Security Basics mailing list archives

Re: Ping, ICMP and TCP Ping

From: jlmb <jlmb () cableonda net>
Date: Sat, 27 Aug 2005 19:33:49 -0500


zaka rias wrote:

hi,

Im learning protocol tcp/ip and icmp, and as far as i
know that Ping (software) is using ICMP protocol to
transmit packets and PING is identic with ICMP.


Not sure what you meant but this should clear you it up a bit:

DESCRIPTION
       ping uses the ICMP protocol's mandatory ECHO_REQUEST datagram to
elicit an  ICMP  ECHO_RESPONSE from a host or gateway.  ECHO_REQUEST
datagrams (``pings'') have an IP and ICMP header


This comes from a linux ping(8) man page.

I have always wrapped my thinking that ICMP (and Ping
Program) echo/reply was a port 0 thing (like someone
said in
http://forum.sans.org/discus/messages/78/10869.html?1110164175
), and that's wrong.


Well, I believe the post By T. Brian Granier (bgranier) is correct. It's
not about ports, it's about codes and types.

ftp://ftp.rfc-editor.org/in-notes/rfc792.txt

i just wonder if this kind of method called TCP-PING,
when actually TCP-PING isnt using ICMP protocol, and
once more ->  TCP PING 's using port when actually
PING program is not using a port to communicate.


ping(8) does not uses a port to communicate because it's based on ICMP.
TCP-PING method on the other hand works by sending a TCP ack packet to a
specified port, no it DOESN'T use ICMP. I believe this METHOD is called
TCP-PING because it can be used to perform a similar function as ICMP
ping, to determine if a machine is up.

man nmap(1) and read the Ping scanning description, be sure to read the
ACK scan too.



luck

Current thread:

Ping, ICMP and TCP Ping zaka rias (Aug 26)
- Re: Ping, ICMP and TCP Ping jlmb (Aug 29)
- Re: Ping, ICMP and TCP Ping Nikolai Alexandrov (Aug 29)
- Re: Ping, ICMP and TCP Ping Barrie Dempster (Aug 29)
- Re: Ping, ICMP and TCP Ping migalo digalo (Aug 30)
- RE: Ping, ICMP and TCP Ping Burton Strauss (Aug 30)