Results 1 to 8 of 8

Thread: Alternative to ping non existent ip

  1. #1
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Lightbulb Alternative to ping non existent ip

    we all know that pinging a non existent ip on the same network that we are sniffing will produce an arp request, that's weird, but it's true

    it's useful for the -3 attack, when you are sniffing your own network & when you don't want waiting an arp coming

    go on an other computer connected top this network(or a 2nd card in your laptop .....) and do the ping

    i find another method that some of you must know but i want to share with those who don't know it....

    the nemesis arp method

    on the other computer (or same if 2 cards in laptop & connected to net)
    nemesis arp -S 192.168.1.1 -D 255.255.255.255

    -v verbose -S source ip IP of AP
    -D destination (broadcast)

    that will release one or 2 arp by broadcasting an arp request on the network you immediatly see airodump catching the 2 new arp

    BEFORE
    CH 10 ][ Elapsed: 8 mins ][ 2007-08-12 04:14

    BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ES

    00:1A:6B:04:9E:2F 110 100 4716 246 0 10 54 WEP WEP L

    BSSID STATION PWR Rate Lost Packets Probes



    AFTER
    CH 10 ][ Elapsed: 8 mins ][ 2007-08-12 04:15

    BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ES

    00:1A:6B:04:9E:2F 110 100 4743 248 0 10 54 WEP WEP L

    BSSID STATION PWR Rate Lost Packets Probes

    00:1A:6B:04:9E:2F 00:1B:77:32:4E:EF 116 24-54 0 8


    i think it's a 100 % work versus ping method wich may not work sometimes

    hope you enjoy this little trick
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  2. #2

    Default Nice tip,

    I was one who did not know this. Thanks for posting it shamanvirtuel.

    I will defently give this a try on my network once I
    a) Unbrick my wrt54g
    b) get a new AP

    heh oh well plenty of reading to do while its borked.
    15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
    1000HE EEE 30 gig SSD 2 gigs Ram

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Nice post, that makes sense but I might not have thought to try that...

  4. #4
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    it's also more logic than pinging a non existant ip.....
    which is really weird no ?

    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    The first thing I thought of was the old trick of putting a static IP in your arp table to get your laptop to connect to a system you know the MAC but not the IP in a large remote network. Not exactly the same, but a clever trick/way to use the tech, like yours

  6. #6
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by shamanvirtuel View Post
    it's also more logic than pinging a non existant ip.....
    which is really weird no ?

    I don't think its weird at all. Open up a new console, ping 192.168.1.### and you're off. It's simple.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  7. #7
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    i mean i don't understand why the fact pinging such of ips, make an arp broadcast in the network....

    if you can explain why logically it happens when we ping a non existent ip, i would very happy.....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  8. #8
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Well, in order to do a ping, you need to do an arp because when you are pinging on your local network, you first need to do an arp request to find out the MAC address of the node you are trying to ping. (MAC layer, layer 2)

    So when you ping, you actually send out a Layer 2/MAC broadcast to FF:FF:FF:FF:FF:FF asking who has 192.168.0.1 and you'll see in a packet capture that you'll see a reply if someone has it. (Like AB:CD:EF:12:34:56 has 192.168.0.1) This is the layer 2 part of a ping, IF you are in the same broadcast domain [I'm pretty sure you are if you are on a specific BSSID on an access point.] as the IP you are trying to find. If you are on a different subnet/broadcast domain, then arp entry for a remote IP is the mac address of your router.

    Now because this (the ping) is happening at the network layer it would be nice to see what happening one layer below that, at the MAC layer. For this we can use the arp command.

    You can do an info on arp to see what options you have.

    If you do an arp -a this will show you the full arp table.

    If you don't see the MAC address of the workstation that you are trying to ping in arp table then will never be able to ping that MAC address. (Unless you put a static entry in)

    HTH if the above is confusing, here's a good starting point...http://www.linux.com/articles/50596 there is a good link to an overview of ARP in networking that explains why you can't have IPs without ARP...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •