Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Nmap 6: Network Exploration and Security Auditing Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Nmap 6: Network Exploration and Security Auditing Cookbook

Nmap 6: Network Exploration and Security Auditing Cookbook

4.7 (9)
close
close
Nmap 6: Network Exploration and Security Auditing Cookbook

Nmap 6: Network Exploration and Security Auditing Cookbook

4.7 (9)

Overview of this book

Nmap is a well known security tool used by penetration testers and system administrators. The Nmap Scripting Engine (NSE) has added the possibility to perform additional tasks using the collected host information. Tasks like advanced fingerprinting and service discovery, information gathering, and detection of security vulnerabilities."Nmap 6: Network exploration and security auditing cookbook" will help you master Nmap and its scripting engine. You will learn how to use this tool to do a wide variety of practical tasks for pentesting and network monitoring. Finally, after harvesting the power of NSE, you will also learn how to write your own NSE scripts."Nmap 6: Network exploration and security auditing cookbook" is a book full of practical knowledge for every security consultant, administrator or enthusiast looking to master Nmap. The book overviews the most important port scanning and host discovery techniques supported by Nmap. You will learn how to detect mis-configurations in web, mail and database servers and also how to implement your own monitoring system. The book also covers tasks for reporting, scanning numerous hosts, vulnerability detection and exploitation, and its strongest aspect; information gathering.
Table of Contents (18 chapters)
close
close
Nmap 6: Network Exploration and Security Auditing Cookbook
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface
References
Index

Detecting NAT with Nping


Nping was designed for packet crafting and traffic analysis and is perfect for a variety of networking tasks.

The following recipe will introduce Nping by showing how to perform NAT detection with some help of the Nping Echo protocol.

How to do it...

Open a terminal and enter the following command:

# nping --ec "public" -c 1 echo.nmap.org

This will result in an output stream similar to the following example:

Nping will return the packet traffic between the client and the Nping echo server echo.nmap.org:

Starting Nping 0.5.59BETA1 ( http://nmap.org/nping ) at 2011-10-27 16:59 PDT 
SENT (1.1453s) ICMP 192.168.1.102 > 74.207.244.221 Echo request (type=8/code=0) ttl=64 id=47754 iplen=28 
CAPT (1.1929s) ICMP 187.136.56.27 > 74.207.244.221 Echo request (type=8/code=0) ttl=57 id=47754 iplen=28 
RCVD (1.2361s) ICMP 74.207.244.221 > 192.168.1.102 Echo reply (type=0/code=0) ttl=53 id=37482 iplen=28 

Max rtt: 90.751ms | Min rtt: 90.751ms | Avg rtt: 90.751ms 
Raw packets sent: 1 (28B) | Rcvd: 1 (46B) | Lost: 0 (0.00%)| Echoed: 1 (28B) 
Tx time: 0.00120s | Tx bytes/s: 23236.51 | Tx pkts/s: 829.88 
Rx time: 1.00130s | Rx bytes/s: 45.94 | Rx pkts/s: 1.00 
Nping done: 1 IP address pinged in 2.23 seconds 

Take note of the source address 192.168.1.102 in the first packet marked as SENT.

 SENT (1.1453s) ICMP 192.168.1.102 > 74.207.244.221 Echo request (type=8/code=0) ttl=64 id=47754 iplen=28 

Compare this address to the source address in the second packet marked as CAPT.

CAPT (1.1929s) ICMP 187.136.56.27 > 74.207.244.221 Echo request (type=8/code=0) ttl=57 id=47754 iplen=28 

The addresses are different, indicating the presence of NAT.

How it works...

Nping's echo mode was designed to help troubleshoot firewall and routing problems. Basically, it returns a copy of the received packet back to the client.

The command is:

# nping --ec "public" -c 1 echo.nmap.org

It uses Nping's echo mode (--ec or --echo-client) to help us analyze the traffic between Nmap's Nping echo server, to determine if there is a NAT device on the network. The argument after –ec corresponds to a secret passphrase known by the server to encrypt and authenticate the session.

The flag -c is used to specify how many iterations of packets must be sent.

There's more...

With Nping it is really simple to generate custom TCP packets. For example, to send a TCP SYN packet to port 80, use the following command:

# nping --tcp -flags syn -p80 -c 1 192.168.1.254

This will result in the following output:

SENT (0.0615s) TCP 192.168.1.102:33599 > 192.168.1.254:80 S ttl=64 id=21546 iplen=40  seq=2463610684 win=1480 
RCVD (0.0638s) TCP 192.168.1.254:80 > 192.168.1.102:33599 SA ttl=254 id=30048 iplen=44  seq=457728000 win=1536 <mss 768> 

Max rtt: 2.342ms | Min rtt: 2.342ms | Avg rtt: 2.342ms 
Raw packets sent: 1 (40B) | Rcvd: 1 (46B) | Lost: 0 (0.00%) 
Tx time: 0.00122s | Tx bytes/s: 32894.74 | Tx pkts/s: 822.37 
Rx time: 1.00169s | Rx bytes/s: 45.92 | Rx pkts/s: 1.00 
Nping done: 1 IP address pinged in 1.14 seconds 

Nping is a very powerful tool for traffic analysis and packet crafting. Take a moment to go through all of its options by using the following command:

$ nping -h 

Nping Echo Protocol

To learn more about the Nping Echo Protocol visit http://nmap.org/svn/nping/docs/EchoProtoRFC.txt.

See also

  • The Finding live hosts in your network recipe

  • The Comparing scan results with Ndiff recipe

  • The Managing multiple scanning profiles with Zenmap recipe

  • The Monitoring servers remotely with Nmap and Ndiff recipe

  • The Gathering network information with broadcast scripts recipe Chapter 2, Network Exploration

  • The Brute forcing DNS records recipe Chapter 3, Gathering Additional Host Information

  • The Spoofing the origin IP of a port scan recipe Chapter 3, Gathering Additional Host Information

  • The Generating a network topology graph with Zenmap recipe Chapter 8, Generating Scan Reports

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY