ubuntu检测到多个同名wifi,怎么鉴别假冒的wifi?
在Ubuntu中,如果检测到多个同名的Wi-Fi网络,可能存在假冒的Wi-Fi(例如“蜜罐”攻击)。以下是一些鉴别假冒Wi-Fi的方法:
-
检查信号强度:假冒的Wi-Fi通常信号强度较强,但如果你在不同位置连接到同一个SSID,信号强度可能会有所不同。可以尝试在不同位置查看信号强度。
-
查看MAC地址:每个Wi-Fi网络都有一个唯一的MAC地址。你可以通过网络管理器查看连接的Wi-Fi的MAC地址,并与已知的合法网络进行比较。假冒网络的MAC地址通常与合法网络不同。
在终端中,你可以使用以下命令查看当前连接的Wi-Fi的详细信息:
nmcli -f SSID,BSSID dev wifi
$nmcli -f SSID,BSSID dev wifi
eduroam 74:85:C4:71:69:35
ZJUWLAN 74:85:C4:71:69:30
ZJU-Guest 74:85:C4:71:69:36
eduroam 74:85:C4:71:69:25
ZJUWLAN 74:85:C4:71:69:20
ZJUWLAN-Secure 74:85:C4:71:69:23
ZJU-Guest 74:85:C4:71:69:26
ZJUWLAN-Secure 74:85:C4:71:69:33
eduroam 74:85:C4:71:69:44
ZJUWLAN 74:85:C4:71:69:40
ZJU-Guest 74:85:C4:71:69:45
-- 74:85:C4:70:BF:75
-- 74:85:C4:70:BF:76
ZJU-Guest 74:85:C4:70:BE:96
ZJUWLAN 74:85:C4:70:BE:90
ZJUWLAN-Secure 74:85:C4:70:BE:93
eduroam 74:85:C4:70:BE:95
eduroam 74:85:C4:71:64:F4
ZJUWLAN 74:85:C4:71:64:F0
ZJU-Guest 74:85:C4:71:64:F5
ZJUWLAN-Secure 74:85:C4:70:87:93
eduroam 74:85:C4:70:87:95
ZJUWLAN 74:85:C4:70:87:90
ZJU-Guest 74:85:C4:70:87:96
eduroam 74:85:C4:70:BE:A4
ZJUWLAN 74:85:C4:70:BE:A0
ZJU-Guest 74:85:C4:70:BE:A5
eduroam 74:85:C4:70:C0:24
ZJUWLAN 74:85:C4:70:87:A0
MERCURY_2.4G_D73C 90:76:9F:5B:D7:3C
ZJU-Guest 74:85:C4:70:C0:25
ZJUWLAN 74:85:C4:70:C0:20
ZJUWLAN-Secure 74:85:C4:70:87:A3
eduroam 74:85:C4:70:B8:44
ZJUWLAN 44:1A:FA:C4:0E:90
ZJUWLAN 74:85:C4:70:87:B0
ZJU-Guest 74:85:C4:71:2D:45
eduroam 74:85:C4:70:BE:85
ZJU-Guest 74:85:C4:70:87:A6
ZJU-Guest 74:85:C4:70:C0:16
ZJU-Guest 74:85:C4:70:B8:45
ZJUWLAN 74:85:C4:70:BF:90
ZJUWLAN 74:85:C4:70:8A:C0
ZJUWLAN-Secure 74:85:C4:70:BE:83
ZJUWLAN 74:85:C4:70:BE:80
ZJU-Guest 74:85:C4:70:BE:86
eduroam 74:85:C4:70:C0:15
eduroam 44:1A:FA:C4:0E:94
ZJUWLAN-Secure 74:85:C4:70:C0:13
ZJUWLAN 74:85:C4:70:C0:10
ZJU-Guest 74:85:C4:70:BF:95
ZJUWLAN 74:85:C4:70:B8:40
eduroam 74:85:C4:70:BF:94
eduroam 74:85:C4:70:8A:E4
eduroam 74:85:C4:71:2D:44
ZJUWLAN 74:85:C4:70:8A:E0
ZJU-Guest 74:85:C4:70:8A:E5
ZJU-Guest 74:85:C4:71:5E:35
eduroam 74:85:C4:70:BB:A4
ZJU-Guest 44:1A:FA:C3:9F:95
ZJUWLAN 74:85:C4:71:5E:30
eduroam 74:85:C4:71:5E:34
ZJU-Guest 9C:09:71:B1:E7:11
ZJUWLAN 74:85:C4:71:5B:C0
-
使用Wi-Fi分析工具:可以使用一些Wi-Fi分析工具(如
iwlist、aircrack-ng等)来扫描周围的Wi-Fi网络,查看它们的信号强度、加密类型和MAC地址等信息。例如,使用
iwlist命令:sudo iwlist wlan0 scan
$ sudo iwlist wlp2s0 scan
wlp2s0 Scan completed :Cell 01 - Address: 74:85:C4:71:69:30Channel:149Frequency:5.745 GHz (Channel 149)Quality=57/70 Signal level=-53 dBm Encryption key:offESSID:"ZJUWLAN"Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s36 Mb/s; 48 Mb/s; 54 Mb/sMode:MasterExtra:tsf=0000027d2a426239Extra: Last beacon: 433ms agoIE: Unknown: 00075A4A55574C414EIE: Unknown: 01088C129824B048606CIE: Unknown: 0706434E20950514IE: Unknown: 2D1AEF111BFF00000000000000000000000000000000000000000000IE: Unknown: 3D1695050400000000000000000000000000000000000000IE: Unknown: 7F080000000000000040IE: Unknown: BF0CB2218103FEFF0000FEFF0000IE: Unknown: C005000000FFFFIE: Unknown: DD180050F2020101800003A4000027A4000042435E0062322F00Cell 02 - Address: 74:85:C4:71:69:33Channel:149Frequency:5.745 GHz (Channel 149)Quality=57/70 Signal level=-53 dBm Encryption key:onESSID:"ZJUWLAN-Secure"Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s36 Mb/s; 48 Mb/s; 54 Mb/sMode:MasterExtra:tsf=0000027d2a4263bcExtra: Last beacon: 433ms agoIE: Unknown: 000E5A4A55574C414E2D536563757265IE: Unknown: 01088C129824B048606CIE: Unknown: 0706434E20950514IE: Unknown: 2D1AEF111BFF00000000000000000000000000000000000000000000IE: IEEE 802.11i/WPA2 Version 1Group Cipher : CCMPPairwise Ciphers (1) : CCMPAuthentication Suites (1) : 802.1xIE: Unknown: 3D1695050400000000000000000000000000000000000000IE: Unknown: 7F080000000000000040IE: Unknown: BF0CB2218103FEFF0000FEFF0000IE: Unknown: C005000000FFFFIE: Unknown: DD180050F2020101800003A4000027A4000042435E0062322F00
- 查看网络连接
$nmcli connection show --active
NAME UUID TYPE DEVICE
ZJUWLAN-Secure b3bdd674-cf52-4802-a1c7-9f67f2c59576 wifi wlp2s0
lo e5504b60-ce68-4140-984f-fc58f5af88b6 loopback lo
Keyword
- ESSID(Extended Service Set Identifier):标识无线网络的名称,通常是用户在连接Wi-Fi时看到的名称。它可以被视为网络的“名称”。
- BSSID(Basic Service Set Identifier):BSSID是一个唯一的标识符,用于标识特定的接入点(AP,Access Point)。它通常是接入点的MAC地址。
- UUID(Universally Unique Identifier):一种标准的标识符,用于在计算机系统中唯一地标识信息。UUID的设计目的是确保在不同的系统和环境中生成的标识符是唯一的,几乎不可能发生冲突。
-
UUID通常以32个十六进制数字表示,分为五个部分,格式如下:
-
UUID有多个版本,每个版本都有不同的生成算法。常见的版本包括:
版本1:基于时间和节点(通常是MAC地址)生成的UUID。
版本3:基于命名空间和MD5哈希生成的UUID。
版本4:随机生成的UUID,通常是最常用的版本。
版本5:基于命名空间和SHA-1哈希生成的UUID。
- 查看本机UUID
$sudo dmidecode -s system-uuid
$cat /sys/class/dmi/id/product_uuid
$hostnamectl
$lsblk -o NAME,UUIDStatic hostname: starIcon name: computer-laptopChassis: laptop 💻Machine ID:Boot ID:
Operating System: Ubuntu 24.04.1 LTS Kernel: Linux 6.8.0-49-genericArchitecture: x86-64Hardware Vendor: ASUSTeK COMPUTER INC.Hardware Model: ASUS TUF Gaming A15 FA507NV_FA507NV
Firmware Version: FA507NV.313Firmware Date: Tue 2024-03-19Firmware Age: 8month 1w 4d
查看本机ip地址、路由表
$ifconfig
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.162.3.41 netmask 255.255.0.0 broadcast 10.162.255.255inet6 fe80::d5c6:30db:707a:ecbd prefixlen 64 scopeid 0x20<link>inet6 2408:8642:893:8c7e:25b9:516c:42bd:86e8 prefixlen 64 scopeid 0x0<global>inet6 2408:8642:893:8c7e:5704:3267:288d:848c prefixlen 64 scopeid 0x0<global>ether 46:7f:7c:7b:1b:cf txqueuelen 1000 (以太网)RX packets 259464 bytes 327656683 (327.6 MB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 65051 bytes 10723421 (10.7 MB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 在你提供的输出中,
inet 10.162.3.41是本机的IPv4地址,而不是Wi-Fi路由器的IPv4地址。这个地址是你的设备(例如电脑或手机)在Wi-Fi网络中的地址, - ether也是随机的Mac地址。
ip route
default via 10.162.0.1 dev wlp2s0 proto dhcp src 10.162.3.41 metric 600
10.162.0.0/16 dev wlp2s0 proto kernel scope link src 10.162.3.41 metric 600
- 可见本机dhcp分配的ipv4为10.162.3.41,局域网网关=10.162.0.1,局域网网域为10.162.0.0/1
打印本地的arp表(ip<->mac)
$ arp -a
? (10.162.3.80) 位于 74:3a:20:b9:e8:02 [ether] 在 wlp2s0
? (10.162.3.24) 位于 74:3a:20:b9:e8:02 [ether] 在 wlp2s0
? (10.162.3.66) 位于 74:3a:20:b9:e8:02 [ether] 在 wlp2s0
_gateway (10.162.0.1) 位于 74:3a:20:b9:e8:02 [ether] 在 wlp2s0
- 最后一行为局域网网关的ip-mac映射
扫描目标主机的端口
nmap -Pn --top-ports 1000 10.162.3.24
