# 第二十一课：基于ICMP发现内网存活主机

## ICMP简介：

它是TCP/IP协议族的一个子协议，用于在IP主机、路由器之间传递控制消息。控制消息是指网络通不通、主机是否可达、路由是否可用等网络本身的消息。这些控制消息虽然并不传输用户数据，但是对于用户数据的传递起着重要的作用。

## nmap扫描：

```bash
root@John:~# nmap ‐sP ‐PI 192.168.1.0/24 ‐T4
```

![](/files/-LZJx5dv_wre5mrYcOr_)

```bash
root@John:~# nmap ‐sn ‐PE ‐T4 192.168.1.0/24
```

![](/files/-LZJx5e-bCGGHfsaSSUo)

## CMD下扫描：

```bash
for /L %P in (1,1,254) DO @ping ‐w 1 ‐n 1 192.168.1.%P | findstr "TTL ="
```

![](/files/-LZJx5e4TyQE5C38EJPA)

## powershell扫描：

```
powershell.exe ‐exec bypass ‐Command "Import‐Module ./Invoke‐TSPingSweep.ps1
; Invoke‐TSPingSweep ‐StartAddress 192.168.1.1 ‐EndAddress 192.168.1.254 ‐Resolv
eHost ‐ScanPort ‐Port 445,135"
```

![](/files/-LZJx5e86t2GTZ-_a9My)

![](/files/-LZJx5eCh4IEjjOG-s4I)

```bash
D:\>tcping.exe ‐n 1 192.168.1.0 80
```

![](/files/-LZJx5eIPuEpov6ILTDa)

## 附录:

powershell 脚本与 tcping（来源互联网，后门自查）\
链接：<https://pan.baidu.com/s/1dEWUBNN>\
密码：9vge

> Micropoor


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://micro8.gitbook.io/micro8/contents-1/21-30/21-ji-yu-icmp-fa-xian-nei-wang-cun-huo-zhu-ji.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.