ICMP scanning procedure is used to know whether a host is alive or not.During
most scans using ICMP an ICMP_ECHO datagram is sent to the remote computer to
determine whether it has an active IP or not. If all is well the computer that
sent the ICMP_ECHO packet will recieve and ICMP_ECHO_REPLY packet which means
that the host computer is p and alive. If no response is recieved it usually
means that the host computer is down or an administrator is filtering the reply
from the host
this scanning can be done using ping request. Ping is great to use if you aren't planning on scanning a large amount of host
just open the command prompt and type the following command:
ping <target address>
ex:
ping 192.168.0.101
PING 192.168.0.101 (192.168.0.101) 56(84) bytes of data.
64 bytes from 192.168.0.101: icmp_seq=1 ttl=128 time=7140 ms
64 bytes from 192.168.0.101: icmp_seq=2 ttl=128 time=8982 ms
64 bytes from 192.168.0.101: icmp_seq=9 ttl=128 time=3963 ms
64 bytes from 192.168.0.101: icmp_seq=11 ttl=128 time=3979 ms
64 bytes from 192.168.0.101: icmp_seq=13 ttl=128 time=4472 ms
--- 192.168.0.101 ping statistics ---
54 packets transmitted, 5 received, 90% packet loss, time 53043ms
if you do plan on scanning a large subnet Nmap is also a great tool to use for network ping sweeps because it also does it's sweep in a parallel fasion and it helps to resolve the host names of the target computers. For Windows one of the best ping sweep tools is probably Pinger form the Rhino9 group. It is able to do act in the same way as nmap do.
this scanning can be done using ping request. Ping is great to use if you aren't planning on scanning a large amount of host
just open the command prompt and type the following command:
ping <target address>
ex:
ping 192.168.0.101
PING 192.168.0.101 (192.168.0.101) 56(84) bytes of data.
64 bytes from 192.168.0.101: icmp_seq=1 ttl=128 time=7140 ms
64 bytes from 192.168.0.101: icmp_seq=2 ttl=128 time=8982 ms
64 bytes from 192.168.0.101: icmp_seq=9 ttl=128 time=3963 ms
64 bytes from 192.168.0.101: icmp_seq=11 ttl=128 time=3979 ms
64 bytes from 192.168.0.101: icmp_seq=13 ttl=128 time=4472 ms
--- 192.168.0.101 ping statistics ---
54 packets transmitted, 5 received, 90% packet loss, time 53043ms
if you do plan on scanning a large subnet Nmap is also a great tool to use for network ping sweeps because it also does it's sweep in a parallel fasion and it helps to resolve the host names of the target computers. For Windows one of the best ping sweep tools is probably Pinger form the Rhino9 group. It is able to do act in the same way as nmap do.
To stop people from pinging your network in this fasion it is a good
idea to block ICMP_ECHO requests from the internet at your border router.
Another way to scan large networks at once is to send an ICMP_ECHO request to the broadcast adress on the target network. This will usually result in all the machines answering that are up (this really only applies to a few operating systems because not all will reply to this type of request, believe it or not windows will not respond to an ICMP_ECHO request from the broadcast address). You might also want to remember that issuing this type of request on a large network may also result in a DoS condition
To stop this type of scan from working all you usually have to do is block an IP directed broadcast at your border router.
To find the tools that I discussed above goto these following sites:
Another way to scan large networks at once is to send an ICMP_ECHO request to the broadcast adress on the target network. This will usually result in all the machines answering that are up (this really only applies to a few operating systems because not all will reply to this type of request, believe it or not windows will not respond to an ICMP_ECHO request from the broadcast address). You might also want to remember that issuing this type of request on a large network may also result in a DoS condition
To stop this type of scan from working all you usually have to do is block an IP directed broadcast at your border router.
To find the tools that I discussed above goto these following sites:
thanks..
No comments:
Post a Comment