireshark oder ähnlichten Tools). -- Heiko
Attachment:
signature.asc
Description: Digital signature