One, ping
1. Introduction to ping
PING is a network tool used to test connectivity with network hosts. PING sends ICMP ECHO_REQUEST packets to the network host and displays the response. The program will estimate the packet loss rate based on time and the number of successful responses.
The ping command sends an ICMP packet every second and prints a line of output for each response received. The ping command calculates the signal round-trip time and (information) packet loss statistics, and displays a brief summary after completion. The ping command ends when the program times out or when the SIGINT signal is received.
Each ICMP request sent by PING contains an Internet Protocol (IP) and ICMP header, and the tim structure is used to fill enough bytes of data.
2. The ping command
ping [-dfnqrRv][-c完成次数][-i间隔秒数][-I网络界面][-l前置载入][-p范本样式][-s数据包大小][-t存活数值][主机名称或IP地址]
-d: Use the SO_DEBUG function of Socket.
-f: Limit detection, send a large number of network packets to the network host quickly.
-n: Only output values.
-q: Do not display any information about the transmitted packet, only the final result.
-r: Ignore the ordinary Routing Table and send the data packet directly to the remote host. It is usually to check whether there is a problem with the network interface of the machine.
-R: Record the routing process.
-v: Display the execution process of the instruction in detail.
-c: Number, specify the number of IMCP data packets to be sent.
-i: The number of seconds, set the interval for sending network data packets, the default is one second.
-I: Specify the network card to send IMCP packets.
-l: preload, specify the data packet sent out before sending IMCP data packet.
-p: template style, set the template style that fills the data packet.
-s: Number of bytes, specify the number of bytes of data to be sent, the default value is 56, plus the 8-byte ICMP header, a total of 64-byte ICMP packets.
-t: Survival value, set the survival value TTL size.
Two, tcping
1. Introduction to tcping
TCPING is a kind of PING command based on TCP protocol, used to test whether the data packet can reach the target host through TCP protocol. tcping can monitor the status of a certain port, and can also detect network connectivity when PING is disabled.
Source code: https://github.com/jlyo/tcping
Online installation: yum install tcping
2. tcping command
tcping -p port hostname
tcping -p port -c 1 hostnameThree, psping
1. Introduction to PsPing
PsPing is one of the commands in the Microsoft PSTools tool suite, which can perform ICMP Ping test, TCP Ping, TCP/UDP network delay test, and bandwidth test. PsPing only supports Windows system.
2. ICMP Ping test
psping -? i
View ICMP ping related command parameters psping [-t|-n count[s]] [-i interval] [-w count] [-q] [-h [buckets|val1,val2,...]] [-l requestsize[k]] [-6|-4] destination
-4: specify the use of IPv4 connection
-n: specify the number of formal ping packets
-w: specify the number of warm-up ping packets, that is, how many warm-up test connections are performed before the formal test
-h: specify the minimum and maximum Delay in milliseconds
-i: specify the interval in seconds, fast ping is set to 0
-l: specify the ping packet size, the default byte, k is the unit for KB, m is the unit for MB
-q: specify no value during ping
-t : Specify that ping will not stop until Ctrl+C stopspsping -4 -n 10 -w 2 -h 10 www.baidu.com
3、TCP Ping
psping -? t
View TCP ping related command parameters psping [-t|-n count[s]] [-i interval] [-w count] [-q] [-h [buckets|val1,val2,...]] [-6|-4] destination:port
-4: specify the use of IPv4 connection
-n: specify the number of formal ping packets
-w: specify the number of warm-up ping packets, that is, how many warm-up test connections are performed before the formal test
-h: specify the minimum and maximum Delay in milliseconds
-i: specify the interval in seconds, fast ping is set to 0
-l: specify the ping packet size, the default byte, k is the unit for KB, m is the unit for MB
-q: specify no value during ping
-t : Specify that ping will not stop until Ctrl+C stopspsping -n 10 -w 2 -h 10 www.baidu.com:80
4. Delay test
psping -? l
View command parameters related to delay test
server:psping [-6|-4] [-f] -s address:port
client:psping -l requestsize[k|m] -n count[s] [-r] [-u] [-w count] [-f] [-h [buckets|val1,val2,..]] [-6|-4] destination:port-4: Specify IPv4 connection
-6: Specify IPv6 connection
-f: Open firewall port at runtime
-s: Specify server listening address and port
-r: Receive data from server
-u: Specify UDP protocol, default is TCP Protocol
-n: Specify the number of ping packets sent/received, when s is specified, the unit is seconds
-h: represents the minimum and maximum delay in milliseconds
-l: specifies the size of the ping packet, the default is bytes.psping -l 1500 -n 300 -h 10 www.baidu.com:80
5. Bandwidth test
psping -? b
View command parameters related to transmission bandwidth test
server: psping [-6|-4] [-f] -s address:port
client: psping -b -l requestsize[k|m] -n count[s] [-r] [-u [target]] [-i outstanding] [-w count] [-f] [-h [buckets|val1,val2,...]] [-6|-4] destination:port-b: Bandwidth test
-4: Specify the use of IPv4 connection-
6: Specify the use of IPv6 connection
-f: Open the firewall port at runtime
-s: Specify the server listening address and port
-r: Receive data from the server
-u: Specify the use of UDP Protocol, the default is TCP protocol
-n: specify the number of sent/received ping packets, when s is specified, the unit is seconds
-h: represents the minimum and maximum delay in milliseconds
-l: specifies the size of ping packets, the default is bytes.psping -b -l 1500 -n 15000 www.baidu.com:80
Four, paping
1. Introduction to paping
paping is an open source tool for testing tcp port connectivity under Linux. It only supports TCP but not UDP.
2. Paping command
paping [options] destination
-p, --port N: specify the TCP port of the service being tested
--nocolor: turn off color output
-t, --timeout: specify the timeout period, in milliseconds, the default value is 1000
-c, --count N: specify Testing frequency.
Five, hping
1. Introduction to hping
hping is a TCP/IP data packet assembly/analysis tool that can not only send ICMP response requests, but also supports TCP, UDP, ICMP and RAW-IP protocols. The tracking route mode of hping can transfer files between two mutually contained channels. hping is often used to detect networks and hosts, and can run on multiple operating systems, such as Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, and Windows.
The main functions of hping are as follows:
(1) firewall test
(2) advanced port scanning
(3) network detection, which can use different protocols, types of service (TOS), IP fragmentation
(4) manual detection of MTU (maximum transmission unit) path
( 5) Advanced route tracking, support all protocols
(6) Remote operating system detection
(7) Remote runtime detection
(8) TCP and IP stack audit
source code: https://github.com/antirez/hping
Online installation: yum install hping3
2. hping command
hping host [options]
-h, --help: display help
-v, --version: display version
-c,
--count: number of data packets sent -i, --interval: time between sending data packets (uX means X microseconds, Such as -i u1000)
--fast: equivalent to -i u10000 (10 packets per second)
--faster: equivalent to -i u1000 (100 packets per second)
--flood: send data packets as fast as possible without displaying the reply.
-n, --numeric: digital output, symbolic output of the host address.
-q, --quiet: silent mode
-I, --interface: network card interface (default routing interface)
-V, --verbose: verbose mode
-D, --debug: debugging information
-z, --bind: binding ctrl+z to ttl (the default is the destination port)
-Z,--unbind: unbind the ctrl+z key
--beep: for each received matching data packet beep prompt
-0, --rawip: RAWIP Mode, HPING will send the IP header with data, that is, the bare IP method, using the RAWSOCKET method.
-1, --icmp: ICMP mode, HPING will send an IGMP response message.
-2,--udp: UDP mode, HPING will send UDP packets to port 0 of the host.
-8, --scan: SCAN mode. //Scan mode specifies the port corresponding to the scan.
-9, --listen: monitor mode
-a, --spoof: source address spoofing, forged IP***, the firewall will not record the real IP, and the response packet will not be received.
--rand-dest: Random destination address mode.
--rand-source: Random source address mode.
-t,
--ttl : modify the ttl value -N, --id: the ID value in hping, the default is a random value.
-r --rel: Relative id field (estimated host traffic).
-f --frag: Split more frags of the packet.
-x --morefrag: Set more fragment flags.
-y --dontfrag: Set the non-fragment flag.
-g --fragoff: Set the off offset.
-m --mtu: Set the virtual maximum transmission unit.
-H --ipproto: Set the IP protocol field, only used in RAW IP mode //Select the IP protocol in RAW IP mode. Set ip protocol domain, only used in RAW ip mode.
3. Firewall test
Test the firewall's response to ICMP packets, whether it supports traceroute, whether to open a port, and denial of service*** (DoS attack) to the firewall. For example, use LandAttack to test the target firewall (Land Attack is to set the sending source address to be the same as the target address to induce the target machine to continuously establish a connection with itself).
4. Port scan
hping3 supports a very rich port detection method, almost all of the scanning methods hping3 owned by nmap support (except for the connect method, because Hping3 only sends and receives packets and does not maintain the connection, so it does not support connect method detection). Hping3 can perform more fine-grained control over the sent detections, which is convenient for users to fine-tune detection results. Hping3 port scanning performance and comprehensive processing capabilities cannot be compared with nmap, and it is generally used to scan only a small number of ports of a small number of hosts.
5. Idle scan
Idle Scanning (Idle Scanning) is a method of anonymously scanning remote hosts. The principle of Idle scanning is to find an idle host (without any network traffic, and the IPID is increasing one by one), and the VPN host first goes to the idle host. Send a probe packet and get its IPID from the reply packet. Impersonate the IP address of the idle host to send a SYN packet (assuming a SYN packet) to the port of the remote host. If the destination port of the remote host is open, it will reply with a SYN/ACK. At this time, the idle host will reply with an RST packet after receiving the SYN/ACK. Then the VPN host sends a detection packet to the idle host to obtain its IPID. By comparing the IPID values of the two times, it can be judged whether the remote host has responded to the data packet, thereby indirectly inferring its port status.
6 、 DOS ***
Using Hping3 can easily build a denial of service***. If a large number of SYN connections are initiated to the target machine, the source address is forged as 192.168.10.99, and each SYN packet is sent at an interval of 1000 microseconds.
7. File transfer
Hping3 supports file transmission through TCP/UDP/ICMP and other packages, which is equivalent to using TCP/UDP/ICMP to establish a secret tunnel communication. The implementation method is to open the listening port and sign the detected signature (the signature is a string specified by the user) The content of the corresponding analysis. Start the service on the receiving end.
8、***
If Hping3 can be started on the remote host, it can be used as a VPN program to start the listening port and open the shell communication after the connection is established.
六、traceroute
1. Introduction to traceroute
Traceroute is used to test the number of hops and delays to a certain host on the network. Traceroute sends UDP packets with a specified TTL to the destination host host. By gradually increasing the TTL, you can receive some ICMP packets to inform the machine that the TTL is 0, that is, the destination host host is unreachable, thus knowing the path The number of hops and delays of the gateway.
2. Traceroute command
traceroute [ -46dFITnreAUD ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w waittime ] [ -q nqueries ] [ -s src_addr ] [ -z sendwait ] [ --fwmark=num ] host [ packetlen ]
-4: ipv4
-6: ipv6.
-d: Turn on debug at the socket layer.
-F: Fragmentation is prohibited.
-I: Use ICMP ECHO.
-T: Use TCP, default port 80.
-n: Do not print domaim.
-e: Display ICMP extension.
-A: Add an AS (autonomous system) logo after each address, if not, it will display [ *].
-U: Use UDP request, default port 53.
-D: Use DCCP (Datagram Congestion Control Protocol) request, default port 33434.
-f first_ttl: Specify the TTL value of the first message, the default is 1.
-m max_ttl: Specify the TTL value of the last message, the default is 30.
-g gate: Specify the gateway, there can be multiple.
-i device: Specify the network card, the default is eth0.
-w waittime: Specify the time to wait for the probe response, the default is 3 seconds.
-q nqueries: Specify how many packets each TTL sends, 3 by default.
-p port: Specify the port number of the host.