Nmap Development mailing list archives
Re: suggestion to nping
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Tue, 06 Apr 2010 10:13:26 +0200
Hi Andreas, Yes, Nping always returns 0 in that case because no matter what the state of the target host was, the execution was successful. It only returns 1 when an actual error was found (some command-line argument was wrong, some syscall failed, etc). What you can do is to parse Nping's output. Let me show you an example. I set up an instance of ncat on one side so it listens on port 9999 (ncat -l 9999 -k -vv -C). Then I just tell nping to send TCP SYN packets to port 9999. Obviously, as ncat is listening on port 9999, TCP SYN packets get TCP SYN|ACK packets in reply. However, if I kill the ncat in the middle of the proccess, we don't get SYN|ACK's anymore, we just get SYN|RST. Here is the output (I ran both programs in parallel, of course): luis@Aberdeen:~$ ncat -l 9999 -k -vv -C Ncat: Version 5.21 ( http://nmap.org/ncat ) Ncat: Listening on 0.0.0.0:9999 ^C luis@Aberdeen:~$ luis@Aberdeen:~$ sudo nping localhost -p9999 --tcp -c0 Starting Nping 0.5.30BETA1 ( http://nmap.org/nping ) at 2010-04-06 10:04 CEST SENT (0.0670s) TCP 127.0.0.1:1746 > 127.0.0.1:9999 S ttl=64 id=13695 iplen=40 seq=824123127 win=1480 RCVD (0.0670s) TCP 127.0.0.1:9999 > 127.0.0.1:1746 SA ttl=64 id=0 iplen=44 seq=1776595668 win=32792 <mss 16396> SENT (1.0660s) TCP 127.0.0.1:1746 > 127.0.0.1:9999 S ttl=64 id=50478 iplen=40 seq=824123127 win=1480 RCVD (1.0670s) TCP 127.0.0.1:9999 > 127.0.0.1:1746 SA ttl=64 id=0 iplen=44 seq=1792211320 win=32792 <mss 16396> [ HERE IS WHEN I PRESSED CTRL-C IN NCAT ] SENT (2.0680s) TCP 127.0.0.1:1746 > 127.0.0.1:9999 S ttl=64 id=65404 iplen=40 seq=824123127 win=1480 RCVD (2.0680s) TCP 127.0.0.1:9999 > 127.0.0.1:1746 RA ttl=64 id=0 iplen=40 seq=0 win=0 SENT (3.0690s) TCP 127.0.0.1:1746 > 127.0.0.1:9999 S ttl=64 id=54997 iplen=40 seq=824123127 win=1480 RCVD (3.0690s) TCP 127.0.0.1:9999 > 127.0.0.1:1746 RA ttl=64 id=0 iplen=40 seq=0 win=0 SENT (4.0700s) TCP 127.0.0.1:1746 > 127.0.0.1:9999 S ttl=64 id=19692 iplen=40 seq=824123127 win=1480 RCVD (4.0700s) TCP 127.0.0.1:9999 > 127.0.0.1:1746 RA ttl=64 id=0 iplen=40 seq=0 win=0 ^C Max rtt: 0.099ms | Min rtt: 0.076ms | Avg rtt: 0.081ms Raw packets sent: 5 (200B) | Rcvd: 5 (208B) | Lost: 0 (0.00%) Tx time: 4.66808s | Tx bytes/s: 42.84 | Tx pkts/s: 1.07 Rx time: 4.66807s | Rx bytes/s: 44.56 | Rx pkts/s: 1.07 Nping done: 1 IP address pinged in 4.74 seconds luis@Aberdeen:~$ So, I'm sure one can come up with a way to grep nping's output or parse it somehow and detect when the "SA" (SYN|ACK) turns into "RA" (RST|ACK), or more probably, when we only see SENT packets (because no RST ACK doesn't come back to us). All you need is to figure out a regular expression in a smart way so you can "$: nping | grep | whatever" and get the desired result. Hope this helps. Regards, Luis MartinGarcia. On 04/06/2010 09:42 AM, Andreas Hubert wrote:
Hi Luis, thanks that could help! But I am always thinking, how I could use this new tool, to check and report specific hosts and their ports. For example, this -c0 could help, if I want to watch a specific host spontaneous, like waiting till the connection to it is possible. The other thing what would be interesting, is to monitor a specific hosts, while it's open port is just sometimes closed, because of some service problems. Therefore it would be good, to use nping in scripts. For example nping -p 22 somehost || echo this host is down | mailx -s "host is down" ahu () censhare de But now nping always returns exit code 0, because no matter if the port was open or not, nping ran without an error. Maybe there are other plans or ideas for nping and the best for me would be something like nping -p 22 --mailerr ahu () censhare de somehost That if an connection error would appear, nping would send an E-Mail to me, with the statistic of the executed nping! Thanks Andreas Am 04.04.10 13:37, schrieb Luis MartinGarcia.:Hi Andreas, I've just commited a patch that should let you specify "--count 0" or "-c0" so Nping runs almost indefinitely, (for 2^32 rounds actually). You probably want to combine this with the --rate or --delay options to adjust how often packets get sent. I hope this helps. Regards, Luis MartinGarcia. On 03/31/2010 07:39 PM, Andreas Hubert wrote:nping is a really interesting tool for me, because right from the start, it does not only send one packet it sends 5 like a usual ping on Windows for example. But till now I did not found an option to send several packets till the process gets cancelled, like ping on Linux or Mac OS X. Because now if I wanna watch something, if a port is open or something, I need to build a loop around nmap, like while true; do nmap -PN -p 22 <host>; done to constantly check if port 22 is open on a specific host. It would be very good if in the future a nping -p 22 <host> would do this and give me stats for this after I ^C the process _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- suggestion to nping Andreas Hubert (Apr 01)
- Re: suggestion to nping Luis MartinGarcia. (Apr 04)
- Re: suggestion to nping Andreas Hubert (Apr 06)
- Re: suggestion to nping Luis MartinGarcia. (Apr 06)
- Re: suggestion to nping Andreas Hubert (Apr 06)
- <Possible follow-ups>
- Re: suggestion to nping GuangLiang Yang (Apr 02)
- Re: suggestion to nping GuangLiang Yang (Apr 02)
- Re: suggestion to nping Luis MartinGarcia. (Apr 04)