command-87198_640.jpg
前言
大家都應該熟悉ping這個網(wǎng)絡診斷工具竟块,它用來檢測網(wǎng)絡是否連通以及目的主機是否在線魔市。然而唯一缺點是它只支持ICMP協(xié)議颠黎。因此,大多數(shù)主機都會防火墻過濾ICMP數(shù)據(jù)包总处,不過狈惫,Linux下也有跟他類似的ping工具,本文將會介紹一些常見的工具鹦马。
ping
作為所有系統(tǒng)默認自帶的 ping 胧谈,它同樣也很重要忆肾。通過 man ping 來查看ping的幫助手冊
ping [-aAbBdDfhLnOqrRUvV46] [-c count] [-F flowlabel] [-i interval] [-I interface]
[-l preload] [-m mark] [-M pmtudisc_option] [-N nodeinfo_option] [-w deadline] [-W
timeout] [-p pattern] [-Q tos] [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp
option] [hop ...] destination
常用的也就是 -c(發(fā)送數(shù)據(jù)包的數(shù)量),-s(發(fā)送數(shù)據(jù)的字節(jié)大小)菱肖,-I(網(wǎng)絡接口)
> ping baidu.com -c 2 -s 64
PING baidu.com (111.13.101.208) 64(92) bytes of data.
72 bytes from 111.13.101.208 (111.13.101.208): icmp_seq=1 ttl=55 time=44.2 ms
72 bytes from 111.13.101.208 (111.13.101.208): icmp_seq=2 ttl=55 time=43.4 ms
--- baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1017ms
rtt min/avg/max/mdev = 43.490/43.873/44.257/0.436 ms
假如我要ping一個主機的IPv6地址客冈,那么可以這樣做(必須指定 -I eth0)
> ping -I eth0 fe80::2605:fff:fe41:e387 -c 2
PING fe80::2605:fff:fe41:e387(fe80::2605:fff:fe41:e387) from fe80::2cca:ff77:78dc:1025%eth0 eth0: 56 data bytes
64 bytes from fe80::2605:fff:fe41:e387%eth0: icmp_seq=1 ttl=255 time=1.67 ms
64 bytes from fe80::2605:fff:fe41:e387%eth0: icmp_seq=2 ttl=255 time=4.43 ms
--- fe80::2605:fff:fe41:e387 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.671/3.054/4.438/1.384 ms
或者 ping6 -I eth0 fe80::2605:fff:fe41:e387 -c 2
fping
相對來說fping比ping要高級點(也是通過ICMP協(xié)議來發(fā)送數(shù)據(jù)包的),他可以向多個目標主機發(fā)送ping蔑滓,也可以指定一個主機列表文件郊酒。其中,fping的 -g 選項比較重要
-g, --generate generate target list (only if no -f specified)
(give start and end IP in the target list, or a CIDR address)
(ex. fping -g 192.168.1.0 192.168.1.255 or fping -g 192.168.1.0/24)
fping --help
Usage: fping [options] [targets...]
Probing options:
-4, --ipv4 only ping IPv4 addresses
-6, --ipv6 only ping IPv6 addresses
-b, --size=BYTES amount of ping data to send, in bytes (default: 56)
-B, --backoff=N set exponential backoff factor to N (default: 1.5)
-c, --count=N count mode: send N pings to each target
-f, --file=FILE read list of targets from a file ( - means stdin)
-g, --generate generate target list (only if no -f specified)
(give start and end IP in the target list, or a CIDR address)
(ex. fping -g 192.168.1.0 192.168.1.255 or fping -g 192.168.1.0/24)
-H, --ttl=N set the IP TTL value (Time To Live hops)
-I, --iface=IFACE bind to a particular interface
-l, --loop loop mode: send pings forever
-m, --all use all IPs of provided hostnames (e.g. IPv4 and IPv6), use with -A
-M, --dontfrag set the Don't Fragment flag
-O, --tos=N set the type of service (tos) flag on the ICMP packets
-p, --period=MSEC interval between ping packets to one target (in ms)
(in loop and count modes, default: 1000 ms)
-r, --retry=N number of retries (default: 3)
-R, --random random packet data (to foil link data compression)
-S, --src=IP set source address
-t, --timeout=MSEC individual target initial timeout (default: 500 ms,
except with -l/-c/-C, where it's the -p period up to 2000 ms)
Output options:
-a, --alive show targets that are alive
-A, --addr show targets by address
-C, --vcount=N same as -c, report results in verbose format
-D, --timestamp print timestamp before each output line
-e, --elapsed show elapsed time on return packets
-i, --interval=MSEC interval between sending ping packets (default: 10 ms)
-n, --name show targets by name (-d is equivalent)
-N, --netdata output compatible for netdata (-l -Q are required)
-o, --outage show the accumulated outage time (lost packets * packet interval)
-q, --quiet quiet (don't show per-target/per-ping results)
-Q, --squiet=SECS same as -q, but show summary every n seconds
-s, --stats print final stats
-u, --unreach show targets that are unreachable
-v, --version show version
用法如下
> fping -I eth0 -b 64 -f list_targets -a -q -s
192.168.1.16 : xmt/rcv/%loss = 2/2/0%, min/avg/max = 58.0/74.1/90.1
192.168.1.15 : xmt/rcv/%loss = 2/0/100%
192.168.1.110 : xmt/rcv/%loss = 2/2/0%, min/avg/max = 1.48/3.39/5.31
3 targets
2 alive
1 unreachable
0 unknown addresses
1 timeouts (waiting for response)
6 ICMP Echos sent
4 ICMP Echo Replies received
0 other ICMP received
1.48 ms (min round trip time)
38.7 ms (avg round trip time)
90.1 ms (max round trip time)
2.022 sec (elapsed real time)
-b 指定發(fā)送數(shù)據(jù)字節(jié)大小
-f 指定一個目標主機列表文件键袱,每行一個地址
-a 只顯示可以ping通的目標主機
-q 安靜模式燎窘,不顯示在ping時的每個主機的結(jié)果
-s 最后顯示總計結(jié)果
-r 重試次數(shù),默認:3
還可以指定 -g 來掃描局域網(wǎng)下所有主機
> fping -asgq 192.168.1.0/24
192.168.1.1
192.168.1.11
192.168.1.6
192.168.1.16
192.168.1.3
192.168.1.5
192.168.1.12
192.168.1.9
192.168.1.105
192.168.1.108
192.168.1.110
254 targets
11 alive
243 unreachable
0 unknown addresses
243 timeouts (waiting for response)
983 ICMP Echos sent
11 ICMP Echo Replies received
964 other ICMP received
0.04 ms (min round trip time)
88.2 ms (avg round trip time)
268 ms (max round trip time)
11.633 sec (elapsed real time)
通過 -u 可以顯示主機不可達的地址蹄咖,如: fping -usgq 192.168.1.0/24
hping3
這個hping3就比較強大的褐健,它支持的協(xié)議有TCP,UDP澜汤,ICMP蚜迅,支持使用tcl腳本。
主要用途:
- 測試防火墻規(guī)則
- 測試入侵檢測系統(tǒng)(IDS)
- 測試TCP/IP模式的安全漏洞
對于一些主機的防火墻過濾了ICMP數(shù)據(jù)包俊抵,那么我們可以使用hping3發(fā)送TCP數(shù)據(jù)包來判斷主機是否存活
> hping3 -h
usage: hping3 host [options]
-h --help show this help
-v --version show version
-c --count packet count
-i --interval wait (uX for X microseconds, for example -i u1000)
--fast alias for -i u10000 (10 packets for second)
--faster alias for -i u1000 (100 packets for second)
--flood sent packets as fast as possible. Don't show replies.
-n --numeric numeric output
-q --quiet quiet
-I --interface interface name (otherwise default routing interface)
-V --verbose verbose mode
-D --debug debugging info
-z --bind bind ctrl+z to ttl (default to dst port)
-Z --unbind unbind ctrl+z
--beep beep for every matching packet received
Mode
default mode TCP
-0 --rawip RAW IP mode
-1 --icmp ICMP mode
-2 --udp UDP mode
-8 --scan SCAN mode.
Example: hping --scan 1-30,70-90 -S www.target.host
-9 --listen listen mode
IP
-a --spoof spoof source address
--rand-dest random destionation address mode. see the man.
--rand-source random source address mode. see the man.
-t --ttl ttl (default 64)
-N --id id (default random)
-W --winid use win* id byte ordering
-r --rel relativize id field (to estimate host traffic)
-f --frag split packets in more frag. (may pass weak acl)
-x --morefrag set more fragments flag
-y --dontfrag set don't fragment flag
-g --fragoff set the fragment offset
-m --mtu set virtual mtu, implies --frag if packet size > mtu
-o --tos type of service (default 0x00), try --tos help
-G --rroute includes RECORD_ROUTE option and display the route buffer
--lsrr loose source routing and record route
--ssrr strict source routing and record route
-H --ipproto set the IP protocol field, only in RAW IP mode
ICMP
-C --icmptype icmp type (default echo request)
-K --icmpcode icmp code (default 0)
--force-icmp send all icmp types (default send only supported types)
--icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
--icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp)
--icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask)
--icmp-help display help for others icmp options
UDP/TCP
-s --baseport base source port (default random)
-p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec
-k --keep keep still source port
-w --win winsize (default 64)
-O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q --seqnum shows only tcp sequence number
-b --badcksum (try to) send packets with a bad IP checksum
many systems will fix the IP checksum sending the packet
so you'll get bad UDP/TCP checksum instead.
-M --setseq set TCP sequence number
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag
-X --xmas set X unused flag (0x40)
-Y --ymas set Y unused flag (0x80)
--tcpexitcode use last tcp->th_flags as exit code
--tcp-mss enable the TCP MSS option with the given value
--tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime
Common
-d --data data size (default is 0)
-E --file data from file
-e --sign add 'signature'
-j --dump dump packets in hex
-J --print dump printable characters
-B --safe enable 'safe' protocol
-u --end tell you when --file reached EOF and prevent rewind
-T --traceroute traceroute mode (implies --bind and --ttl 1)
--tr-stop Exit when receive the first not ICMP in traceroute mode
--tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop
--tr-no-rtt Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
--apd-send Send the packet described with APD (see docs/APD.txt)
可以通過一下選項指定發(fā)送數(shù)據(jù)包的協(xié)議
| 選項 | 選項全稱 | 描述 |
|---|---|---|
| -0 | --rawip | 發(fā)送原始IP數(shù)據(jù)包 |
| -1 | --icmp | 發(fā)送ICMP數(shù)據(jù)包 |
| -2 | --udp | 發(fā)送UDP數(shù)據(jù)包 |
| -8 | --scan | 掃描模式 |
| -9 | --listen | 監(jiān)聽模式 |
<font color=red>注意谁不,默認是發(fā)送TCP數(shù)據(jù)包</font>
hping3 支持在發(fā)送數(shù)據(jù)包同時設置TCP標識
| 選項 | 描述 |
|---|---|
| -S | SYN |
| -F | FIN |
| -R | RST |
| -P | PUSH |
| -A | ACK |
| -U | URG |
| -X | XMAS |
| -Y | YMAS |
發(fā)送TCP數(shù)據(jù)包
> hping3 -I eth0 -V --syn 192.168.1.110 -c 2
using eth0, addr: 192.168.1.108, MTU: 1500
HPING 192.168.1.110 (eth0 192.168.1.110): S set, 40 headers + 0 data bytes
len=46 ip=192.168.1.110 ttl=64 DF id=10106 tos=0 iplen=40
sport=0 flags=RA seq=0 win=0 rtt=7.7 ms
seq=0 ack=1839333390 sum=88b4 urp=0
len=46 ip=192.168.1.110 ttl=64 DF id=10157 tos=0 iplen=40
sport=0 flags=RA seq=1 win=0 rtt=7.6 ms
seq=0 ack=439379179 sum=1ca3 urp=0
--- 192.168.1.110 hping statistic ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 7.6/7.7/7.7 ms
端口檢測
-p 指定目的端口
> hping3 -I eth0 -S -p 3306 192.168.1.110 -c 2
HPING 192.168.1.110 (eth0 192.168.1.110): S set, 40 headers + 0 data bytes
len=46 ip=192.168.1.110 ttl=64 DF id=0 sport=3306 flags=SA seq=0 win=29200 rtt=31.8 ms
len=46 ip=192.168.1.110 ttl=64 DF id=0 sport=3306 flags=SA seq=1 win=29200 rtt=7.7 ms
--- 192.168.1.110 hping statistic ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 7.7/19.7/31.8 ms
注意其中的 win=29200 表示開放該端口
Scan模式
通過 -8/--scan 來開啟掃描模式。
所謂掃描模式徽诲,通過一個端口組刹帕,對主機進行端口掃描。
hping3 給出了兩個關(guān)鍵字代表多個端口谎替。
| 關(guān)鍵字 | 描述 |
|---|---|
| all | 表示 0-65535 的端口 |
| known | 表示已知本地端口偷溺,這些端口位于/etc/services文件 |
例1,掃描 0-65535 的端口
> hping3 --scan 'all' -S 192.168.1.110
Scanning 192.168.1.110 (192.168.1.110), port all
65536 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name | flags |ttl| id | win | len |
+----+-----------+---------+---+-----+-----+-----+
3306 mysql : .S..A... 64 0 29200 46
80 http : .S..A... 64 0 29200 46
All replies received. Done.
Not responding ports: (1 tcpmux) (2 nbp) (3 ) (4 echo) (6 zip) (8 ) (9 discard) (10 ) (11 systat) (13 daytime) (14 )
......
......
例2钱贯,掃描 1-5555的端口和已知端口
> hping3 -8 '1-5555,known' -S 192.168.1.17
Scanning 192.168.1.17 (192.168.1.17), port 1-5555,known
5641 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name | flags |ttl| id | win | len |
+----+-----------+---------+---+-----+-----+-----+
21 ftp : .S..A... 64 0 5840 44
22 ssh : .S..A... 64 0 5840 44
23 telnet : .S..A... 64 0 5840 44
25 smtp : .S..A... 64 0 5840 44
53 domain : .S..A... 64 0 5840 44
80 http : .S..A... 64 0 5840 44
111 sunrpc : .S..A... 64 0 5840 44
139 netbios-ssn: .S..A... 64 0 5840 44
445 microsoft-d: .S..A... 64 0 5840 44
512 exec : .S..A... 64 0 5840 44
513 login : .S..A... 64 0 5840 44
514 shell : .S..A... 64 0 5840 44
1099 rmiregistry: .S..A... 64 0 5840 44
1524 ingreslock : .S..A... 64 0 5840 44
2049 nfs : .S..A... 64 0 5840 44
2121 iprop : .S..A... 64 0 5840 44
3306 mysql : .S..A... 64 0 5840 44
3632 distcc : .S..A... 64 0 5840 44
5432 postgresql : .S..A... 64 0 5840 44
6000 x11 : .S..A... 64 0 5840 44
6667 ircd : .S..A... 64 0 5840 44
6697 ircs-u : .S..A... 64 0 5840 44
All replies received. Done.
Not responding ports:
發(fā)送隨機原IP地址的數(shù)據(jù)包
--rand-source/--rand-dest 用于偽造原/目的IP地址挫掏,這可以在很大程度上不讓我們自己的IP地址被對方檢測到
> hping3 --udp -S 192.168.1.17 -c 5 --rand-source
HPING 192.168.1.17 (eth0 192.168.1.17): udp mode set, 28 headers + 0 data bytes
ICMP Port Unreachable from ip=192.168.1.17 name=192.168.1.17
status=0 port=2475 seq=0
ICMP Port Unreachable from ip=192.168.1.17 name=192.168.1.17
status=0 port=2476 seq=1
ICMP Port Unreachable from ip=192.168.1.17 name=192.168.1.17
status=0 port=2477 seq=2
ICMP Port Unreachable from ip=192.168.1.17 name=192.168.1.17
status=0 port=2478 seq=3
--- 192.168.1.17 hping statistic ---
5 packets transmitted, 4 packets received, 20% packet loss
round-trip min/avg/max = 3.5/4.1/5.8 ms
然而這個的問題是丟包率增大。
可以在目主機上執(zhí)行 tcpdump -nn -v -t udp 來查看收發(fā)包情況秩命。
nping
nping是 Nmap 的一個 網(wǎng)絡數(shù)據(jù)包生成工具尉共。支持 TCP、UDP弃锐、ICMP爸邢、ARP 協(xié)議,多個主機的多個端口拿愧。功能類似與hping3
Nping 0.7.60 ( https://nmap.org/nping )
Usage: nping [Probe mode] [Options] {target specification}
TARGET SPECIFICATION:
Targets may be specified as hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.*.1-24
PROBE MODES:
--tcp-connect : Unprivileged TCP connect probe mode.
--tcp : TCP probe mode.
--udp : UDP probe mode.
--icmp : ICMP probe mode.
--arp : ARP/RARP probe mode.
--tr, --traceroute : Traceroute mode (can only be used with
TCP/UDP/ICMP modes).
TCP CONNECT MODE:
-p, --dest-port <port spec> : Set destination port(s).
-g, --source-port <portnumber> : Try to use a custom source port.
TCP PROBE MODE:
-g, --source-port <portnumber> : Set source port.
-p, --dest-port <port spec> : Set destination port(s).
--seq <seqnumber> : Set sequence number.
--flags <flag list> : Set TCP flags (ACK,PSH,RST,SYN,FIN...)
--ack <acknumber> : Set ACK number.
--win <size> : Set window size.
--badsum : Use a random invalid checksum.
UDP PROBE MODE:
-g, --source-port <portnumber> : Set source port.
-p, --dest-port <port spec> : Set destination port(s).
--badsum : Use a random invalid checksum.
ICMP PROBE MODE:
--icmp-type <type> : ICMP type.
--icmp-code <code> : ICMP code.
--icmp-id <id> : Set identifier.
--icmp-seq <n> : Set sequence number.
--icmp-redirect-addr <addr> : Set redirect address.
--icmp-param-pointer <pnt> : Set parameter problem pointer.
--icmp-advert-lifetime <time> : Set router advertisement lifetime.
--icmp-advert-entry <IP,pref> : Add router advertisement entry.
--icmp-orig-time <timestamp> : Set originate timestamp.
--icmp-recv-time <timestamp> : Set receive timestamp.
--icmp-trans-time <timestamp> : Set transmit timestamp.
ARP/RARP PROBE MODE:
--arp-type <type> : Type: ARP, ARP-reply, RARP, RARP-reply.
--arp-sender-mac <mac> : Set sender MAC address.
--arp-sender-ip <addr> : Set sender IP address.
--arp-target-mac <mac> : Set target MAC address.
--arp-target-ip <addr> : Set target IP address.
IPv4 OPTIONS:
-S, --source-ip : Set source IP address.
--dest-ip <addr> : Set destination IP address (used as an
alternative to {target specification} ).
--tos <tos> : Set type of service field (8bits).
--id <id> : Set identification field (16 bits).
--df : Set Don't Fragment flag.
--mf : Set More Fragments flag.
--ttl <hops> : Set time to live [0-255].
--badsum-ip : Use a random invalid checksum.
--ip-options <S|R [route]|L [route]|T|U ...> : Set IP options
--ip-options <hex string> : Set IP options
--mtu <size> : Set MTU. Packets get fragmented if MTU is
small enough.
IPv6 OPTIONS:
-6, --IPv6 : Use IP version 6.
--dest-ip : Set destination IP address (used as an
alternative to {target specification}).
--hop-limit : Set hop limit (same as IPv4 TTL).
--traffic-class <class> : : Set traffic class.
--flow <label> : Set flow label.
ETHERNET OPTIONS:
--dest-mac <mac> : Set destination mac address. (Disables
ARP resolution)
--source-mac <mac> : Set source MAC address.
--ether-type <type> : Set EtherType value.
PAYLOAD OPTIONS:
--data <hex string> : Include a custom payload.
--data-string <text> : Include a custom ASCII text.
--data-length <len> : Include len random bytes as payload.
ECHO CLIENT/SERVER:
--echo-client <passphrase> : Run Nping in client mode.
--echo-server <passphrase> : Run Nping in server mode.
--echo-port <port> : Use custom <port> to listen or connect.
--no-crypto : Disable encryption and authentication.
--once : Stop the server after one connection.
--safe-payloads : Erase application data in echoed packets.
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m, 0.25h).
--delay <time> : Adjust delay between probes.
--rate <rate> : Send num packets per second.
MISC:
-h, --help : Display help information.
-V, --version : Display current version number.
-c, --count <n> : Stop after <n> rounds.
-e, --interface <name> : Use supplied network interface.
-H, --hide-sent : Do not display sent packets.
-N, --no-capture : Do not try to capture replies.
--privileged : Assume user is fully privileged.
--unprivileged : Assume user lacks raw socket privileges.
--send-eth : Send packets at the raw Ethernet layer.
--send-ip : Send packets using raw IP sockets.
--bpf-filter <filter spec> : Specify custom BPF filter.
OUTPUT:
-v : Increment verbosity level by one.
-v[level] : Set verbosity level. E.g: -v4
-d : Increment debugging level by one.
-d[level] : Set debugging level. E.g: -d3
-q : Decrease verbosity level by one.
-q[N] : Decrease verbosity level N times
--quiet : Set verbosity and debug level to minimum.
--debug : Set verbosity and debug to the max level.
EXAMPLES:
nping scanme.nmap.org
nping --tcp -p 80 --flags rst --ttl 2 192.168.1.1
nping --icmp --icmp-type time --delay 500ms 192.168.254.254
nping --echo-server "public" -e wlan0 -vvv
nping --echo-client "public" echo.nmap.org --tcp -p1-1024 --flags ack
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
TCP掃描
> nping --tcp -c 1 192.168.1.110 192.168.1.108 -p 22,3306 --flags=syn
Starting Nping 0.7.60 ( https://nmap.org/nping ) at 2018-04-05 11:08 CST
SENT (0.0428s) TCP 192.168.1.108:39046 > 192.168.1.110:22 S ttl=64 id=19287 iplen=40 seq=1799430370 win=1480
RCVD (0.0465s) TCP 192.168.1.110:22 > 192.168.1.108:39046 SA ttl=64 id=0 iplen=44 seq=2225990095 win=29200 <mss 1460>
SENT (1.0437s) TCP 192.168.1.108:39046 > 192.168.1.108:22 S ttl=64 id=19287 iplen=40 seq=1799430370 win=1480
SENT (2.0449s) TCP 192.168.1.108:39046 > 192.168.1.110:3306 S ttl=64 id=19287 iplen=40 seq=1799430370 win=1480
RCVD (2.0897s) TCP 192.168.1.110:3306 > 192.168.1.108:39046 SA ttl=64 id=0 iplen=44 seq=3017639874 win=29200 <mss 1460>
SENT (3.0468s) TCP 192.168.1.108:39046 > 192.168.1.108:3306 S ttl=64 id=19287 iplen=40 seq=1799430370 win=1480
Statistics for host 192.168.1.110:
| Probes Sent: 2 | Rcvd: 2 | Lost: 0 (0.00%)
|_ Max rtt: 44.817ms | Min rtt: 3.653ms | Avg rtt: 24.235ms
Statistics for host 192.168.1.108:
| Probes Sent: 2 | Rcvd: 0 | Lost: 2 (100.00%)
|_ Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Raw packets sent: 4 (160B) | Rcvd: 2 (92B) | Lost: 2 (50.00%)
Nping done: 2 IP addresses pinged in 4.09 seconds
arping
arping用在本地局域網(wǎng)中,判斷目標主機是否在線碌尔。
Usage: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination
-f : quit on first reply
-q : be quiet
-b : keep broadcasting, don't go unicast
-D : duplicate address detection mode
-U : Unsolicited ARP mode, update your neighbours
-A : ARP answer mode, update your neighbours
-V : print version and exit
-c count : how many packets to send
-w timeout : how long to wait for a reply
-I device : which ethernet device to use
-s source : source ip address
destination : ask for what ip address
如下判斷 192.168.1.110 主機是否在線
> arping -c 2 192.168.1.110 -w 1
ARPING 192.168.1.110 from 192.168.1.108 eth0
Unicast reply from 192.168.1.110 [24:05:0F:41:E3:87] 61.513ms
Unicast reply from 192.168.1.110 [24:05:0F:41:E3:87] 1.864ms
Sent 2 probes (1 broadcast(s))
Received 2 response(s)
netcat
對于netcat(nc)浇辜,我只想介紹其中一個功能——掃描主機端口
> nc -zvn -w 1 192.168.1.110 1-5555
(UNKNOWN) [192.168.1.110] 3306 (mysql) open
(UNKNOWN) [192.168.1.110] 80 (http) open
(UNKNOWN) [192.168.1.110] 22 (ssh) open
結(jié)尾
以上是一些比較常用ping工具了券敌,當然還有更強的的如nmap :)
bye~
