tcp
nemesis tcp -s 1000 -x 80 -y 80 -S 192.168.1.5 -D 192.168.1.6 -H 11:22:33:44:55:66 -M 11:22:33:44:55:66
Look for syn/ack, fin, rst
You could proable use udp, but that will use icmp
Ping not useing ICMP?
I recently have been working with Nemesis cause it fits on my router perfectly (its small). I did some searching on the forum to see if anyone has made any witty tuts for it, I found one post of interest and it made me think:
Ping and non-existent IP using Nemesis:
- nemesis arp -S 192.168.1.1 -D 255.255.255.255
It resolves a MAC faster then ping.
My question is: is there a way to using Nemesis to "Ping" a computer like this without using a ICMP packet?
Iv done some light googling for nemesis and did not find very much. Does anyone know a good resource for information about it? (besides the website) Ill play with it later on my network and break some stuff.
tcp
nemesis tcp -s 1000 -x 80 -y 80 -S 192.168.1.5 -D 192.168.1.6 -H 11:22:33:44:55:66 -M 11:22:33:44:55:66
Look for syn/ack, fin, rst
You could proable use udp, but that will use icmp
Oh I get it... but 1 question. I don't mean to sound stupid by why do I need to specify the sequence number, and why 1000? Also why do I need to specify -H and -M if i specified -S and -D?
You proable don't need to specify the dest MAC, but you will need to specify the source MAC, as when it leaves you gateway, it will have the source IP of the gateway, and need your mac to send it to you. The seq number should make it repley trying to start a connection or say its block, but i think you could send FIN and syn/ack and rst, and the target should repley. Nmap has those scans. The 1000 is more than 0Oh I get it... but 1 question. I don't mean to sound stupid by why do I need to specify the sequence number, and why 1000? Also why do I need to specify -H and -M if i specified -S and -D?
Is in an "ARP ping" you're looking for? You just want to send out an ARP request and listen for an ARP reply, that right? If so, here's the quickest way:
arping -I wlan0 10.6.0.1 (That switch is an uppercase "eye", not an L)
(Coincidentally this is the second time I've posted about ARP ping today)
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
Not forgetting that ICMP and IP are not stopped when they hit a router/bridge etc.
Arping (arp) is only accurte/reliable if you are on the same branch of the network.
There is also nmap which can test UDP ports with -P0 (no ping), however I'm not sure on the technacalities of doing this.
wtf?
Im trying to see if I can ping my router from the WAN when im blocking ICMP requests using nemesis. ARP would work if I was in the same network, but I dont think from the WAN.Originally Posted by Andy90
I'm not familar with nemesis, so don't know it's capabilities. Try sending a different ICMP packet such as type 13,14,15 or 16 (or anything other than an echo request). If you can send a TCP packet, try sending a SYN to port 113 (identd). Lots of SOHO devices have this port open by default for some reason.
Whats the whole point of identd anyway come to think of it, never figured that one out and google just made things worse...
It is suppose to provide info about a queried connection (According to RFC 1413). It's a really old, legacy protocol from the "old days" of the internet.
In practical terms, if you run nmap in O/S detect mode against it, the port will give up a fair amount of info about itself.
Posting Permissions