Network Security - Chapter Active Information Collection second chapter - ping three network discovery

Layer 3 network-based scanning TCP / IP, ICMP protocol.

Advantages: routing, faster

Disadvantages: Layer network scanning with respect to a slow, easily filtered border firewall

All scanning technology found, there will be the appropriate way to fight, so it is a network scan from the floor or from a three-tier network scanning, there may be false positives and false negatives, it can not be demonstrated absolutely no way to go simply believe the scan results, but the results of the scan can be used as an important reference.

For example: Use the trace route functions

When you can see the jump to the eighth device, the device may open the border shielding ICMP protocol response, so there can not display information.

Overview agreement involves:

ICMP protocol: ICMP (Internet Control Message Protocol) Internet control message protocol. It is the TCP / IP protocol suite a sub-protocol for the IP host , the route passing control messages between devices. A control message refers to a network through the barrier, the host is reachable route is available message like the network itself.

PING command: Use of two types of ICMP packets, wherein the ICMP type field a total of 0-15 TYPE definition, each type represents a different data packet types, the PING command is used for the 8 TYPE type of data packet, the received packet PING machine if no firewall rules limit the returned ICMP is 0, tYPE is the type of packet.

Thank a chart type from Baidu Encyclopedia.

参数：
-d 使用Socket的SO_DEBUG功能。
-c <完成次数>   设置完成要求回应的次数。
-f   极限检测。
-i <间隔秒数>   指定收发信息的间隔时间。
-I <网络界面>   使用指定的网络界面送出数据包。
-l <前置载入>   设置在送出要求信息之前，先行发出的数据包。
-n 只输出数值。
-p <范本样式>   设置填满数据包的范本样式。
-q 不显示指令执行过程，开头和结尾的相关信息除外。
-r   忽略普通的Routing Table，直接将数据包送到远端主机上。
-R 记录路由过程。
-s <数据包大小>   设置数据包的大小。
-t <存活数值>   设置存活数值TTL的大小。
-v 详细显示指令的执行过程。

使用PING命令：

Linux下