-g, –generate generate target list (only if no -f specified)
(give start and end IP in the target list, or a CIDR address)
(ex. fping -g 192.168.1.0 192.168.1.255 or fping -g 192.168.1.0/24)
fping --help Usage: fping [options] [targets...] Probing options: -4, --ipv4 only ping IPv4 addresses -6, --ipv6 only ping IPv6 addresses -b, --size=BYTES amount of ping data to send, in bytes (default: 56) -B, --backoff=N set exponential backoff factor to N (default: 1.5) -c, --count=N count mode: send N pings to each target -f, --file=FILE read list of targets from a file ( - means stdin) -g, --generate generate target list (only if no -f specified) (give start andend IP in the target list, or a CIDR address) (ex. fping -g 192.168.1.0192.168.1.255or fping -g 192.168.1.0/24) -H, --ttl=N set the IP TTL value (Time To Live hops) -I, --iface=IFACE bind to a particular interface -l, --loop loop mode: send pings forever -m, --all use all IPs of provided hostnames (e.g. IPv4 and IPv6), use with -A -M, --dontfrag set the Don't Fragment flag -O, --tos=N set the type of service (tos) flag on the ICMP packets -p, --period=MSEC interval between ping packets to one target (in ms) (inloopand count modes, default: 1000 ms) -r, --retry=N number of retries (default: 3) -R, --random random packet data (to foil link data compression) -S, --src=IP set source address -t, --timeout=MSEC individual target initial timeout (default: 500 ms, except with -l/-c/-C, where it's the -p period up to2000 ms) Output options: -a, --alive show targets that are alive -A, --addr show targets by address -C, --vcount=N same as -c, report results in verbose format -D, --timestamp print timestamp before each output line -e, --elapsed show elapsed time on return packets -i, --interval=MSEC interval between sending ping packets (default: 10 ms) -n, --name show targets by name (-d is equivalent) -N, --netdata output compatible for netdata (-l -Q are required) -o, --outage show the accumulated outage time (lost packets * packet interval) -q, --quiet quiet (don't show per-target/per-ping results) -Q, --squiet=SECS same as -q, but show summary every n seconds -s, --stats print final stats -u, --unreach show targets that are unreachable -v, --version show version
用法如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
> fping -I eth0 -b 64 -f list_targets -a -q -s 192.168.1.16 : xmt/rcv/%loss = 2/2/0%, min/avg/max = 58.0/74.1/90.1 192.168.1.15 : xmt/rcv/%loss = 2/0/100% 192.168.1.110 : xmt/rcv/%loss = 2/2/0%, min/avg/max = 1.48/3.39/5.31 3 targets 2 alive 1 unreachable 0 unknown addresses 1 timeouts (waiting for response) 6 ICMP Echos sent 4 ICMP Echo Replies received 0 other ICMP received 1.48 ms (min round trip time) 38.7 ms (avg round trip time) 90.1 ms (max round trip time) 2.022 sec (elapsed real time)
> hping3 -h usage: hping3 host [options] -h --help show this help -v --version show version -c --count packet count -i --interval wait (uX for X microseconds, for example -i u1000) --fastalias for -i u10000 (10 packets for second) --fasteralias for -i u1000 (100 packets for second) --flood sent packets as fast as possible. Don't show replies. -n --numeric numeric output -q --quiet quiet -I --interface interface name (otherwise default routing interface) -V --verbose verbose mode -D --debug debugging info -z --bind bind ctrl+z to ttl (default to dst port) -Z --unbind unbind ctrl+z --beep beep for every matching packet received Mode default mode TCP -0 --rawip RAW IP mode -1 --icmp ICMP mode -2 --udp UDP mode -8 --scan SCAN mode. Example: hping --scan 1-30,70-90 -S www.target.host -9 --listen listen mode IP -a --spoof spoof source address --rand-dest random destionation address mode. see the man. --rand-source random source address mode. see the man. -t --ttl ttl (default 64) -N --id id (default random) -W --winid use win* id byte ordering -r --rel relativize id field (to estimate host traffic) -f --frag split packets in more frag. (may pass weak acl) -x --morefragset more fragments flag -y --dontfragset don't fragment flag -g --fragoffset the fragment offset -m --mtuset virtual mtu, implies --fragif packet size > mtu -o --tos type of service (default 0x00), try--toshelp -G --rroute includes RECORD_ROUTE option and display the route buffer --lsrr loose source routing and record route --ssrr strict source routing and record route -H --ipprotoset the IP protocol field, only in RAW IP mode ICMP -C --icmptype icmp type (default echo request) -K --icmpcode icmp code (default 0) --force-icmp send all icmp types (default send only supported types) --icmp-gwset gateway address for ICMP redirect (default 0.0.0.0) --icmp-ts Alias for --icmp--icmptype 13 (ICMP timestamp) --icmp-addr Alias for --icmp--icmptype 17 (ICMP address subnet mask) --icmp-help display help for others icmp options UDP/TCP -s --baseport base source port (default random) -p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec -k --keep keep still source port -w --win winsize (default 64) -O --tcpoffset fake tcp data offset (instead of tcphdrlen / 4) -Q --seqnum shows only tcp sequence number -b --badcksum(try to) send packets with a bad IP checksum many systems will fix the IP checksum sending the packet so you'll get bad UDP/TCP checksum instead. -M --setseqset TCP sequence number -L --setackset TCP ack -F --finset FIN flag -S --synset SYN flag -R --rstset RST flag -P --pushset PUSH flag -A --ackset ACK flag -U --urgset URG flag -X --xmasset X unused flag (0x40) -Y --ymasset Y unused flag (0x80) --tcpexitcode use last tcp->th_flags as exit code --tcp-mss enable the TCP MSS option with the given value --tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime Common -d --data data size (default is 0) -E --file data from file -e --sign add 'signature' -j --dump dump packets in hex -J --print dump printable characters -B --safe enable 'safe' protocol -u --end tell you when --file reached EOF and prevent rewind -T --traceroute traceroute mode (implies --bind and --ttl 1) --tr-stop Exit when receive the first not ICMP in traceroute mode --tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop --tr-no-rtt Don't calculate/show RTT information in traceroute mode ARS packet description (new, unstable) --apd-send Send the packet described with APD (see docs/APD.txt)
Nping 0.7.60 ( https://nmap.org/nping ) Usage: nping [Probe mode] [Options] {target specification} TARGET SPECIFICATION: Targets may be specified as hostnames, IP addresses, networks, etc. Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.*.1-24 PROBE MODES: --tcp-connect : Unprivileged TCP connect probe mode. --tcp : TCP probe mode. --udp : UDP probe mode. --icmp : ICMP probe mode. --arp : ARP/RARP probe mode. --tr, --traceroute : Traceroute mode (can only be used with TCP/UDP/ICMP modes). TCP CONNECT MODE: -p, --dest-port <port spec> : Set destination port(s). -g, --source-port <portnumber> : Try to use a custom source port. TCP PROBE MODE: -g, --source-port <portnumber> : Set source port. -p, --dest-port <port spec> : Set destination port(s). --seq <seqnumber> : Set sequence number. --flags <flag list> : Set TCP flags (ACK,PSH,RST,SYN,FIN...) --ack <acknumber> : Set ACK number. --win <size> : Setwindow size. --badsum : Use a random invalid checksum. UDP PROBE MODE: -g, --source-port <portnumber> : Set source port. -p, --dest-port <port spec> : Set destination port(s). --badsum : Use a random invalid checksum. ICMP PROBE MODE: --icmp-type <type> : ICMP type. --icmp-code <code> : ICMP code. --icmp-id <id> : Set identifier. --icmp-seq <n> : Set sequence number. --icmp-redirect-addr <addr> : Set redirect address. --icmp-param-pointer <pnt> : Set parameter problem pointer. --icmp-advert-lifetime <time> : Set router advertisement lifetime. --icmp-advert-entry <IP,pref> : Add router advertisement entry. --icmp-orig-time <timestamp> : Set originate timestamp. --icmp-recv-time <timestamp> : Set receive timestamp. --icmp-trans-time <timestamp> : Set transmit timestamp. ARP/RARP PROBE MODE: --arp-type <type> : Type: ARP, ARP-reply, RARP, RARP-reply. --arp-sender-mac <mac> : Set sender MAC address. --arp-sender-ip <addr> : Set sender IP address. --arp-target-mac <mac> : Set target MAC address. --arp-target-ip <addr> : Set target IP address. IPv4 OPTIONS: -S, --source-ip : Set source IP address. --dest-ip <addr> : Set destination IP address (used asan alternative to {target specification} ). --tos <tos> : Settype of service field (8bits). --id <id> : Set identification field (16 bits). --df : Set Don't Fragment flag. --mf : SetMore Fragments flag. --ttl <hops> : Set time to live [0-255]. --badsum-ip : Use a random invalid checksum. --ip-options <S|R [route]|L [route]|T|U ...> : Set IP options --ip-options <hex string> : Set IP options --mtu <size> : Set MTU. Packets get fragmented if MTU is small enough. IPv6 OPTIONS: -6, --IPv6 : Use IP version 6. --dest-ip : Set destination IP address (used asan alternative to {target specification}). --hop-limit : Set hop limit (same as IPv4 TTL). --traffic-class <class> : : Set traffic class. --flow <label> : Set flow label. ETHERNET OPTIONS: --dest-mac <mac> : Set destination mac address. (Disables ARP resolution) --source-mac <mac> : Set source MAC address. --ether-type <type> : Set EtherType value. PAYLOAD OPTIONS: --data <hex string> : Include a custom payload. --data-string <text> : Include a custom ASCII text. --data-length <len> : Include len random bytes as payload. ECHO CLIENT/SERVER: --echo-client <passphrase> : Run Nping in client mode. --echo-server <passphrase> : Run Nping in server mode. --echo-port <port> : Use custom <port> to listen or connect. --no-crypto : Disable encryption and authentication. --once : Stop the server after one connection. --safe-payloads : Erase application data in echoed packets. TIMING AND PERFORMANCE: Options which take <time> are in seconds, or append 'ms' (milliseconds), 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m, 0.25h). --delay <time> : Adjust delay between probes. --rate <rate> : Send num packets per second. MISC: -h, --help : Displayhelp information. -V, --version : Display current version number. -c, --count <n> : Stop after <n> rounds. -e, --interface <name> : Use supplied network interface. -H, --hide-sent : Do not display sent packets. -N, --no-capture : Do not try to capture replies. --privileged : Assume user is fully privileged. --unprivileged : Assume user lacks raw socket privileges. --send-eth : Send packets at the raw Ethernet layer. --send-ip : Send packets using raw IP sockets. --bpf-filter <filter spec> : Specify custom BPF filter. OUTPUT: -v : Increment verbosity level byone. -v[level] : Set verbosity level. E.g: -v4 -d : Increment debugging level byone. -d[level] : Set debugging level. E.g: -d3 -q : Decrease verbosity level byone. -q[N] : Decrease verbosity level N times --quiet : Set verbosity and debug level to minimum. --debug : Set verbosity and debug to the max level. EXAMPLES: nping scanme.nmap.org nping --tcp -p 80 --flags rst --ttl 2 192.168.1.1 nping --icmp --icmp-type time --delay 500ms 192.168.254.254 nping --echo-server "public" -e wlan0 -vvv nping --echo-client "public" echo.nmap.org --tcp -p1-1024 --flags ack SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
TCP扫描
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
> nping --tcp -c 1192.168.1.110192.168.1.108 -p 22,3306--flags=syn Starting Nping 0.7.60 ( https://nmap.org/nping ) at 2018-04-0511:08 CST SENT (0.0428s) TCP 192.168.1.108:39046 > 192.168.1.110:22 S ttl=64id=19287iplen=40seq=1799430370win=1480 RCVD (0.0465s) TCP 192.168.1.110:22 > 192.168.1.108:39046 SA ttl=64id=0iplen=44seq=2225990095win=29200 <mss 1460> SENT (1.0437s) TCP 192.168.1.108:39046 > 192.168.1.108:22 S ttl=64id=19287iplen=40seq=1799430370win=1480 SENT (2.0449s) TCP 192.168.1.108:39046 > 192.168.1.110:3306 S ttl=64id=19287iplen=40seq=1799430370win=1480 RCVD (2.0897s) TCP 192.168.1.110:3306 > 192.168.1.108:39046 SA ttl=64id=0iplen=44seq=3017639874win=29200 <mss 1460> SENT (3.0468s) TCP 192.168.1.108:39046 > 192.168.1.108:3306 S ttl=64id=19287iplen=40seq=1799430370win=1480
Statistics for host 192.168.1.110: | Probes Sent: 2 | Rcvd: 2 | Lost: 0 (0.00%) |_ Max rtt: 44.817ms | Min rtt: 3.653ms | Avg rtt: 24.235ms Statistics for host 192.168.1.108: | Probes Sent: 2 | Rcvd: 0 | Lost: 2 (100.00%) |_ Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A Raw packets sent: 4 (160B) | Rcvd: 2 (92B) | Lost: 2 (50.00%) Nping done: 2 IP addresses pinged in4.09 seconds
arping
arping用在本地局域网中,判断目标主机是否在线
1 2 3 4 5 6 7 8 9 10 11 12 13
Usage: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination -f : quit on first reply -q : be quiet -b : keep broadcasting, don't go unicast -D : duplicate address detection mode -U : Unsolicited ARP mode, update your neighbours -A : ARP answer mode, update your neighbours -V : print version andexit -c count : how many packets to send -w timeout : how long to wait for a reply -I device : which ethernet device to use -s source : source ip address destination : askfor what ip address
> nc-zvn-w1192.168.1.1101-5555 (UNKNOWN) [192.168.1.110]3306 (mysql) open (UNKNOWN) [192.168.1.110]80 (http) open (UNKNOWN) [192.168.1.110]22 (ssh) open