[Call for testers] New Nping Echo Mode.

["Luis MartinGarcia." <luis.mgarc () gmail com>]

Hi!

As many of you may know, Fyodor and I have been working on a new
feature in Nping: "the Echo Mode". This new mode lets you verify that
packets were received by the server and also see any modifications by
intermediate devices (network address translation, port forwarding,
etc.).  We achieve this splitting Nping into two parts (only for echo
mode): a client and a server. The server acts as a remote sniffer,
capturing the packets that reach it. The client sends probes to the
server normally. Whenever the server sees one of the client's probes,
it returns a copy of what it saw to the client, via a special TCP
connection that is previously established between them.

As the client obtains a copy of the packet that the server receives,
and also knows what the packet looked like when it sent it, it is able
to display both versions of the packet.  With this, things like NAT
devices become immediately apparent to the client because it notices
the changes in the source IP address. Other devices like traffic
shapers that change TCP window sizes transparently, turn up too.  Of
course if the whole packet is dropped en route and not received by the
server, that is useful information to learn from echo mode.

This feature is implemented already. It's in the following branch:
nmap-exp/luis/nmap-echo/nping. We hope to merge this to the main trunk
soon (Wednesday 18th), but we need people to test it first.  You can
download and compile it as so:

svn co --username guest --password ""
svn://svn.insecure.org/nmap-exp/luis/nmap-echo
cd nmap-echo
./configure
make -j4

The nping executable will then be in the nping subdirectory.

I've set up an Echo server on a remote host (echo.nmap.org), so you
don't have to set up both ends. You can run echo clients against it
using any of the following commands (root privileges needed):

nping --echo-client "public" echo.nmap.org --tcp
nping --echo-client "public" echo.nmap.org --icmp
nping --echo-client "public" echo.nmap.org --udp

The output you get should be something like this:

Starting Nping 0.5.35DC18 ( http://nmap.org/nping ) at 2010-08-13 19:35 CEST
SENT (0.9470s) UDP 10.22.1.8:53 > 178.79.132.93:40125 ttl=64 id=6932
iplen=28
CAPT (1.0340s) UDP 80.38.7.3:34978 > 178.79.132.93:40125 ttl=50 id=6932
iplen=28
RCVD (1.1210s) ICMP 178.79.132.93 > 10.22.1.8 Port unreachable
(type=3/code=3) ttl=49 id=22379 iplen=56
[...]
SENT (4.9510s) UDP 10.22.1.8:53 > 178.79.132.93:40125 ttl=64 id=6932
iplen=28
CAPT (5.0380s) UDP 80.38.7.3:34978 > 178.79.132.93:40125 ttl=50 id=6932
iplen=28
RCVD (5.1240s) ICMP 178.79.132.93 > 10.22.1.8 Port unreachable
(type=3/code=3) ttl=49 id=22383 iplen=56
 
Max rtt: 192.161ms | Min rtt: 135.117ms | Avg rtt: 164.784ms
Raw packets sent: 5 (140B) | Rcvd: 5 (280B) | Lost: 0 (0.00%)| Echoed: 5
(140B)
Tx time: 4.00406s | Tx bytes/s: 34.96 | Tx pkts/s: 1.25
Rx time: 5.00541s | Rx bytes/s: 55.94 | Rx pkts/s: 1.00
Nping done: 1 IP address pinged in 6.03 seconds

Lines starting with SENT correspond to the probes being sent by Nping.
Lines starting with CAPT are the version of the SENT packet that was
captured by the server (notice how things like source address or TTL
change). Lines starting with RCVD are replies to the SENT packets.

For more information about the echo mode, please refer to the Echo mode
section of Nping's reference guide, available at
http://nmap.org/book/nping-man-echo-mode.html. For technical
information about the internal protocol used by client and server to
communicate, check the Nping Echo Protocol specification RFC at
http://nmap.org/svn/nping/docs/EchoProtoRFC.txt.

Well, I hope you like the new feature. Please let me know of any problem
you find.

Thanks and regards,


Luis MartinGarcia.


PS: I'd appreciate it if some of you sent me, off-the-list, the output
you get running those commands appending "-vvv" to them. This is for
personal research purposes.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/