再修改下代码,修正不能获取本机MAC的错误,增加获取所有或指定IP段的MAC功能,再增加了MAC-IP绑定和解除绑定的功能。
另外由于获取所有的MAC比较慢,我开始使用PING命令发现慢的出奇怪,最后改为TRACERT命令速度快了一倍,但是扫描整个还是要1分种左右,如果有更好的方法希望跟贴
@ECHO OFF
REM MAC扫描和绑定工具V1.0
REM 修正不能查本机的MAC问题(特殊处理);修正绑定或解除绑定后找不到MAC问题(首加ARP -A);
REM 修正不能获取路由器或猫的MAC问题(FIND精确查找时加如其他识别符号或使用ARP -A IP);
REM 增加IP绑定MAC功能以防止ARP欺骗;增加IP解除MAC绑定功能以临时消除ARP欺骗
REM 本程序由小布点(秋语)制作,欢迎交流 QQ:9399100
TITLE MAC扫描和绑定工具V1.0
FOR /F "TOKENS=15" %%I IN ('IPCONFIG /ALL^|FIND /I "IP Address"') DO SET LIP=%%I
:G
CLS
ARP -A >NUL
SET IP=
SET MAC=
SET /P IP=请你输入要查询的主机名称或其IP(本机直接回车,所有输入ALL):
IF NOT DEFINED IP GOTO :LIP
IF "%IP%"=="%LIP%" GOTO :LIP
IF "%IP%"=="ALL" GOTO :ALLIP
PING %IP% -n 1 >NUL
REM FOR /F "TOKENS=2" %%I IN ('ARP -A^|FIND "%IP% "') DO SET MAC=%%I
FOR /F "TOKENS=2" %%I IN ('ARP -A %IP% ^|FIND "%IP% "') DO SET MAC=%%I
IF NOT DEFINED MAC GOTO :G
GOTO :IPOK
:LIP
SET IP=%LIP%
FOR /F "TOKENS=12" %%I IN ('IPCONFIG /ALL^|FIND /I "Physical Address"') DO SET MAC=%%I
GOTO :IPOK
:ALLIP
CLS
SET STARTIP=
SET ENDIP=
ECHO 查询所有主机的MAC将花费很长时间,你可以设置一个开始段和结束段.
SET /P STARTIP=请你输入扫描的IP开始段(最小为0,最大为254,默认为0):
IF NOT DEFINED STARTIP SET STARTIP=0
SET /P ENDIP=请你输入扫描的IP结束段(最小为0,最大为254,默认为254):
IF NOT DEFINED ENDIP SET ENDIP=254
CLS
FOR /F "TOKENS=1-4 DELIMS=." %%A IN ("%LIP%") DO SET DOMAIN=%%A.%%B.%%C
ECHO 将扫描:%DOMAIN%.%STARTIP%-%DOMAIN%.%ENDIP%所有主机的MAC,请等待.....
FOR /L %%I IN (%STARTIP%,1,%ENDIP%) DO TRACERT -h 1 -w 1 %DOMAIN%.%%I >NUL
GOTO :IPOK
:IPOK
CLS
ECHO ------------------------------------------------------
ECHO 你要查询主机%IP%的MAC是:%MAC%
IF "%IP%"=="ALL" (ARP -A|FINDSTR /I "dynamic static")
ECHO ------------------------------------------------------
ECHO.
ECHO.
ECHO 操作完成,请选择其他操作:
ECHO ******************************************************
ECHO 要继续查询MAC请输入G;要退出查询MAC请输入E;
ECHO 要把该IP绑定到该MAC输入Y;要解除该绑定输入N;
ECHO 要比较完整的解决ARP病毒的攻击请输入Z;
ECHO ******************************************************
SET /P S=请选择并输入要继续的操作:
IF "%S%"=="%S%" GOTO :%S%
:Y
ECHO.
ECHO.
IF "%IP%"=="ALL" (SET /P IP=请从上面的列表中选择并输入一个需要绑定的IP,直接回车则全部绑定:)
IF "%IP%"=="ALL" SET IP=dynamic
FOR /F "TOKENS=1-2" %%I IN ('ARP -A^|FINDSTR /I "%IP%"') DO (ARP -S %%I %%J)
GOTO :G
:N
ECHO.
ECHO.
IF "%IP%"=="ALL" (SET /P IP=请从列表中选择输入需要解除的IP,直接回车则删除所有绑定:)
IF "%IP%"=="ALL" SET IP=*
ARP -D %IP%
GOTO :G
:Z
IF EXIST %WINDIR%\SYSTEM32\NPPTOOLS.DLL REN %WINDIR%\SYSTEM32\NPPTOOLS.DLL NPPTOOLS.DL_ >NUL
ARP -D
PING %IP% -n 1 >NUL
FOR /F "TOKENS=12" %%I IN ('IPCONFIG /ALL^|FIND /I "Physical Address"') DO (ARP -S %LIP% %%I)
FOR /F "TOKENS=13" %%I IN ('IPCONFIG /ALL^|FIND /I "Default Gateway"') DO (SET DG=%%I)
PING %DG% -n 1 >NUL
FOR /F "TOKENS=2" %%I IN ('ARP -A^|FIND "%DG% "') DO (ARP -S %DG% %%I)
GOTO :G
:E
@ECHO OFF
EXIT
Last edited by HUNRYBECKY on 2007-2-3 at 06:04 AM ]
Modify the code again to fix the error of not being able to obtain the local MAC, add the function of obtaining the MAC of all or specified IP segments, and also add the functions of MAC-IP binding and unbinding.
In addition, since it is slow to obtain all MACs, I started using the PING command and found it surprisingly slow. Finally, I changed to the TRACERT command and it was twice as fast, but scanning the entire network still takes about 1 minute. If there is a better method, I hope to post a reply
@ECHO OFF
REM MAC Scanning and Binding Tool V1.0
REM Fixed the problem of not being able to check the local MAC (special handling); fixed the problem of not finding the MAC after binding or unbinding (first add ARP -A);
REM Fixed the problem of not being able to obtain the MAC of the router or modem (add other identification symbols when using FIND for precise search or use ARP -A IP);
REM Added IP binding MAC function to prevent ARP spoofing; added IP unbinding MAC function to temporarily eliminate ARP spoofing
REM This program is made by Xiaobudian (Qiuyu), welcome to communicate QQ: 9399100
TITLE MAC Scanning and Binding Tool V1.0
FOR /F "TOKENS=15" %%I IN ('IPCONFIG /ALL^|FIND /I "IP Address"') DO SET LIP=%%I
:G
CLS
ARP -A >NUL
SET IP=
SET MAC=
SET /P IP=Please enter the host name or its IP to be queried (press Enter directly for this computer, enter ALL for all):
IF NOT DEFINED IP GOTO :LIP
IF "%IP%"=="%LIP%" GOTO :LIP
IF "%IP%"=="ALL" GOTO :ALLIP
PING %IP% -n 1 >NUL
REM FOR /F "TOKENS=2" %%I IN ('ARP -A^|FIND "%IP% "') DO SET MAC=%%I
FOR /F "TOKENS=2" %%I IN ('ARP -A %IP% ^|FIND "%IP% "') DO SET MAC=%%I
IF NOT DEFINED MAC GOTO :G
GOTO :IPOK
:LIP
SET IP=%LIP%
FOR /F "TOKENS=12" %%I IN ('IPCONFIG /ALL^|FIND /I "Physical Address"') DO SET MAC=%%I
GOTO :IPOK
:ALLIP
CLS
SET STARTIP=
SET ENDIP=
ECHO Querying the MAC of all hosts will take a long time, you can set a start segment and end segment.
SET /P STARTIP=Please enter the starting segment of the IP to be scanned (minimum is 0, maximum is 254, default is 0):
IF NOT DEFINED STARTIP SET STARTIP=0
SET /P ENDIP=Please enter the ending segment of the IP to be scanned (minimum is 0, maximum is 254, default is 254):
IF NOT DEFINED ENDIP SET ENDIP=254
CLS
FOR /F "TOKENS=1-4 DELIMS=." %%A IN ("%LIP%") DO SET DOMAIN=%%A.%%B.%%C
ECHO Will scan: %DOMAIN%.%STARTIP%-%DOMAIN%.%ENDIP% all hosts' MAC, please wait.....
FOR /L %%I IN (%STARTIP%,1,%ENDIP%) DO TRACERT -h 1 -w 1 %DOMAIN%.%%I >NUL
GOTO :IPOK
:IPOK
CLS
ECHO ------------------------------------------------------
ECHO The MAC of the host %IP% you want to query is: %MAC%
IF "%IP%"=="ALL" (ARP -A|FINDSTR /I "dynamic static")
ECHO ------------------------------------------------------
ECHO.
ECHO.
ECHO Operation completed, please select other operations:
ECHO ******************************************************
ECHO To continue querying MAC, enter G; to exit querying MAC, enter E;
ECHO To bind this IP to this MAC, enter Y; to unbind this, enter N;
ECHO To relatively completely solve the attack of ARP virus, enter Z;
ECHO ******************************************************
SET /P S=Please select and enter the operation to continue:
IF "%S%"=="%S%" GOTO :%S%
:Y
ECHO.
ECHO.
IF "%IP%"=="ALL" (SET /P IP=Please select and enter an IP to be bound from the above list, press Enter directly to bind all:)
IF "%IP%"=="ALL" SET IP=dynamic
FOR /F "TOKENS=1-2" %%I IN ('ARP -A^|FINDSTR /I "%IP%"') DO (ARP -S %%I %%J)
GOTO :G
:N
ECHO.
ECHO.
IF "%IP%"=="ALL" (SET /P IP=Please select and enter the IP to be unbound from the list, press Enter directly to delete all bindings:)
IF "%IP%"=="ALL" SET IP=*
ARP -D %IP%
GOTO :G
:Z
IF EXIST %WINDIR%\SYSTEM32\NPPTOOLS.DLL REN %WINDIR%\SYSTEM32\NPPTOOLS.DLL NPPTOOLS.DL_ >NUL
ARP -D
PING %IP% -n 1 >NUL
FOR /F "TOKENS=12" %%I IN ('IPCONFIG /ALL^|FIND /I "Physical Address"') DO (ARP -S %LIP% %%I)
FOR /F "TOKENS=13" %%I IN ('IPCONFIG /ALL^|FIND /I "Default Gateway"') DO (SET DG=%%I)
PING %DG% -n 1 >NUL
FOR /F "TOKENS=2" %%I IN ('ARP -A^|FIND "%DG% "') DO (ARP -S %DG% %%I)
GOTO :G
:E
@ECHO OFF
EXIT
Last edited by HUNRYBECKY on 2007-2-3 at 06:04 AM ]
