(主机扫描.docxVIP

主机扫描原理以及ICMP协议浅解 (2009-08-08 13:17) 分类： 网络安全1 引题这里提出一个概念：什么是主机扫描？主机扫描顾名思义就是扫描网络中存在的主机。那怎么扫描特定的主机是否存在呢？答案就是通过发送ICMP协议包来确定。那什么是ICMP包呢？我打个不恰当的比方，ICMP包就好比邮局的快递，你要扫描一个主机是否存在，就向这个主机的地址（IP）发一个快递，不管是否投递成功，邮局都会通知你。那么你就知道该网络地址是否存在了。那么邮局的回单，我要如何分析才能知道对方的信息呢？那么我们就要来分析ICMP这个‘快递’包的投送回单。具体的结构解释我就不多说了，网上很多，可以自己查阅在Linux中ICMP数据结构(netinet/ip_icmp.h)定义如下： structicmp{ u_int8_t icmp_type; /* type of message, see below */ u_int8_t icmp_code; /* type sub code */ u_int16_t icmp_cksum; /* ones complement checksum of struct */ union {u_charih_pptr; /* ICMP_PARAMPROB */structin_addrih_gwaddr; /* gateway address */structih_idseq /* echo datagram */ { u_int16_t icd_id; u_int16_t icd_seq; } ih_idseq; u_int32_t ih_void; /* ICMP_UNREACH_NEEDFRAG -- Path MTU Discovery (RFC1191) */structih_pmtu { u_int16_t ipm_void; u_int16_t ipm_nextmtu; } ih_pmtu;structih_rtradv { u_int8_t irt_num_addrs; u_int8_t irt_wpa; u_int16_t irt_lifetime; } ih_rtradv; } icmp_hun;#define icmp_pptricmp_hun.ih_pptr#define icmp_gwaddricmp_hun.ih_gwaddr#define icmp_idicmp_hun.ih_idseq.icd_id#define icmp_seqicmp_hun.ih_idseq.icd_seq#define icmp_voidicmp_hun.ih_void#define icmp_pmvoidicmp_hun.ih_pmtu.ipm_void#define icmp_nextmtuicmp_hun.ih_pmtu.ipm_nextmtu#define icmp_num_addrsicmp_hun.ih_rtradv.irt_num_addrs#define icmp_wpaicmp_hun.ih_rtradv.irt_wpa#define icmp_lifetimeicmp_hun.ih_rtradv.irt_lifetime union {struct { u_int32_t its_otime; u_int32_t its_rtime; u_int32_t its_ttime; } id_ts;struct {structipidi_ip; /* options and then 64 bits of data */ } id_ip;structicmp_ra_addrid_radv; u_int32_t id_mask; u_int8_t id_data[1]; } icmp_dun;#define icmp_otimeicmp_dun.id_ts.its_otime#define icmp_rtimeicmp_dun.id_ts.its_rtime#define icmp_ttimeicmp_dun.id_ts.its_ttime#define icmp_ipicmp_dun.id_ip.idi_ip#define icmp_radvicmp_dun.id_radv#define icmp_maskicmp_dun.id_mask#define icmp_dataicmp_dun.id_data};那么现在的问题我们怎么自己组装ICM