Some general questions about Nping/Ncat

[David Lam <david () thedavid net>]

Hello all.
Just a few questions about Nping/Ncat (v.0.5.61TEST1), would appreciate it
someone can give me some insights into this.

1) It seems like Nping is having a hard time determining the adapter to use
when one is on a static IP address (not assigned by DHCP). When Nping is
run, it will report:
Device used for target host x.x.x.x seems to be down.
In addition, when more than one default gateways are available (e.g. LAN and
WLAN), sometimes Nping will get the adapters mixed up (e.g. it will send
packets out on the WLAN interface with the LAN's assigned IP address, rather
than sending packets out the LAN interface with the LAN's assigned IP
address.)

2) When using Nping to do a trace route (using --tr), is it possible to have
Nping resolve the IP addresses just like a normal trace route would?
I am currently using this command: nping --tcp -tr 4.2.2.1 -p 53 -delay 50ms
-H
In addition, in TCP traceroute mode, would it be possible to ask Nping to
stop once it gets an SYN-ACK response back from the destination host rather
than continuously hitting the host until the max TTL?

3) For ARP pings (nping --arp 192.168.0.1), RTT times are reported as N/A.
Is this intended?

4) Nping's broadcast ping doesn't seem to work (maybe it is related to issue
#1 I am having?) I can see the echo request go out and a lot of echo replies
coming back in, but Nping isn't registering any of them (nping 192.168.0.255
--dest-mac ff:ff:ff:ff:ff:ff -c 1).
When broadcast pings did work (I believe it was in an earlier version), I
remember that it outputted a lot of statistics that were appended on the
bottom. Is there a way to turn this off?
Also, would it be at all possible to ping 224.0.0.1 from a Windows
prespective?

5) Nping does not respect the --ws switch (nothing happens), which allows
the Windows Scaling to be set. Is this only intended for Linux systems or is
this no longer in use? (e.g. I can set the windows size to 1000 using --win
1000, but --win 1000 and --ws 8 also results in a TCP window size of 1000.
The correct window scaling factor was not reported in the outbound SYN
packet).

6) I was trying to diagnose a problem with a firewall which seemed to be
dropping packets when TCP window scaling was turned on and the TCP window
was almost zero (with dd for windows and ncat). Right now I know that it was
due to a software bug in the firewall's firmware that were causing window
miscalculations, but it would be nice if Ncat has implemented these
following features:
a. Ability to generate an infinite stream of random or zero data (just like
/dev/urandom or /dev/zero in Linux, but usable within a command switch in
Windows for send operations)
b. Configurable receive / send buffer sizes (e.g. mimicking TCP ZeroWindow
behavior)
c. Stop sending data (and close connection) after 'x' (bytes/KB/MB/GB) of
data.
d. Send data at rate (k|M|G)bps.
e. Connection statistics after the connection/session is ended (e.g. average
speed, min and max speeds, data loss rates (retransmissions) in TCP mode)
f. Ability to disable Nagle's algorithm? (or is Ncat not subject to Nagle?)
g. Ability to set TCP window size and window scaling values.

7) Would it also be possible to include Data payloads in Nping's generated
packets in ways that could solicit a reply (e.g. UDP DNS requests or BOOTP
requests)? If so, how?

Thanks all!
Best,
David
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/