Ping Mapping
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Ping Mapping

  1. #1
    Senior Member
    Join Date
    Aug 2004
    Posts
    149

    Ping Mapping

    hello all, I was reading a little into networking the other day and the book had said something in regards to mapping a network with the ping command and tracert.. i did not really understand it clearly, i was wondering if someone can explain it in more detail..... i'm not asking how to hack or anything, i just found this interesting and would like to know more....

    thanks

  2. #2
    Senior Member
    Join Date
    May 2004
    Posts
    519
    (very basic - not detailed)

    ok if you use the tracert command it will show you all the hops it makes to get to the destination.. ie all the routers (ip address's) it goes through etc... tracert stands for trace route and that is exactly what it does .. traces the route to get to the destination.

    Ping is basically used to see if a host is up. for example if i ping hotmail.com and the reply looks like this:

    D:\WINNT>ping hotmail.com

    Pinging hotmail.com [64.4.32.7] with 32 bytes of data:

    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 64.4.32.7:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

    that means i cannot get to hotmail.com. if it looks like this

    D:\WINNT>ping hello.com

    Pinging hello.com [63.146.123.17] with 32 bytes of data

    Reply from 63.146.123.17: bytes=32 time=416ms TTL=236
    Reply from 63.146.123.17: bytes=32 time=413ms TTL=236
    Reply from 63.146.123.17: bytes=32 time=413ms TTL=236
    Reply from 63.146.123.17: bytes=32 time=389ms TTL=236

    Ping statistics for 63.146.123.17:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
    Approximate round trip times in milli-seconds:
    Minimum = 389ms, Maximum = 416ms, Average = 407ms

    that means i can reach hello.com


    that is very basic .. there is more to it than that ... but it should help you understand it



    the best way to learn is to muck aroud with these commands on a network

    http://searchnetworking.techtarget.c...214297,00.html

    www.whatis.com ask them what ping and treacrt are.

  3. #3
    Senior Member
    Join Date
    Aug 2004
    Posts
    149
    i understand how the commands work, i believe there is a way to map out an entire network using these two commands.........

    that was a very nice explantion though, however i am looking deeper into the two commands......

  4. #4
    Senior Member
    Join Date
    Jun 2004
    Posts
    112
    Actually it is not possible in most cases to map a network with just these two tools. With the ICMP protocol 'yes' maybe. You see most firewalls will block this kind of traffic so that you are unable to uses these commands to their full effect. You can however still learn a lot. I mean if the ping is blocked it can mean A) The computer is not up or B) The border router is blocking ICMP echo packets . See? Same with tracert (traceroute for *nix nuts) when you run the command if it times out on a particular hop it is possible that the router blocked the traffic at this point. Nmap is a tool you may really find fun and useful if you are enjoying using ping and tracert. It can be found here:


    http://www.insecure.org/nmap/

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    In linux you can use the "-b" option with the ping command to ping the network broadcast address (all ones in the host part of the address if read in binary). All boxes that accept ICMP echo requests should respond, but if it's behind a firewall or is blocking ICMP Echo then you are out of luck (which will be the case a lot of the time).

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Well IMO Tracert's already out of the question, kinda. All it does is determine the number of hop's it take's to reach a certain location/IP. Perhap's using it to determine a location and how long it take's to get there, and then pinging it to determine if it's reachable? Anyways, I don't think what you're saying can be done.
    Space For Rent.. =]

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Actually it is not possible in most cases to map a network with just these two tools.
    Well IMO Tracert's already out of the question, kinda. All it does is determine the number of hop's it take's to reach a certain location/IP.
    Tsk, tsk. I'm very dissapointed in you boys....

    The truth is that you can map out networks using these two tools. In fact, when used properly, tracert can tell you where routers and firewalls are positioned on the network. What do you think the return IP addresses come from when you receive your tracert results? ICMP has much more capabilities than just receiving echo replies too.
    Have a look here:
    http://www.iana.org/assignments/icmp-parameters
    See anything that might be useful? If not, pay special attention to type 11

    There are many papers written on how to map networks with tracert. I wrote about 3 of them. If any of you have (I believe) the hacking exposed books, it is outlined in there. I'm not 100% sure about the book but I did see it either in hacking exposed or one of those horrible ankit fadia books.

    Now, once you have a network map, move on to a uber leet tool like NMAP to get real information about the devices. By the day's end, you'll have a very accurate view of the network architecture.

    In case you don't have access to these books, have a look at this older article and read it top to bottom.

    http://www.networkmagazine.com/article/NMG20000829S0003
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Hacking Exposed, TH13.

    I remember reading these a while ago and they might provide some insight or ideas: (by Ofir Arkin) using ICMP to determine OS. In addition, simplistic tools can get a fair amount of info as long as your patient, determined and set a methodology so you don't repeat yourself. Additionally, you can look at the default TTLs to determine OS.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    At the risk of sounding self-serving some of the answers you seek are right here on AO.

    Hope this helps....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    There is a little bit of confusion in this thread!!

    You send a data packet to a computer and it send one back to you saying it is there........ How can you not map a network with this?????????

    One of the easiest and most basic ways of mapping out most class C networks it to conduct a ping sweep! You could try it on a class A nework I suppose, if you have a few days to spare.

    There are a few ways to do it:

    The -sP command with Nmap
    Fping for *nix
    Ping Sweep - this one is not free though!
    Ping Pro Pack
    Or for the more advanced user Hping2

    Or there is the manual way from the command line or shell. Once you have an IP address run a whois and see what IP Range (if any) they have assigned to them and ping each one in turn. You would need a lot of time on your hands for this way!

    Of course systems can be configured to block ICMP traffic, so obviously thats where port scanning comes in, i.e Nmap or more specificaly the -PT option in Nmap.

    Most Sys Admins will explicitly look for this type of traffic in the firewall logs however as it is proberbly the first step of active footprinting, so be carefull!

    As for Traceroute, if you send an IP packet to a specific computer and on its way there is tells you the IP address of every computer it passes through, How can you not use this info to map a network????

    If you know how to read the info it send back to you, you can even use this to identify routers, firewalls etc

    A lot depends on the configuration of the network and the abilities of the sys admin though!!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •