Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Ping not useing ICMP?

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default Ping not useing ICMP?

    I recently have been working with Nemesis cause it fits on my router perfectly (its small). I did some searching on the forum to see if anyone has made any witty tuts for it, I found one post of interest and it made me think:

    Ping and non-existent IP using Nemesis:
    - nemesis arp -S 192.168.1.1 -D 255.255.255.255

    It resolves a MAC faster then ping.

    My question is: is there a way to using Nemesis to "Ping" a computer like this without using a ICMP packet?

    Iv done some light googling for nemesis and did not find very much. Does anyone know a good resource for information about it? (besides the website) Ill play with it later on my network and break some stuff.

  2. #2
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    tcp
    nemesis tcp -s 1000 -x 80 -y 80 -S 192.168.1.5 -D 192.168.1.6 -H 11:22:33:44:55:66 -M 11:22:33:44:55:66
    Look for syn/ack, fin, rst
    You could proable use udp, but that will use icmp

  3. #3
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    Oh I get it... but 1 question. I don't mean to sound stupid by why do I need to specify the sequence number, and why 1000? Also why do I need to specify -H and -M if i specified -S and -D?

  4. #4
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    Oh I get it... but 1 question. I don't mean to sound stupid by why do I need to specify the sequence number, and why 1000? Also why do I need to specify -H and -M if i specified -S and -D?
    You proable don't need to specify the dest MAC, but you will need to specify the source MAC, as when it leaves you gateway, it will have the source IP of the gateway, and need your mac to send it to you. The seq number should make it repley trying to start a connection or say its block, but i think you could send FIN and syn/ack and rst, and the target should repley. Nmap has those scans. The 1000 is more than 0

  5. #5
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Is in an "ARP ping" you're looking for? You just want to send out an ARP request and listen for an ARP reply, that right? If so, here's the quickest way:

    arping -I wlan0 10.6.0.1 (That switch is an uppercase "eye", not an L)

    (Coincidentally this is the second time I've posted about ARP ping today)
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  6. #6
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Not forgetting that ICMP and IP are not stopped when they hit a router/bridge etc.

    Arping (arp) is only accurte/reliable if you are on the same branch of the network.

    There is also nmap which can test UDP ports with -P0 (no ping), however I'm not sure on the technacalities of doing this.
    wtf?

  7. #7
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    Quote Originally Posted by Andy90 View Post
    Not forgetting that ICMP and IP are not stopped when they hit a router/bridge etc.

    Arping (arp) is only accurte/reliable if you are on the same branch of the network.

    There is also nmap which can test UDP ports with -P0 (no ping), however I'm not sure on the technacalities of doing this.
    Im trying to see if I can ping my router from the WAN when im blocking ICMP requests using nemesis. ARP would work if I was in the same network, but I dont think from the WAN.

  8. #8

    Default

    I'm not familar with nemesis, so don't know it's capabilities. Try sending a different ICMP packet such as type 13,14,15 or 16 (or anything other than an echo request). If you can send a TCP packet, try sending a SYN to port 113 (identd). Lots of SOHO devices have this port open by default for some reason.

  9. #9
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    Quote Originally Posted by cybrsnpr View Post
    I'm not familar with nemesis, so don't know it's capabilities. Try sending a different ICMP packet such as type 13,14,15 or 16 (or anything other than an echo request). If you can send a TCP packet, try sending a SYN to port 113 (identd). Lots of SOHO devices have this port open by default for some reason.
    Whats the whole point of identd anyway come to think of it, never figured that one out and google just made things worse...

  10. #10

    Default

    Quote Originally Posted by >Dart> View Post
    Whats the whole point of identd anyway come to think of it, never figured that one out and google just made things worse...
    It is suppose to provide info about a queried connection (According to RFC 1413). It's a really old, legacy protocol from the "old days" of the internet.
    In practical terms, if you run nmap in O/S detect mode against it, the port will give up a fair amount of info about itself.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •