Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Feature Request: nping to flag incorrect or curtailed ICMP echo payload

From: Alex Ferenstein <epaalx () gmail com>
Date: Wed, 14 Apr 2021 15:15:28 +1000
Hi Nmap development mailing list, some time I emailed Gordon, asking for a
feature to flag disparity of echo-replied payload compared to that which
was sent. Can it be implemented, or, have I missed an existing feature?
R’s, Alex


------------------------------



Hi Gordon,

thank you for making nmap/nping. I have a feature request for nping.



As you know, “The echo reply is an ICMP message generated in response to an
echo request; *it is mandatory for all hosts, and must include the exact
payload received in the request*.” (linky
<https://en.wikipedia.org/wiki/Ping_(networking_utility)>).  However, it
seems to me that nping doesn’t flag this – proof:



alex@LFPD414-123a ~ $ nping -c 1 --icmp --data-length 200 www.google.com

Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2020-02-17 03:44 Aus

SENT (0.2350s) ICMP [140.159.25.70 > 172.217.25.132 Echo request
(type=8/code=0) id=33472 seq=1] IP [ttl=64 id=47822 iplen=228 ]

RCVD (0.3130s) ICMP [172.217.25.132 > 140.159.25.70 Echo reply
  (type=0/code=0) id=33472 seq=1] IP [ttl=53 id=0 iplen=96 ]

Max rtt: 16.000ms | Min rtt: 16.000ms | Avg rtt: 16.000ms

Raw packets sent: 1 (242B) | Rcvd: 1 (96B) | Lost: 0 (0.00%)

Nping done: 1 IP address pinged in 1.30 seconds



As you see,  Google curtailed Echo Reply payload (from length 200 to 68).



Wireshark does flag this in the line associated with ICMP Echo:

    [No response seen]

        [Expert Info (Warning/Sequence): No response seen to ICMP request]

            [No response seen to ICMP request]

            [Severity level: Warning]

            [Group: Sequence]

however, nping does not.



I know nping has an *Echo Mode
<https://nmap.org/book/nping-man-echo-mode.html>* however it is limited by
reliance on echo port likely to be blocked by firewalls.



Is it possible for you to implement a feature to flag non-exact echo
payload (or highlight alternative)?

R’s, Alex

PS. I’m not first – “How to check return packet contents in ICMP Ping /
Echo?” (*linky
<https://stackoverflow.com/questions/321293/how-to-check-return-packet-contents-in-icmp-ping-echo>*
)

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: