-sI <zombie host[:probeport]>: Idle scan
--packet-trace: Show all packets sent and received
-r: Scan ports consecutively - don't randomize
-Pn: Treat all hosts as online -- skip host discovery
|
root@kali:~# cat /etc/hosts
10.1.4.2 Victim-lux01
10.1.4.4 Victim-w12
10.1.4.3 Zombie-w7
10.1.4.1 Attacker-kali |
On side Kai
ip.src == 10.1.4.3 and ip.dst == 10.1.4.1
On side Victim
ip.src == 10.1.4.1
On Kali
root@kali:~# nmap -Pn -p1-1023 -sI Zombie-w7 Victim-w12 -r --packet-trace
|
root@kali:~# nmap -Pn -p1-1023 -sI Victim-lux01 Victim-w12 -r |
|
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-09-14 20:43 KST
mass_dns: warning: Unable to open /etc/resolv.conf. Try using --system-dns or specify valid servers with --dns-servers
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Idle scan using zombie Victim-lux01 (10.1.4.2:80); Class: Incremental
Even though your Zombie (Victim-lux01; 10.1.4.2) appears to be vulnerable to IP ID sequence prediction (class: Incremental), our attempts have failed. This generally means that either the Zombie uses a separate IP ID base for each host (like Solaris), or because you cannot spoof IP packets (perhaps your ISP has enabled egress filtering to prevent IP spoofing), or maybe the target network recognizes the packet source as bogus and drops them
QUITTING!
|
