Nmap Development mailing list archives
[Call for testers] New Nping Echo Mode.
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Sat, 14 Aug 2010 03:28:55 +0200
Hi! As many of you may know, Fyodor and I have been working on a new feature in Nping: "the Echo Mode". This new mode lets you verify that packets were received by the server and also see any modifications by intermediate devices (network address translation, port forwarding, etc.). We achieve this splitting Nping into two parts (only for echo mode): a client and a server. The server acts as a remote sniffer, capturing the packets that reach it. The client sends probes to the server normally. Whenever the server sees one of the client's probes, it returns a copy of what it saw to the client, via a special TCP connection that is previously established between them. As the client obtains a copy of the packet that the server receives, and also knows what the packet looked like when it sent it, it is able to display both versions of the packet. With this, things like NAT devices become immediately apparent to the client because it notices the changes in the source IP address. Other devices like traffic shapers that change TCP window sizes transparently, turn up too. Of course if the whole packet is dropped en route and not received by the server, that is useful information to learn from echo mode. This feature is implemented already. It's in the following branch: nmap-exp/luis/nmap-echo/nping. We hope to merge this to the main trunk soon (Wednesday 18th), but we need people to test it first. You can download and compile it as so: svn co --username guest --password "" svn://svn.insecure.org/nmap-exp/luis/nmap-echo cd nmap-echo ./configure make -j4 The nping executable will then be in the nping subdirectory. I've set up an Echo server on a remote host (echo.nmap.org), so you don't have to set up both ends. You can run echo clients against it using any of the following commands (root privileges needed): nping --echo-client "public" echo.nmap.org --tcp nping --echo-client "public" echo.nmap.org --icmp nping --echo-client "public" echo.nmap.org --udp The output you get should be something like this: Starting Nping 0.5.35DC18 ( http://nmap.org/nping ) at 2010-08-13 19:35 CEST SENT (0.9470s) UDP 10.22.1.8:53 > 178.79.132.93:40125 ttl=64 id=6932 iplen=28 CAPT (1.0340s) UDP 80.38.7.3:34978 > 178.79.132.93:40125 ttl=50 id=6932 iplen=28 RCVD (1.1210s) ICMP 178.79.132.93 > 10.22.1.8 Port unreachable (type=3/code=3) ttl=49 id=22379 iplen=56 [...] SENT (4.9510s) UDP 10.22.1.8:53 > 178.79.132.93:40125 ttl=64 id=6932 iplen=28 CAPT (5.0380s) UDP 80.38.7.3:34978 > 178.79.132.93:40125 ttl=50 id=6932 iplen=28 RCVD (5.1240s) ICMP 178.79.132.93 > 10.22.1.8 Port unreachable (type=3/code=3) ttl=49 id=22383 iplen=56 Max rtt: 192.161ms | Min rtt: 135.117ms | Avg rtt: 164.784ms Raw packets sent: 5 (140B) | Rcvd: 5 (280B) | Lost: 0 (0.00%)| Echoed: 5 (140B) Tx time: 4.00406s | Tx bytes/s: 34.96 | Tx pkts/s: 1.25 Rx time: 5.00541s | Rx bytes/s: 55.94 | Rx pkts/s: 1.00 Nping done: 1 IP address pinged in 6.03 seconds Lines starting with SENT correspond to the probes being sent by Nping. Lines starting with CAPT are the version of the SENT packet that was captured by the server (notice how things like source address or TTL change). Lines starting with RCVD are replies to the SENT packets. For more information about the echo mode, please refer to the Echo mode section of Nping's reference guide, available at http://nmap.org/book/nping-man-echo-mode.html. For technical information about the internal protocol used by client and server to communicate, check the Nping Echo Protocol specification RFC at http://nmap.org/svn/nping/docs/EchoProtoRFC.txt. Well, I hope you like the new feature. Please let me know of any problem you find. Thanks and regards, Luis MartinGarcia. PS: I'd appreciate it if some of you sent me, off-the-list, the output you get running those commands appending "-vvv" to them. This is for personal research purposes. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Call for testers] New Nping Echo Mode. Luis MartinGarcia. (Aug 13)