我正在寻求调查的帮助,这确实是一个谜。我不知道这是否合法,或者我是否已经被怪异的方式入侵...所以这就是我所知道的一切:
我将计算机保持24x7全天候运行,因为它也是一台服务器。
昨天早上,我看到了“设置网络位置”屏幕,询问“网络8”是否应视为家庭,工作或公共网络。这不是常规情况。我运行了IPConfig,并确定有一个地址为172.20.10.10,网关为172.20.10.1的网络。我不得不去上班,而没有时间去看进一步。
当我返回时,窗口仍然打开,但是IPConfig并不显示网络正在运行。
在注册表中,我发现:HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ Tcpip \ Parameters \ Adapters {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXXX}(我已删除了GUID)
IpConfig值指向下一个条目:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ Tcpip \ Parameters \ Interfaces {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXXX}(与上述GUID相同)
具有以下值:
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="172.20.10.10"
"DhcpSubnetMask"="255.255.255.240"
"DhcpServer"="172.20.10.1"
"Lease"=dword:00014e20
"LeaseObtainedTime"=dword:58401e47
"T1"=dword:5840c557
"T2"=dword:584142a3
"LeaseTerminatesTime"=dword:58416c67
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpInterfaceOptions"=hex:06,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,67,\
6c,41,58,ac,14,0a,01,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,67,6c,\
41,58,ac,14,0a,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,67,6c,41,\
58,ff,ff,ff,f0,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,67,6c,41,58,\
ac,14,0a,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,67,6c,41,58,05,\
00,00,00,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,67,6c,41,58,00,01,\
4e,20,fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5d,68,40,58
"DhcpGatewayHardware"=hex:ac,14,0a,01,06,00,00,00,e2,5f,45,8c,c4,64
"DhcpGatewayHardwareCount"=dword:00000001
"DhcpNameServer"="172.20.10.1"
"DhcpDefaultGateway"=hex(7):31,00,37,00,32,00,2e,00,32,00,30,00,2e,00,31,00,30,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,32,00,34,00,30,00,00,00,00,00
这确实是我昨天看到的IP地址。所以,这是我的问题...这肯定看起来像是软件/ VPN网络连接,但我认识不到。我确实使用OpenVPN,并且确实使用了TUN适配器。但是这种联系也已经建立起来了...
我试图通过此命令查找更多信息,但它仅显示连接的接口...:
C:\Windows\system32>netsh int show int
Admin State State Type Interface Name
-------------------------------------------------------------------------
Enabled Connected Dedicated VirtualBox Host-Only Network
Enabled Connected Dedicated Local Area Connection 2
Enabled Connected Dedicated Local Area Connection 3
现在,我已经搜索了显示所有已安装的NIC并遇到此命令的NIC信息的方法,我认为这已经回答了我的问题(在撰写本文时正在调查。)该命令(在命令提示符下)是“ wmic nic get ”将返回有关以文本形式定义的每个适配器的大量信息表。我将其通过管道传输到文本文件,然后使用固定的空格字体进行查看。或者,更好的是,如果知道所需的列,则可以限制返回的列,如下所示:
C:\Windows\system32>wmic nic get Caption, NetConnectionID
Caption NetConnectionID
[00000000] WAN Miniport (SSTP)
[00000001] WAN Miniport (IKEv2)
[00000002] WAN Miniport (L2TP)
[00000003] WAN Miniport (PPTP)
[00000004] WAN Miniport (PPPOE)
[00000005] WAN Miniport (IPv6)
[00000006] WAN Miniport (Network Monitor)
[00000007] Realtek PCIe GBE Family Controller
[00000008] WAN Miniport (IP)
[00000009] Microsoft ISATAP Adapter
[00000010] RAS Async Adapter
[00000011] Microsoft Teredo Tunneling Adapter
[00000012] Microsoft ISATAP Adapter
[00000013] VirtualBox Bridged Networking Driver Miniport
[00000014] VirtualBox Bridged Networking Driver Miniport
[00000015] TAP-Windows Adapter V9 Local Area Connection 2
[00000016] VirtualBox Bridged Networking Driver Miniport
[00000017] Microsoft ISATAP Adapter
[00000018] Realtek PCIe GBE Family Controller Local Area Connection 3
[00000019] VirtualBox Host-Only Ethernet Adapter VirtualBox Host-Only Network
[00000020] Apple Mobile Device Ethernet
[00000021] Microsoft 6to4 Adapter
[00000022] VirtualBox Bridged Networking Driver Miniport
[00000023] Microsoft ISATAP Adapter
[00000024] Apple Mobile Device Ethernet
[00000025] VirtualBox Bridged Networking Driver Miniport