Thomas Schöpfer <t.schoepfer@tmx.ch> (Mo 12 Dez 2011 01:04:48 CET):
>
> # nmap -sP -n -v --send-ip -iL ip-list
> Starting Nmap 5.00 ( http://nmap.org ) at 2011-12-12 00:58 CET
> NSE: Loaded 0 scripts for scanning.
> Initiating Ping Scan at 00:58
> Scanning 2 hosts [4 ports/host]
> Completed Ping Scan at 00:58, 0.08s elapsed (2 total hosts)
> Host 192.168.16.1 is up (0.00026s latency).
> Host 192.168.16.3 is up (0.00031s latency).
> Host 192.168.16.202 is up.
> Initiating Ping Scan at 00:58
> Scanning 5 hosts [4 ports/host]
> Completed Ping Scan at 00:58, 1.44s elapsed (5 total hosts)
> Host 192.168.16.203 is down.
> Host 192.168.16.213 is up (0.0035s latency).
> Host 192.168.16.226 is up (0.0016s latency).
> Host 192.168.16.227 is up (0.17s latency).
> Host 192.168.16.229 is up (0.11s latency).
> Read data files from: /usr/share/nmap
> Nmap done: 8 IP addresses (7 hosts up) scanned in 1.79 seconds
> Raw packets sent: 29 (1096B) | Rcvd: 14 (500B)
>
> # ping 192.168.16.203
> PING 192.168.16.203 (192.168.16.203) 56(84) bytes of data.
> 64 bytes from 192.168.16.203: icmp_seq=1 ttl=64 time=0.050 ms
> 64 bytes from 192.168.16.203: icmp_seq=2 ttl=64 time=0.044 ms
> 64 bytes from 192.168.16.203: icmp_seq=3 ttl=64 time=0.033 ms
> ^C
> --- 192.168.16.203 ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 1998ms
> rtt min/avg/max/mdev = 0.033/0.042/0.050/0.008 ms
Spätestens jetzt würde ich tcpdump auspacken und gucken, was da los ist.
Etwa so:
tcpdump -i eth0 -n arp or icmp
oder
tcpdump -w /tmp/log.pcap -i eth0 -n arp or icmp
… und dann log.pcap in Ruhe analysieren (mit tcpdump, wireshark oder
ähnlichten Tools).
--
Heiko
Attachment:
signature.asc
Description: Digital signature