Nmap Development mailing list archives
Re: Nping development
From: "Raul Siles" <raul.siles () gmail com>
Date: Tue, 6 Jan 2009 13:10:08 +0100
Hi, Just as a suggestion for future NPing versions (I understand this is not a design requirement of the initial version), I recommend to develop the tool architecture so that it can be easily extended throughout modules in the future with other layer-2 protocols. ARP ping is the first step, but if this tool becomes the hping-like reference, as it should be, it would be great to be able to craft other layer-2 packets, such as STP, CDP, VTP, DTP, 802.1Q, 802.1X, etc. Best regards, -- Raul Siles www.raulsiles.com On Mon, Jan 5, 2009 at 4:54 PM, Henri Doreau <henri.doreau () gmail com> wrote:
Hello, As David advised me to do, here is the list of options I intend to support for APing2. The goal is to support all the original Hping2 ones plus ARP pings and unprivilegied probes (tcp and udp). In a word : conform to the Nping's requirements published at http://nmap.org/SoC/Ncat.html. I didn't keep the hping's --apd-send option. MISC -h --help print out an help screen -v --version print out version number -c --count <packets> number of packets to send --max-retries <val> abort after <val> unreplied probes -i --interval <interval> idle time between probes -e --interface <interface> force using this interface -v increase verbosity level -z --bind increase ttl on ctrl+z (default to destination port) -Z --unbind unbind ctrl+z -6 use IPv6 MODE default mode TCP -P0 RAW IP mode -PI ICMP mode -PU UDP mode -PA ARP mode --listen <sign> listening mode --unprivilegied assume the user is not privilegied (only with TCP and UDP modes) ETHERNET --spoof-mac <mac address> spoof MAC address --dest-mac <mac address> set destination MAC address --eth-type <val> set ethernet type ARP --hardware-type <val> set hardware type --protocol-type <val> set protocol type --hardware-size <val> hardware addresses size --protocol-size <val> hardware addresses size --arp-opcode <val> set arp operation code --arp-sender-hw <mac address> set ARP sender MAC address --arp-sender-proto <IP address> set ARP sender protocol address --arp-target-hw <mac address> set ARP target MAC address (default 00:00:00:00:00:00) IP -S <ip address> spoof source IP address (I'm not sure for these two ones, how useful do you find them? especially the first one which would do the same thing than nmap's -iR : ) --rand-dest randomize destination addresses --rand-source randomize source address ( ------------------------------------ ) -t --ttl <val> ttl (default 64) -N --id <val> id (default random) -W --winid use win* id byte ordering -r --rel relativize id field -f --frag split packets in more frag. --morefrag set more fragments flag --dontfrag set dont fragment flag -g --fragoff <val> set the fragment offset -m --mtu <val> set virtual mtu, implies --frag if packet size > mtu --tos <val> type of service (default 0x00) -H --ipproto <proto> set the IP protocol field, only in RAW IP mode ICMP -C --icmptype <val> icmp type (default echo request) -K --icmpcode <val> icmp code (default 0) --force-icmp send all icmp types (default send only supported types) --icmp-gw <ip addr> set gateway address for ICMP redirect (default 0.0.0.0) --icmp-ipver <val> Set IP version of IP header contained into ICMP data --icmp-iphlen <val> Set IP header length of IP header contained into ICMP data, --icmp-iplen <val> Set IP packet length of IP header contained into ICMP data, --icmp-ipid <val> Set IP id of IP header contained into ICMP data. --icmp-ipproto <val> Set IP protocol of IP header contained into ICMP data. --icmp-cksum <val> Set a custom ICMP checksum. --icmp-ts Alias for --icmptype 13 (ICMP timestamp requests). --icmp-addr Alias for --icmptype 17 (ICMP address mask requests). --icmp-ipver <val> set ip version --icmp-iphlen <val> set ip header lenght --icmp-iplen <val> set ip total lengtht --icmp-ipid <val> set ip id --icmp-ipproto <val> set ip protocol --icmp-ipsrc <val> set ip source --icmp-ipdst <val> set ip destination --icmp-srcport <val> set tcp/udp source port --icmp-dstport <val> set tcp/udp destination port --icmp-cksum <val> set icmp checksum UDP/TCP -g --source-port <port> source port -p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec -k --keep don't change the source port bewteen probes -w --win <size> tcp window size (default 64) -O --tcpoff <val> set fake tcp data offset (instead of tcphdrlen / 4) -Q --seqnum shows only tcp sequence number --badsum send packets with a bad IP checksum -M --seq set TCP sequence number (--- There I'm not sure, according to you what were the best choice between --- ) -pN/pF/pX TCP Null, FIN, and Xmas probing --tcpflags <flags> Customize TCP probe flags (--- and/or --- ) -F --fin set FIN flag -S --syn set SYN flag -R --rst set RST flag -P --push set PUSH flag -A --ack set ACK flag -U --urg set URG flag -X --xmas set X unused flag (0x40) -Y --ymas set Y unused flag (0x80) ( ----------- ) --tcpexitcode use last tcp->th_flags as exit code --tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime COMMON --datalength <val> data size -E --file data from file -q --signature <sign> add signature befor datas -x --hexdump dump packets in hex -J --print dump printable characters -T --traceroute traceroute mode (implies --bind and --ttl 1) --tr-stop Exit when receive the first not ICMP in traceroute mode --tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop --tr-no-rtt Don't calculate/show RTT information in traceroute mode Well, not so easy to juggle with flags and find good compromises! Now waiting for your opinions about these choices. I attached a copy of this to the email in order to ensure readability. I wish you an happy new year! Cheers Henri _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Nping development Henri Doreau (Jan 05)
- Re: Nping development Raul Siles (Jan 06)