mtr (My traceroute) command compared to ping and traceroute tracert and more powerful compared to, but in the form of a friendly formatted text to facilitate our view network routing path to reach any network node or server.
traceroute default UDP packet sniffing, and makes use of ICMP probe mtr default, ICMP packets other lower priority than some routing nodes, so the test data obtained may be lower than the actual situation.
Tcping
General view network delay we will use the ping command, plain and simple. But the ban ping server room how to do, this time you can use tcping up. tcping is similar to the ping tool (also prohibit ping ping), because this software is for TCP monitor, you can also see the ping value, even if the ban PING the server (ping works by icmp protocol), it can also to monitor the situation of the server. In addition to ping, it also has a function, listening port state. Very simple to use, it is to put it to use ping as usual can use it the same files in the system32 directory folder of C drive windows.
Format is shown in FIG, tcping + IP or URL, the default port 80, may be a custom port, tcping + IP + port or URL.
www.baidu.com tcping
tcping www.baidu.com Parameters -t -t is to run the ping command has been]
tcping -d -t www.baidu.com [-d parameter is show time, so that you can more clearly]
tcping -d -t www.baidu.com 21 [here just for example, 21 is what you need to listen to the port, this line can be defined. ]
download link:
32位tcping:http://www.elifulkerson.com/projects/downloads/tcping-0.26/tcping.exe
64位tcping:http://www.elifulkerson.com/projects/downloads/tcping-0.26/tcping64.exe
Baidu Cloud Address: http://pan.baidu.com/s/1dDlNShr
hping is a more advanced host scanning tool that supports TCP / IP packet structure analysis, when certain firewall configurations or operator intercept ICMP packets can be used to scan the host survival.
hping also forged source IP, used to launch DDos attack.
hping official website: http://www.hping.org/
Installation source code compiler hping
hping source code hosted on GitHub, Address: https://github.com/antirez/hping
hping common parameters Introduction
If the firewall or operator shielding ICMP, then, hping can initiate TCP detection of specified destination ports, commonly used parameters:
-p port number
-S sends TCP SYN packet
-A send a TCP ACK packet
-a forged source the IP
--flood transmitted as fast as possible, with caution
Input Example:
hping 192.168.2.224 -p 80 -S
hping 192.168.2.224 -p 80 -A
hping 192.168.2.224 -p 80 -S -a 192.168.0.91
fping is a host scanning tool, compared to the ping tool can batch scan host.
fping official website: http://fping.org/
Source code compiler installation fping
Fping visit the official website for the source address:
By the above command, fping installed on the / usr / local / sbin / fping.
Common parameters introduced fping
The main parameters fping of the following two:
-a: show only survived the host;
-u: Show only do not survive the host;
-l: ping cycle
Enter the IP address of the target way:
fping IP1 IP2 IP3 ...; </ p> <p> fping -f filename; </ p> <p> fping -g IP1 IP2 (IP1 start address range, IP2 end address range);
Port parameters and the scanning order
-p <port ranges>: port scans specified
instance: -p22; -p1-65535; -p U: 53,111,137, T: 21-25,80,139,8080, S: 9 ( where T represents the TCP protocol, U representative of UDP agreement, S represents the SCTP protocol)
https://www.cnblogs.com/weihua2616/p/6599629.html
Tcp SYN Scan (sS)
This is a basic scanning method, it is known as semi-open scanning, because this technology allows Nmap without going through a full handshake, you can get information on the remote host. Nmap sends a SYN packet to the remote host, but it does not produce any sessions. It does not produce any logging on the target host, since the session is not formed. This is the SYN scan advantage.
If Nmap command does not indicate the type of scan, the default is Tcp SYN. But it requires root / administrator privileges.
nmap -sS 192.168.1.1
Tcp connect () scan (sT)
If you do not choose SYN scan, TCP connect () scan is the default scan mode Unlike Tcp SYN scan, Tcp connect () scans need to complete the three-way handshake, and requires connect call system (). Tcp connect () scanning technology applies only to identify TCP and UDP ports.
#nmap -sT 192.168.1.1
Udp scan (sU)
As the name suggests, this scanning technique used to find the target host to open UDP port. It does not require any transmission of a SYN packet, since this technique is for UDP ports. UDP scan sends a UDP packet to the destination host, and waiting for a response, if the ICMP unreachable error message, indicating that the port is closed, when properly appropriate response, indicating the port is open.
#Nmap the -sU 192.168.1.1
FINscan(sF)
Sometimes TcpSYN scan mode scanning is not the best, because of the existence of the firewall. Sometimes there may be the presence of the target host IDS and IPS systems, firewall blocks away SYN packet. FIN flag set to send a data packet does not need to complete the TCP handshake.
Nmapscanreportfor192.168.1.8
Hostisup(0.000026slatency).
Notshown:999closedports
PORTSTATESERVICE
111/tcpopen|filteredrpcbind
FIN scan will not be created on the target host logs (one of the advantages of FIN scan). Types of scans all have differences, the package contains only send FIN FIN scan identification, NULL scan does not send any packets on byte, XMAS scanning transmission packet FIN, PSH and URG identified.
PINGScan(sP)
PING scanning Unlike other scanning method, because it is used to find out if there is a host on the network. It is not used to discover whether the scanning open ports .PING need ROOT privileges, if the user does not ROOT privileges, PING scan We will use the connect () call.
# nmap-sP192.168.1.1
Version detection (sV)
Version detection is used to scan version running on the target host and port software. It differs from other scanning techniques, it is not used to scan an open port on the target host, but it needs to obtain information from the open port the software to determine version. TCPSYN need to use version detection scan using a scan before open which ports.
# nmap-sV192.168.1.1
Idlescan(sL)
Idlescan is an advanced scanning technology, it is not your real Ip host to send packets, but the use of the host to send data packets to another destination network.
# Nmap-sL192.168.1.6 192.168.1.1
http://www.jb51.net/hack/143892.html
ZenMap is a classic security scanning tools NMap of an official version of the graphical interface, it is a cross-platform open source applications, not only easy for beginners to use, while offering many advanced features for advanced users. Frequent scanning can be stored, for repeated operation. Command-line tool provides a direct interaction with the NMap. Facilitate the scanning result can be stored Now afterwards. Stored scan may be compared to identify differences and similarities. Recent scan results can be stored in a searchable database.
There are many powerful network scanning tools under Linux, network scanning tools can be divided into: host scanning, the host scanning service, routing scanning.
Before've written frequently used scanning and routing host scanning tool, nmap supports batch scanning and host service host scanning.
nmap installed directly: yum install nmap
nmap's ICMP scanning
nmap can be implemented Ping functionality, support for batch scanning the host to detect hosts using ICMP protocol viable state.
Compared to the use of ICMP protocol does not require the establishment of TCP three-way handshake, so the speed is faster, but some firewalls or operators blocked ICMP will not scan.
Commonly used commands:
nmap -sP 192.168.0.1/24
nmap -sP 192.168.0.*
nmap -sP 192.168.0.1-255
nmap's TCP SYN scan
nmap scanning supports TCP half-open by sending TCP SYN packet, TCP scan host port open state.
SYN scan all open scanning speed compared to shake hands with the completion of three times faster, is not easily detected.
The default nmap scans ports 1-1024 and some other commonly used port, if you want to scan other ports can be used to specify the p option.
Commonly used commands:
nmap -sS 192.168.2.224
nmap -sS 192.168.2.230-255
nmap -sS -p 0-30000 192.168.2.230-255
nmap's TCP Connect scanning
Connect the nmap scan is completed through TCP three-way handshake to detect, so the speed relative to the half-open SYN scan is slower, but more reliable results.
The default port and port scanning and SYN scan is the same as specified.
Commonly used commands:
nmap -sT 192.168.2.230-255
nmap -sT -p 0-30000 192.168.2.230-255
nmap's UDP scanning
nmap also supports UDP port scan.
UDP TCP protocol compared to the chance of being blocked by the firewall smaller.
Commonly used commands:
nmap -sU 192.168.2.230-255
nmap -sU -p 0-30000 192.168.2.230-255