Nmap Development mailing list archives
New Nping! Call for testers...
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Sun, 18 Nov 2012 23:39:34 +0100
Hi! I am glad to announce that the new version of Nping is ready to be tested. This version is a major rewrite of important parts of the tool and brings some new exciting functionality. Please see below for the changelog. To test it, run the following: svn co https://svn.nmap.org/nmap-exp/luis/nmap-npingchanges cd nmap-npingchanges ./configure && make sudo make install Please report any bugs you find. Any other kind of feedback will be greatly appreciated. Thank you and best regards, Luis MartinGarcia. ========= CHANGELOG ========= [+] Added proper support for IPv6 and ICMPv6. $ sudo nping ::1 $ sudo nping/nping ::1 --icmp6-type rr -vv $ sudo nping/nping ::1 --icmp6-type redir -vv $ sudo nping/nping ::1 --icmp6-type niq -vv $ sudo nping/nping ::1 --icmp6-type gmq -vv [+] Added the ability to deal with IPv4 and IPv6 hosts at the same time. As far as I know, Nping is one of the first tools that is able to do that. $ sudo nping ::1 127.0.0.1 [+] Added the ability to handle multiple interfaces at the same time (for both sending and capturing packets). In other words, Nping may now send an receive packets to/from hosts that are reachable through different network interfaces in the same run. This includes the loopback interface. $ sudo nping scanme.nmap.org 127.0.0.1 192.168.1.1 [+] Added the ability to send more than one type of packet to each host. This lets us do things like an Nmap ping scan, and send TCP, ARP an ICMP on the same run. $ sudo nping scanme.nmap.org --icmp --tcp --udp [+] Added the ability to use custom different ports for each packet. Basically it now lets user specify port ranges for TCP/UDP source ports. Such ports will be set in a round robin fashion. $ sudo nping scanme.nmap.org --tcp -p 78-82 -g 4550-4554 [+] Improve target address specification. Now if targets are supplied as IP addresses (IPv4 in dot-decimal notation, or IPv6 in the colon hexadecimal notation), it doesn't matter which address family is set globally. So even if users pass -6, if one of the targets is something like 74.207.254.18, IPv4 will be used for that target. Obviously, the same thing applies for '-4' and addresses like 2600:3c01::f03c:91ff:fe96:967c. $ sudo nping 2a03:2880:10:cf01:face:b00c:: 66.220.149.88 $ sudo nping -6 scanme.nmap.org 74.207.244.221 [+] Added the ability to request custom address family when resolving hostnames. If the ipv4:// prefix is prepended to the hostname, a DNS query for A records will be performed. If ipv6:// is used, then the query will be for AAAA records. Note that Nping can resolve IPv6 names even when there is no explicit IPv6 DNS server configured on the system (as long as the default IPv4 DNS server contains AAAA records). $ sudo nping scanme.nmap.org ipv6://google.com 192.168.1.1 $ sudo nping ipv6://scanme.nmap.org ipv4://scanme.nmap.org [+] Added the ability to inject payloads in TCP-Connect mode. This lets us do cool things like targeting a /16 on port 80 and injecting a payload of "GET / HTTP/1.0\r\n" to all hosts that have that port open. $ sudo nping --tcp-connect -p80 scanme.nmap.org -data \ 0x474554202f20485454502f312e300d0a0d0a [+] Added the ability to read bytes sent by the targets in TCP-Connect mode. This is useful for services that send data automatically after they detect a new TCP connection (like the Nping Echo Server), or when when inject payloads into the TCP connection. $ sudo nping --tcp-connect -p9929 echo.nmap.org Starting Nping 0.6.02 ( http://nmap.org/nping ) at 2012-10-16 SENT (0.0000s) Starting TCP Handshake > 74.207.244.221:9929 RECV (0.1800s) Handshake with 74.207.244.221:9929 completed DATA (1.3160s) 96 bytes received from 74.207.244.221:9929 [+] Make Nping smarter about responses. Before, we just built a BPF filter and printed anything that got through the filter. Now, it has a matching engine that determines if a given captured packet is a response to a probe that it sent before. This works for TCP, UDP, etc., but also for all sorts of weird things like multicast listener discovery queries, ICMPv6 Router solicitations, ICMPv4 timestamp requests, malformed packets, and so on. [+] Improved the scheduling engine. Nping is now a lot more precise and keeps an accurate inter-packet delay (it takes into account the time it takes to do stuff, not only waits for X millisecs before sending the next packet). Note that due to limitations imposed by Nsock, this only works well for rates of less than 1000 packets per second, but it does offer a significant improvement over the old engine. [+] Improved packet statistics. Now Nping provides accurate per-protocol statistics, even when targeting IPv4 and IPv6 hosts at the same time, sending multiple types of packets. Also for TCP connects() issued, connections accepted, unprivileged UPD reads and writes, etc. Statistics for host 173.194.34.0 (google.com): |_ Raw packets sent: 10 (340B) | Rcvd: 10 (360B) | Lost: 0 (0.00%) |_ TCP packets sent: 5 | Rcvd: 5 | Lost: 0 (0.00%) |_ ICMPv4 packets sent: 5 | Rcvd: 5 | Lost: 0 (0.00%) |_ Max rtt: 33.473ms | Min rtt: 27.786ms | Avg rtt: 30.791ms Statistics for host 74.207.244.221 (scanme.nmap.org): |_ Raw packets sent: 10 (340B) | Rcvd: 10 (360B) | Lost: 0 (0.00%) |_ TCP packets sent: 5 | Rcvd: 5 | Lost: 0 (0.00%) |_ ICMPv4 packets sent: 5 | Rcvd: 5 | Lost: 0 (0.00%) |_ Max rtt: 180.292ms | Min rtt: 167.251ms | Avg rtt: 174.430ms Raw packets sent: 20 (680B) | Rcvd: 20 (720B) | Lost: 0 (0.00%) TCP packets sent: 10 | Rcvd: 10 | Lost: 0 (0.00%) ICMPv4 packets sent: 10 | Rcvd: 10 | Lost: 0 (0.00%) Max rtt: 180.292ms | Min rtt: 27.786ms | Avg rtt: 102.609ms Tx time: 8.99956s | Tx bytes/s: 75.56 | Tx pkts/s: 2.22 Rx time: 9.72190s | Rx bytes/s: 74.06 | Rx pkts/s: 2.06 Nping done: 2 IP addresses pinged in 9.95 seconds [+] Made Nping smarter when deciding how many millisecs should it wait for after the last sent packet, in order to receive a reply. Instead of waiting for a full interpacket delay, it now takes into account the maximum observed RTT and waits a decent amount of time to let slower replies reach Nping but without having to wait for a full inter-packet delay if it's not necessary. [+] Fixed important bug in the Nping Echo Server. The IP Identification field in NEP_PACKET_SPEC packets was being sent in host byte order. The echo server was expecting network byte order and therefore, the Identification field was never being matched. Embarrassing... [+] Improved the way we compute the display time for CAPT packets. Now we compute the CAPT time as follows: if we have a RCVD reply for the last SENT probe, we assume that the CAPT packet was captured at the server side (SENT_TIME+RCVD_TIME)/2 seconds ago. If we don't have any replies, we compute a fake RTT by using the time we got the NEP_ECHO message as the RCVD_TIME, and do the same calculation. [+] Made Nping smarter about the protocol fields that need to vary for every packets (IPID, TCP Seq, TCP Ack, ICMP seq, etc). [+] Added the ability to pass custom IPv4 fragment offsets. [+] Added the ability to set the IPv4 reserved flag (X flag). [+] Added the ability to manipulate checksums. Now --badsum and --badsum-ip for all protocols (TCP, UDP, ICMP, IPv4, IPv6). Also, it is now possible to and set custom checksum values from the command line. [+] Added the ability to print link layer info (info from sent/rcvd Ethernet frames). This can be done by passing --show-eth [+] Now, in low detail mode (the default), when the ACK flag is set, the value in the TCP Acknowledgment field gets printed out. [+] Now, if users pass a hostname, it gets printed in the stats. Before, only the IP addresses were shown. [+] Multiple minor bugfixes. ========================== CHANGELOG (DEVELOPER SIDE) ========================== [+] Rewritten the entire probe engine. ProbeMode:: is gone, now we have ProbeEngine:: [+] IPv4 and IPv6 addresses are now represented by a generic class: IPAddress. The class contains all kinds of helper methods, which make our life easier, letting us deal with both address versions in an easy way. Lot better than dealing with sockaddr_storage structs. [+] MAC addresses are now represented by the generic class MACAddress. [+] Target hosts are now represented by the TargetHost class. No more NpingTarget and NpingTargets classes. To simplify, several targets are handled just by using a regular array of TargetHost objects. No need for a a TargetHosts class. [+] Added class NetworkInterface to represent network devices. [+] Cleaned up NpingOps. Lots of useless and unused methods removed. [+] Added HeaderTemplates. This is, code to express default values for protocol header fields. [+] Added the ProtoField class, something that represents protocol fields and lets us do stuff like incrementing field values, setting random values, setting custom discrete values, etc. In future releases this will allow users to specify if any protocol field should be randomly generated, incremented by one for each packet, or take a set of discrete values. The functionality is there, we just need to modify the arg parser to let users access it. [+] Some other code refactorings. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New Nping! Call for testers... Luis MartinGarcia. (Nov 18)
- Re: New Nping! Call for testers... David Fifield (Nov 19)
- Re: New Nping! Call for testers... Keith Christian (Dec 10)
- Re: New Nping! Call for testers... Luis MartinGarcia (Dec 18)
- Re: New Nping! Call for testers... David Fifield (Dec 18)