ping me

Making use of the ping utility in the context of information gathering

What is Ping?

The ping utility is a common command line utility that is installed by default in most operating systems.

The ping utility is a command line tool that we can use to "talk" to other machines on a network and discover some basic information about the transfer of packets between two machines.

The ping utility works by sending a series of ICMP packets from one machine to another and analyzing the packets sent/received and time between them.

What is ICMP?

ICMP or ​Internet Control Message Protocol is a standard protocol for reporting diagnostic information about a system over a network.

ICMP is a Internet Layer (IP) protocol in the OSI model.

ICMP differs from TCP or UDP in that it is generally not used to send data packets over a network.

ICMP packets carry a TTL header that gets decremented at every hop between two systems and if TTL reaches 0 the packet is dropped with a "Time to live exceeded" error message sent back to sender.

When do we use ping?

  • To test the ability for one machine to test proper network configuration 
  • To test if another machine is reachable over a network
  • To discover information about the path or number of hops to a remote server
  • To discover information about the configuration of a remote network

The ping utility can be used in the following common scenarios:

basic PING USAGE

Windows/Mac/Linux

$ ping target.devleague.com

The most basic usage of ping is to query a host to see if it is available by specifying the IP address or FQD name of the host.

This will send a series of ICMP packets to the target and display results from the target.

What does it Mean?

The results of a ping show the following information:

  • Packet Size Sent
  • Packets sent
  • Packets received
  • Packets lost
  • IP address of FQD
  • ICMP packet sequence number
  • TTL(Time to Live) configuration
  • Response time in ms(milliseconds)

TODO: NEED SCREENSHOT OF PING RESULTS

WHAT ARE WE LOOKING FOR?

The following are some of the information that we would be interesting in determining about our target:

  • IP Address(es) of target machines on the network
  • MTU - Max frame size on the network
  • TTL - Time to Live
  • ICMP reply type and code

How to DETERMINe MTU?

MTU is an interesting setting for us to determine as we gather information from the network.

Windows

Mac

Linux

$ ping -f -l 1472 target.devleague.com
$ ping -D -s 1472 target.devleague.com
$ ping -M do -s 1472 target.devleague.com

By default the ping command will fragment packets so we must set the DO NOT fragment flag to test the maximum frame size

How to DETERMINe TTL?

TTL is....

Windows

Mac

Linux

$ ping -i 3 target.devleague.com
$ ping -t 3 target.devleague.com
$ ping -t 3 target.devleague.com

The maximum value for TTL is 255.

Examine all hops

We have the ability to simulate tracert and find out detailed information about each hop towards our destination by experimenting with our TTL flag.

TODO: Show hop by hop example live

$ ping target.devleague.com -t 1
$ ping target.devleague.com -t 2
$ ping target.devleague.com -t 11

Security measures

If we would like to prevent the ability for someone to discover information about our network via the ping utility we can disable ping responses from our routers and servers

Different versions and vendors of hardware and operating systems will vary in how to do this but will support this ability and will stop the usage of this particular footprinting technique

Resources

Ping Me

By DevLeague Coding Bootcamp

Ping Me

Lecture regarding the use of the ping utility across multiple operating systems.

  • 1,310