You're reading from Nmap Network Exploration and Security Auditing Cookbook, Third Edition Network discovery and security scanning at your fingertips

Product type Paperback

Published in Sep 2021

Publisher Packt

ISBN-13 9781838649357

Length 436 pages

Edition 3rd Edition

Languages

C++

Tools

Nmap

Concepts

Network Security

Author (1):

Paulino Calderon

View More author details

Table of Contents (22) Chapters

Preface

1. Chapter 1: Nmap Fundamentals

2. Chapter 2: Getting Familiar with Nmap's Family FREE CHAPTER

3. Chapter 3: Network Scanning

4. Chapter 4: Reconnaissance Tasks

5. Chapter 5: Scanning Web Servers

6. Chapter 6: Scanning Databases

7. Chapter 7: Scanning Mail Servers

8. Chapter 8: Scanning Windows Systems

9. Chapter 9: Scanning ICS/SCADA Systems

10. Chapter 10: Scanning Mainframes

11. Chapter 11: Optimizing Scans

12. Chapter 12: Generating Scan Reports

13. Chapter 13: Writing Your Own NSE Scripts

14. Chapter 14: Exploiting Vulnerabilities with the Nmap Scripting Engine

15. Other Books You May Enjoy

Appendix A: HTTP, HTTP Pipelining, and Web Crawling Configuration Options

HTTP user agent

1. Appendix Β: Brute-Force Password Auditing Options

Brute modes

2. Appendix C: NSE Debugging

3. Appendix D: Additional Output Options

4. Appendix Ε: Introduction to Lua

5. Appendix F: References and Additional Reading

Why subscribe?

Crafting ICMP echo replies with Nping

Nping is a utility designed to ease the process of crafting network packets. It is very useful to debug and troubleshoot network communications and perform traffic analysis.

This recipe will introduce Nping and go over the process of crafting and transmitting custom ICMP packets.

How to do it...

Let's say that we want to respond to an ICMP echo request packet with an echo reply using Nping. Consider that the first ICMP echo request packet has a source IP of 192.168.0.10 with an ICMP ID of 520, and the data string was the word ping. With that information, we can craft the reply with the following command:

#nping --icmp -c 1 --icmp-type 0 --icmp-code 0 --source-ip 192.168.0.5 --dest-ip 192.168.0.10 --icmp-id 520 --icmp-seq 0 --data-string 'ping'

In the output, you should see the sent ICMP echo reply packet with the values taken from the ICMP echo request packets:

SENT (0.0060s) ICMP [192.168.0.5 > 192.168.0.10 Echo reply (type=0/code=0) id=520 seq=0] IP [ttl=64 id=10898 iplen=32 ] 
Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Raw packets sent: 1 (32B) | Rcvd: 0 (0B) | Lost: 1 (100.00%) Nping done: 1 IP address pinged in 1.01 seconds

How it works...

Nping allows configuring the values of most fields in TCP, UDP, ARP, and ICMP packets easily. The following command will send an ICMP echo reply packet with the values obtained from the ICMP echo request packet:

#nping --icmp -c 1 --icmp-type 0 --icmp-code 0 --source-ip 192.168.0.5 --dest-ip 192.168.0.10 --icmp-id 520 --icmp-seq 0 --data-string 'ping'

Let's break it down by its arguments:

--icmp: Sets ICMP as the protocol to use.
-c 1: Packet count. Sends only one packet.
--icmp-type 0 --icmp-code 0: Sets the ICMP type and code. This type corresponds to an echo reply message.
--source-ip 192.168.0.5 --dest-ip 192.168.0.10: Sets the source and destination IP address.
--icmp-id 520: Sets the ICMP identifier of the request packet.
--icmp-seq 0: Sets the ICMP sequence number.
--data-string 'ping': Sets the data string.

There's more...

Nping can set most fields in TCP, UDP, ARP, and ICMP packets via arguments but offers a lot more customization than we offer. In addition to the interesting timing and performance options, Nping supports a mode named echo that is handy when troubleshooting firewall or routing issues. I highly recommend you go over the documentation at https://nmap.org/nping/ to become familiar with this powerful tool and more scenarios where it can be handy.