Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Nmap Development: Re: Nping development

Re: Nping development

From: Henri Doreau <henri.doreau_at_gmail.com>
Date: Mon, 5 Jan 2009 16:54:51 +0100

Hello,

As David advised me to do, here is the list of options I intend to
support for APing2. The goal is to support all the original Hping2
ones plus ARP pings and unprivilegied probes (tcp and udp). In a word
: conform to the Nping's requirements published at
http://nmap.org/SoC/Ncat.html.
I didn't keep the hping's --apd-send option.

MISC
  -h --help print out an help screen
  -v --version print out version number
  -c --count <packets> number of packets to send
  --max-retries <val> abort after <val> unreplied probes
  -i --interval <interval> idle time between probes
  -e --interface <interface> force using this interface
  -v increase verbosity level
  -z --bind increase ttl on ctrl+z (default to
destination port)
  -Z --unbind unbind ctrl+z
  -6 use IPv6

MODE
  default mode TCP
  -P0 RAW IP mode
  -PI ICMP mode
  -PU UDP mode
  -PA ARP mode
  --listen <sign> listening mode
  --unprivilegied assume the user is not privilegied
(only with TCP and UDP modes)

ETHERNET
  --spoof-mac <mac address> spoof MAC address
  --dest-mac <mac address> set destination MAC address
  --eth-type <val> set ethernet type

ARP
  --hardware-type <val> set hardware type
  --protocol-type <val> set protocol type
  --hardware-size <val> hardware addresses size
  --protocol-size <val> hardware addresses size
  --arp-opcode <val> set arp operation code
  --arp-sender-hw <mac address> set ARP sender MAC address
  --arp-sender-proto <IP address> set ARP sender protocol address
  --arp-target-hw <mac address> set ARP target MAC address
(default 00:00:00:00:00:00)

IP
  -S <ip address> spoof source IP address

(I'm not sure for these two ones, how useful do you find them?
especially the first one which would do the same thing than nmap's -iR : )
  --rand-dest randomize destination addresses
  --rand-source randomize source address
( ------------------------------------ )

  -t --ttl <val> ttl (default 64)
  -N --id <val> id (default random)
  -W --winid use win* id byte ordering
  -r --rel relativize id field
  -f --frag split packets in more frag.
  --morefrag set more fragments flag
  --dontfrag set dont fragment flag
  -g --fragoff <val> set the fragment offset
  -m --mtu <val> set virtual mtu, implies --frag if
packet size > mtu
  --tos <val> type of service (default 0x00)
  -H --ipproto <proto> set the IP protocol field, only in
RAW IP mode

ICMP
  -C --icmptype <val> icmp type (default echo request)
  -K --icmpcode <val> icmp code (default 0)
  --force-icmp send all icmp types (default send
only supported types)
  --icmp-gw <ip addr> set gateway address for ICMP
redirect (default 0.0.0.0)
  --icmp-ipver <val> Set IP version of IP header
contained into ICMP data
  --icmp-iphlen <val> Set IP header length of IP
header contained into ICMP data,
  --icmp-iplen <val> Set IP packet length of IP header
 contained into ICMP data,
  --icmp-ipid <val> Set IP id of IP header contained
into ICMP data.
  --icmp-ipproto <val> Set IP protocol of IP header
contained into ICMP data.
  --icmp-cksum <val> Set a custom ICMP checksum.
  --icmp-ts Alias for --icmptype 13 (ICMP
timestamp requests).
  --icmp-addr Alias for --icmptype 17 (ICMP
address mask requests).

  --icmp-ipver <val> set ip version
  --icmp-iphlen <val> set ip header lenght
  --icmp-iplen <val> set ip total lengtht
  --icmp-ipid <val> set ip id
  --icmp-ipproto <val> set ip protocol
  --icmp-ipsrc <val> set ip source
  --icmp-ipdst <val> set ip destination
  --icmp-srcport <val> set tcp/udp source port
  --icmp-dstport <val> set tcp/udp destination port
  --icmp-cksum <val> set icmp checksum

UDP/TCP
  -g --source-port <port> source port
  -p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec
  -k --keep don't change the source port bewteen probes
  -w --win <size> tcp window size (default 64)
  -O --tcpoff <val> set fake tcp data offset
(instead of tcphdrlen / 4)
  -Q --seqnum shows only tcp sequence number
  --badsum send packets with a bad IP checksum
  -M --seq set TCP sequence number

(--- There I'm not sure, according to you what were the best choice
between --- )
  -pN/pF/pX TCP Null, FIN, and Xmas probing
  --tcpflags <flags> Customize TCP probe flags
(--- and/or --- )
  -F --fin set FIN flag
  -S --syn set SYN flag
  -R --rst set RST flag
  -P --push set PUSH flag
  -A --ack set ACK flag
  -U --urg set URG flag
  -X --xmas set X unused flag (0x40)
  -Y --ymas set Y unused flag (0x80)
( ----------- )

  --tcpexitcode use last tcp->th_flags as exit code
  --tcp-timestamp enable the TCP timestamp option to
guess the HZ/uptime

COMMON
  --datalength <val> data size
  -E --file data from file
  -q --signature <sign> add signature befor datas
  -x --hexdump dump packets in hex
  -J --print dump printable characters
  -T --traceroute traceroute mode (implies --bind and --ttl 1)
  --tr-stop Exit when receive the first not
ICMP in traceroute mode
  --tr-keep-ttl Keep the source TTL fixed, useful
to monitor just one hop
  --tr-no-rtt Don't calculate/show RTT
information in traceroute mode

Well, not so easy to juggle with flags and find good compromises!
Now waiting for your opinions about these choices.
I attached a copy of this to the email in order to ensure readability.

I wish you an happy new year!
Cheers

Henri

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on Jan 05 2009
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]