Ubuntu WiFi检测

ubuntu检测到多个同名wifi，怎么鉴别假冒的wifi？

在Ubuntu中，如果检测到多个同名的Wi-Fi网络，可能存在假冒的Wi-Fi（例如“蜜罐”攻击）。以下是一些鉴别假冒Wi-Fi的方法：

1. 检查信号强度：假冒的Wi-Fi通常信号强度较强，但如果你在不同位置连接到同一个SSID，信号强度可能会有所不同。可以尝试在不同位置查看信号强度。

2. 查看MAC地址：每个Wi-Fi网络都有一个唯一的MAC地址。你可以通过网络管理器查看连接的Wi-Fi的MAC地址，并与已知的合法网络进行比较。假冒网络的MAC地址通常与合法网络不同。

   在终端中，你可以使用以下命令查看当前连接的Wi-Fi的详细信息：

   nmcli -f SSID,BSSID dev wifi
   

$nmcli -f SSID,BSSID dev wifi
eduroam            74:85:C4:71:69:35 
ZJUWLAN            74:85:C4:71:69:30 
ZJU-Guest          74:85:C4:71:69:36 
eduroam            74:85:C4:71:69:25 
ZJUWLAN            74:85:C4:71:69:20 
ZJUWLAN-Secure     74:85:C4:71:69:23 
ZJU-Guest          74:85:C4:71:69:26 
ZJUWLAN-Secure     74:85:C4:71:69:33 
eduroam            74:85:C4:71:69:44 
ZJUWLAN            74:85:C4:71:69:40 
ZJU-Guest          74:85:C4:71:69:45 
--                 74:85:C4:70:BF:75 
--                 74:85:C4:70:BF:76 
ZJU-Guest          74:85:C4:70:BE:96 
ZJUWLAN            74:85:C4:70:BE:90 
ZJUWLAN-Secure     74:85:C4:70:BE:93 
eduroam            74:85:C4:70:BE:95 
eduroam            74:85:C4:71:64:F4 
ZJUWLAN            74:85:C4:71:64:F0 
ZJU-Guest          74:85:C4:71:64:F5 
ZJUWLAN-Secure     74:85:C4:70:87:93 
eduroam            74:85:C4:70:87:95 
ZJUWLAN            74:85:C4:70:87:90 
ZJU-Guest          74:85:C4:70:87:96 
eduroam            74:85:C4:70:BE:A4 
ZJUWLAN            74:85:C4:70:BE:A0 
ZJU-Guest          74:85:C4:70:BE:A5 
eduroam            74:85:C4:70:C0:24 
ZJUWLAN            74:85:C4:70:87:A0 
MERCURY_2.4G_D73C  90:76:9F:5B:D7:3C 
ZJU-Guest          74:85:C4:70:C0:25 
ZJUWLAN            74:85:C4:70:C0:20 
ZJUWLAN-Secure     74:85:C4:70:87:A3 
eduroam            74:85:C4:70:B8:44 
ZJUWLAN            44:1A:FA:C4:0E:90 
ZJUWLAN            74:85:C4:70:87:B0 
ZJU-Guest          74:85:C4:71:2D:45 
eduroam            74:85:C4:70:BE:85 
ZJU-Guest          74:85:C4:70:87:A6 
ZJU-Guest          74:85:C4:70:C0:16 
ZJU-Guest          74:85:C4:70:B8:45 
ZJUWLAN            74:85:C4:70:BF:90 
ZJUWLAN            74:85:C4:70:8A:C0 
ZJUWLAN-Secure     74:85:C4:70:BE:83 
ZJUWLAN            74:85:C4:70:BE:80 
ZJU-Guest          74:85:C4:70:BE:86 
eduroam            74:85:C4:70:C0:15 
eduroam            44:1A:FA:C4:0E:94 
ZJUWLAN-Secure     74:85:C4:70:C0:13 
ZJUWLAN            74:85:C4:70:C0:10 
ZJU-Guest          74:85:C4:70:BF:95 
ZJUWLAN            74:85:C4:70:B8:40 
eduroam            74:85:C4:70:BF:94 
eduroam            74:85:C4:70:8A:E4 
eduroam            74:85:C4:71:2D:44 
ZJUWLAN            74:85:C4:70:8A:E0 
ZJU-Guest          74:85:C4:70:8A:E5 
ZJU-Guest          74:85:C4:71:5E:35 
eduroam            74:85:C4:70:BB:A4 
ZJU-Guest          44:1A:FA:C3:9F:95 
ZJUWLAN            74:85:C4:71:5E:30 
eduroam            74:85:C4:71:5E:34 
ZJU-Guest          9C:09:71:B1:E7:11 
ZJUWLAN            74:85:C4:71:5B:C0 

3. 使用Wi-Fi分析工具：可以使用一些Wi-Fi分析工具（如iwlist、aircrack-ng等）来扫描周围的Wi-Fi网络，查看它们的信号强度、加密类型和MAC地址等信息。

   例如，使用iwlist命令：

   sudo iwlist wlan0 scan
   

$ sudo iwlist wlp2s0 scan
wlp2s0    Scan completed :Cell 01 - Address: 74:85:C4:71:69:30Channel:149Frequency:5.745 GHz (Channel 149)Quality=57/70  Signal level=-53 dBm  Encryption key:offESSID:"ZJUWLAN"Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s36 Mb/s; 48 Mb/s; 54 Mb/sMode:MasterExtra:tsf=0000027d2a426239Extra: Last beacon: 433ms agoIE: Unknown: 00075A4A55574C414EIE: Unknown: 01088C129824B048606CIE: Unknown: 0706434E20950514IE: Unknown: 2D1AEF111BFF00000000000000000000000000000000000000000000IE: Unknown: 3D1695050400000000000000000000000000000000000000IE: Unknown: 7F080000000000000040IE: Unknown: BF0CB2218103FEFF0000FEFF0000IE: Unknown: C005000000FFFFIE: Unknown: DD180050F2020101800003A4000027A4000042435E0062322F00Cell 02 - Address: 74:85:C4:71:69:33Channel:149Frequency:5.745 GHz (Channel 149)Quality=57/70  Signal level=-53 dBm  Encryption key:onESSID:"ZJUWLAN-Secure"Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s36 Mb/s; 48 Mb/s; 54 Mb/sMode:MasterExtra:tsf=0000027d2a4263bcExtra: Last beacon: 433ms agoIE: Unknown: 000E5A4A55574C414E2D536563757265IE: Unknown: 01088C129824B048606CIE: Unknown: 0706434E20950514IE: Unknown: 2D1AEF111BFF00000000000000000000000000000000000000000000IE: IEEE 802.11i/WPA2 Version 1Group Cipher : CCMPPairwise Ciphers (1) : CCMPAuthentication Suites (1) : 802.1xIE: Unknown: 3D1695050400000000000000000000000000000000000000IE: Unknown: 7F080000000000000040IE: Unknown: BF0CB2218103FEFF0000FEFF0000IE: Unknown: C005000000FFFFIE: Unknown: DD180050F2020101800003A4000027A4000042435E0062322F00

4. 查看网络连接

$nmcli connection show --active
NAME            UUID                                  TYPE      DEVICE 
ZJUWLAN-Secure  b3bdd674-cf52-4802-a1c7-9f67f2c59576  wifi      wlp2s0 
lo              e5504b60-ce68-4140-984f-fc58f5af88b6  loopback  lo 

Keyword

• ESSID（Extended Service Set Identifier）:标识无线网络的名称，通常是用户在连接Wi-Fi时看到的名称。它可以被视为网络的“名称”。
• BSSID（Basic Service Set Identifier）:BSSID是一个唯一的标识符，用于标识特定的接入点（AP，Access Point）。它通常是接入点的MAC地址。
• UUID（Universally Unique Identifier）:一种标准的标识符，用于在计算机系统中唯一地标识信息。UUID的设计目的是确保在不同的系统和环境中生成的标识符是唯一的，几乎不可能发生冲突。

1. UUID通常以32个十六进制数字表示，分为五个部分，格式如下：

2. UUID有多个版本，每个版本都有不同的生成算法。常见的版本包括：

   版本1：基于时间和节点（通常是MAC地址）生成的UUID。
   版本3：基于命名空间和MD5哈希生成的UUID。
   版本4：随机生成的UUID，通常是最常用的版本。
   版本5：基于命名空间和SHA-1哈希生成的UUID。

• 查看本机UUID

$sudo dmidecode -s system-uuid
$cat /sys/class/dmi/id/product_uuid
$hostnamectl
$lsblk -o NAME,UUIDStatic hostname: starIcon name: computer-laptopChassis: laptop 💻Machine ID:Boot ID:
Operating System: Ubuntu 24.04.1 LTS                 Kernel: Linux 6.8.0-49-genericArchitecture: x86-64Hardware Vendor: ASUSTeK COMPUTER INC.Hardware Model: ASUS TUF Gaming A15 FA507NV_FA507NV
Firmware Version: FA507NV.313Firmware Date: Tue 2024-03-19Firmware Age: 8month 1w 4d

查看本机ip地址、路由表

$ifconfig
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 10.162.3.41  netmask 255.255.0.0  broadcast 10.162.255.255inet6 fe80::d5c6:30db:707a:ecbd  prefixlen 64  scopeid 0x20<link>inet6 2408:8642:893:8c7e:25b9:516c:42bd:86e8  prefixlen 64  scopeid 0x0<global>inet6 2408:8642:893:8c7e:5704:3267:288d:848c  prefixlen 64  scopeid 0x0<global>ether 46:7f:7c:7b:1b:cf  txqueuelen 1000  (以太网)RX packets 259464  bytes 327656683 (327.6 MB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 65051  bytes 10723421 (10.7 MB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

• 在你提供的输出中，inet 10.162.3.41 是本机的IPv4地址，而不是Wi-Fi路由器的IPv4地址。这个地址是你的设备（例如电脑或手机）在Wi-Fi网络中的地址，
• ether也是随机的Mac地址。

ip route
default via 10.162.0.1 dev wlp2s0 proto dhcp src 10.162.3.41 metric 600 
10.162.0.0/16 dev wlp2s0 proto kernel scope link src 10.162.3.41 metric 600 

• 可见本机dhcp分配的ipv4为10.162.3.41，局域网网关=10.162.0.1，局域网网域为10.162.0.0/1

打印本地的arp表(ip<->mac）

$ arp -a
? (10.162.3.80) 位于 74:3a:20:b9:e8:02 [ether] 在 wlp2s0
? (10.162.3.24) 位于 74:3a:20:b9:e8:02 [ether] 在 wlp2s0
? (10.162.3.66) 位于 74:3a:20:b9:e8:02 [ether] 在 wlp2s0
_gateway (10.162.0.1) 位于 74:3a:20:b9:e8:02 [ether] 在 wlp2s0

• 最后一行为局域网网关的ip-mac映射

扫描目标主机的端口

nmap  -Pn --top-ports 1000 10.162.3.24