Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Nmap 6: Network Exploration and Security Auditing Cookbook

You're reading from   Nmap 6: Network Exploration and Security Auditing Cookbook Want to master Nmap and its scripting engine? Then this book is for you – packed with practical tasks and precise instructions, it's a comprehensive guide to penetration testing and network monitoring. Security in depth.

Arrow left icon
Product type Paperback
Published in Nov 2012
Publisher Packt
ISBN-13 9781849517485
Length 318 pages
Edition 1st Edition
Languages
Tools
Concepts
Arrow right icon
Toc

Table of Contents (18) Chapters Close

Nmap 6: Network Exploration and Security Auditing Cookbook
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface
1. Nmap Fundamentals FREE CHAPTER 2. Network Exploration 3. Gathering Additional Host Information 4. Auditing Web Servers 5. Auditing Databases 6. Auditing Mail Servers 7. Scanning Large Networks 8. Generating Scan Reports 9. Writing Your Own NSE Scripts References
Index

Detecting NAT with Nping


Nping was designed for packet crafting and traffic analysis and is perfect for a variety of networking tasks.

The following recipe will introduce Nping by showing how to perform NAT detection with some help of the Nping Echo protocol.

How to do it...

Open a terminal and enter the following command:

# nping --ec "public" -c 1 echo.nmap.org

This will result in an output stream similar to the following example:

Nping will return the packet traffic between the client and the Nping echo server echo.nmap.org:

Starting Nping 0.5.59BETA1 ( http://nmap.org/nping ) at 2011-10-27 16:59 PDT 
SENT (1.1453s) ICMP 192.168.1.102 > 74.207.244.221 Echo request (type=8/code=0) ttl=64 id=47754 iplen=28 
CAPT (1.1929s) ICMP 187.136.56.27 > 74.207.244.221 Echo request (type=8/code=0) ttl=57 id=47754 iplen=28 
RCVD (1.2361s) ICMP 74.207.244.221 > 192.168.1.102 Echo reply (type=0/code=0) ttl=53 id=37482 iplen=28 

Max rtt: 90.751ms | Min rtt: 90.751ms | Avg rtt: 90.751ms 
Raw packets sent: 1 (28B) | Rcvd: 1 (46B) | Lost: 0 (0.00%)| Echoed: 1 (28B) 
Tx time: 0.00120s | Tx bytes/s: 23236.51 | Tx pkts/s: 829.88 
Rx time: 1.00130s | Rx bytes/s: 45.94 | Rx pkts/s: 1.00 
Nping done: 1 IP address pinged in 2.23 seconds 

Take note of the source address 192.168.1.102 in the first packet marked as SENT.

 SENT (1.1453s) ICMP 192.168.1.102 > 74.207.244.221 Echo request (type=8/code=0) ttl=64 id=47754 iplen=28 

Compare this address to the source address in the second packet marked as CAPT.

CAPT (1.1929s) ICMP 187.136.56.27 > 74.207.244.221 Echo request (type=8/code=0) ttl=57 id=47754 iplen=28 

The addresses are different, indicating the presence of NAT.

How it works...

Nping's echo mode was designed to help troubleshoot firewall and routing problems. Basically, it returns a copy of the received packet back to the client.

The command is:

# nping --ec "public" -c 1 echo.nmap.org

It uses Nping's echo mode (--ec or --echo-client) to help us analyze the traffic between Nmap's Nping echo server, to determine if there is a NAT device on the network. The argument after –ec corresponds to a secret passphrase known by the server to encrypt and authenticate the session.

The flag -c is used to specify how many iterations of packets must be sent.

There's more...

With Nping it is really simple to generate custom TCP packets. For example, to send a TCP SYN packet to port 80, use the following command:

# nping --tcp -flags syn -p80 -c 1 192.168.1.254

This will result in the following output:

SENT (0.0615s) TCP 192.168.1.102:33599 > 192.168.1.254:80 S ttl=64 id=21546 iplen=40  seq=2463610684 win=1480 
RCVD (0.0638s) TCP 192.168.1.254:80 > 192.168.1.102:33599 SA ttl=254 id=30048 iplen=44  seq=457728000 win=1536 <mss 768> 

Max rtt: 2.342ms | Min rtt: 2.342ms | Avg rtt: 2.342ms 
Raw packets sent: 1 (40B) | Rcvd: 1 (46B) | Lost: 0 (0.00%) 
Tx time: 0.00122s | Tx bytes/s: 32894.74 | Tx pkts/s: 822.37 
Rx time: 1.00169s | Rx bytes/s: 45.92 | Rx pkts/s: 1.00 
Nping done: 1 IP address pinged in 1.14 seconds 

Nping is a very powerful tool for traffic analysis and packet crafting. Take a moment to go through all of its options by using the following command:

$ nping -h 

Nping Echo Protocol

To learn more about the Nping Echo Protocol visit http://nmap.org/svn/nping/docs/EchoProtoRFC.txt.

See also

  • The Finding live hosts in your network recipe

  • The Comparing scan results with Ndiff recipe

  • The Managing multiple scanning profiles with Zenmap recipe

  • The Monitoring servers remotely with Nmap and Ndiff recipe

  • The Gathering network information with broadcast scripts recipe Chapter 2, Network Exploration

  • The Brute forcing DNS records recipe Chapter 3, Gathering Additional Host Information

  • The Spoofing the origin IP of a port scan recipe Chapter 3, Gathering Additional Host Information

  • The Generating a network topology graph with Zenmap recipe Chapter 8, Generating Scan Reports

You have been reading a chapter from
Nmap 6: Network Exploration and Security Auditing Cookbook
Published in: Nov 2012
Publisher: Packt
ISBN-13: 9781849517485
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image