Hi,
Just as a suggestion for future NPing versions (I understand this is
not a design requirement of the initial version), I recommend to
develop the tool architecture so that it can be easily extended
throughout modules in the future with other layer-2 protocols. ARP
ping is the first step, but if this tool becomes the hping-like
reference, as it should be, it would be great to be able to craft
other layer-2 packets, such as STP, CDP, VTP, DTP, 802.1Q, 802.1X,
etc.
Best regards,
--
Raul Siles
www.raulsiles.com
On Mon, Jan 5, 2009 at 4:54 PM, Henri Doreau <henri.doreau_at_gmail.com> wrote:
> Hello,
>
>
> As David advised me to do, here is the list of options I intend to
> support for APing2. The goal is to support all the original Hping2
> ones plus ARP pings and unprivilegied probes (tcp and udp). In a word
> : conform to the Nping's requirements published at
> http://nmap.org/SoC/Ncat.html.
> I didn't keep the hping's --apd-send option.
>
>
> MISC
> -h --help print out an help screen
> -v --version print out version number
> -c --count <packets> number of packets to send
> --max-retries <val> abort after <val> unreplied probes
> -i --interval <interval> idle time between probes
> -e --interface <interface> force using this interface
> -v increase verbosity level
> -z --bind increase ttl on ctrl+z (default to
> destination port)
> -Z --unbind unbind ctrl+z
> -6 use IPv6
>
> MODE
> default mode TCP
> -P0 RAW IP mode
> -PI ICMP mode
> -PU UDP mode
> -PA ARP mode
> --listen <sign> listening mode
> --unprivilegied assume the user is not privilegied
> (only with TCP and UDP modes)
>
> ETHERNET
> --spoof-mac <mac address> spoof MAC address
> --dest-mac <mac address> set destination MAC address
> --eth-type <val> set ethernet type
>
> ARP
> --hardware-type <val> set hardware type
> --protocol-type <val> set protocol type
> --hardware-size <val> hardware addresses size
> --protocol-size <val> hardware addresses size
> --arp-opcode <val> set arp operation code
> --arp-sender-hw <mac address> set ARP sender MAC address
> --arp-sender-proto <IP address> set ARP sender protocol address
> --arp-target-hw <mac address> set ARP target MAC address
> (default 00:00:00:00:00:00)
>
> IP
> -S <ip address> spoof source IP address
>
> (I'm not sure for these two ones, how useful do you find them?
> especially the first one which would do the same thing than nmap's -iR : )
> --rand-dest randomize destination addresses
> --rand-source randomize source address
> ( ------------------------------------ )
>
> -t --ttl <val> ttl (default 64)
> -N --id <val> id (default random)
> -W --winid use win* id byte ordering
> -r --rel relativize id field
> -f --frag split packets in more frag.
> --morefrag set more fragments flag
> --dontfrag set dont fragment flag
> -g --fragoff <val> set the fragment offset
> -m --mtu <val> set virtual mtu, implies --frag if
> packet size > mtu
> --tos <val> type of service (default 0x00)
> -H --ipproto <proto> set the IP protocol field, only in
> RAW IP mode
>
> ICMP
> -C --icmptype <val> icmp type (default echo request)
> -K --icmpcode <val> icmp code (default 0)
> --force-icmp send all icmp types (default send
> only supported types)
> --icmp-gw <ip addr> set gateway address for ICMP
> redirect (default 0.0.0.0)
> --icmp-ipver <val> Set IP version of IP header
> contained into ICMP data
> --icmp-iphlen <val> Set IP header length of IP
> header contained into ICMP data,
> --icmp-iplen <val> Set IP packet length of IP header
> contained into ICMP data,
> --icmp-ipid <val> Set IP id of IP header contained
> into ICMP data.
> --icmp-ipproto <val> Set IP protocol of IP header
> contained into ICMP data.
> --icmp-cksum <val> Set a custom ICMP checksum.
> --icmp-ts Alias for --icmptype 13 (ICMP
> timestamp requests).
> --icmp-addr Alias for --icmptype 17 (ICMP
> address mask requests).
>
> --icmp-ipver <val> set ip version
> --icmp-iphlen <val> set ip header lenght
> --icmp-iplen <val> set ip total lengtht
> --icmp-ipid <val> set ip id
> --icmp-ipproto <val> set ip protocol
> --icmp-ipsrc <val> set ip source
> --icmp-ipdst <val> set ip destination
> --icmp-srcport <val> set tcp/udp source port
> --icmp-dstport <val> set tcp/udp destination port
> --icmp-cksum <val> set icmp checksum
>
>
> UDP/TCP
> -g --source-port <port> source port
> -p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec
> -k --keep don't change the source port bewteen probes
> -w --win <size> tcp window size (default 64)
> -O --tcpoff <val> set fake tcp data offset
> (instead of tcphdrlen / 4)
> -Q --seqnum shows only tcp sequence number
> --badsum send packets with a bad IP checksum
> -M --seq set TCP sequence number
>
> (--- There I'm not sure, according to you what were the best choice
> between --- )
> -pN/pF/pX TCP Null, FIN, and Xmas probing
> --tcpflags <flags> Customize TCP probe flags
> (--- and/or --- )
> -F --fin set FIN flag
> -S --syn set SYN flag
> -R --rst set RST flag
> -P --push set PUSH flag
> -A --ack set ACK flag
> -U --urg set URG flag
> -X --xmas set X unused flag (0x40)
> -Y --ymas set Y unused flag (0x80)
> ( ----------- )
>
> --tcpexitcode use last tcp->th_flags as exit code
> --tcp-timestamp enable the TCP timestamp option to
> guess the HZ/uptime
>
> COMMON
> --datalength <val> data size
> -E --file data from file
> -q --signature <sign> add signature befor datas
> -x --hexdump dump packets in hex
> -J --print dump printable characters
> -T --traceroute traceroute mode (implies --bind and --ttl 1)
> --tr-stop Exit when receive the first not
> ICMP in traceroute mode
> --tr-keep-ttl Keep the source TTL fixed, useful
> to monitor just one hop
> --tr-no-rtt Don't calculate/show RTT
> information in traceroute mode
>
>
> Well, not so easy to juggle with flags and find good compromises!
> Now waiting for your opinions about these choices.
> I attached a copy of this to the email in order to ensure readability.
>
> I wish you an happy new year!
> Cheers
>
> Henri
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Jan 06 2009
Intro
