Home > other >  The ICMP scanning
The ICMP scanning

Time:11-24

The ICMP scanning
ICMP (Internet Control Message Protocal, Internet Control Message protocol) to work on the OSI network layer, to the source host report errors in data communication, ICMP is an "error detecting and reward system", the purpose is in order to be able to detect network continuous condition, also can ensure the accuracy of continuous, through the implementation of ICMP Ping scanning, whether can find the target host activities,
A, the working mechanism of ICMP
ICMP is a child of the TCP/IP protocol, used in IP host, routers between transmission control message, control message refers to the network impassability, whether the host can reach, routing is available, such as the news of the network itself, when cannot access the target IP packets, IP router cannot according to when the transmission rate of forwarding packets, automatically sends the ICMP message, to determine the status of the target host,
Second, the standard ICMP scanning
Standard of ICMP scanning is send ICMP Echo Request packets to the target host, to detect whether the target host online, if the target host to Reply the ICMP Echo Reply say the target host online, commonly used to send ICMP Echo Request packets tools is ping, also can use fping to send,
1, use the Ping command
Ping: this command to check whether the network is connected, can be very good to help users analyze and judge network fault, is the command to send ICMP Echo Request packets, and then wait for the target Host returns the corresponding, to check whether the network is unobstructed or network connection speed, format for: ping [objective], at the time of target inaccessible will return to the Destination Host Unreachable (a target Host Unreachable)
2, the use of tools Nmap
Nmap is a free and open Network scanning and sniffing toolkit, also known as Network Mapper (Network Mapper), Nmap tool "setup.exe" option, which can be used to implement the ICMP scanning, format for: Nmap - PE [objective], the principle is to send an ICMP echo, timestamp request to detect whether the host online and netmask,
3, use Fping command
Fping is a small command line tool, similar to the ping but performance is good, when ping host more Fping can define any number of hosts on the command line, specify contains to ping the IP address, host table files, format for: Fping [objective],
Three, the timestamp query scan
Some servers configured firewalls to prevent the ICMP Echo request, but because of improper configuration, still can reply the ICMP timestamp request, therefore may perform the ICMP timestamp through Nmap to judge whether the target host online query scanning formats: Nmap - PP [objective]
Four, the address mask query scan
Address mask similar enquiry and time stamp scan, is a kind of unconventional ICMP query, try to use alternative register ICMP Ping the specified host, can bypass configuration has Ping blockade standard echo request strategies of firewall, format: nmap - PM [objective]
  • Related