Difference between revisions of "ping"
m (→nmap "ping") |
|||
| Line 41: | Line 41: | ||
== nmap "ping" == | == nmap "ping" == | ||
| − | I usually use nmap instead of ping to check the state of a given host and port. | + | I usually use '''nmap''' instead of '''ping''' to check the state of a given host and port. |
See also [[Traceroute#tcptraceroute]] for checking host:port. | See also [[Traceroute#tcptraceroute]] for checking host:port. | ||
| − | Nmap is essential for diagnosing network problems, but using the default port-scan mode | + | Nmap is essential for diagnosing network problems, but using the default port-scan mode can be problematic because a lot of servers have automated [http://en.wikipedia.org/wiki/Intrusion-detection_system Intrusion Detection System] tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an [http://en.wikipedia.org/wiki/Intrusion-detection_system IDS]. The following will stealthily check the state of port 22 (SSH) without sending a PING: |
| − | can be problematic because a lot of servers have automated [http://en.wikipedia.org/wiki/Intrusion-detection_system Intrusion Detection System] tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an [http://en.wikipedia.org/wiki/Intrusion-detection_system IDS]. The following will stealthily check the state of port 22 (SSH) without sending a PING: | ||
<pre>nmap -P0 -sS -p22 www.example.com</pre> | <pre>nmap -P0 -sS -p22 www.example.com</pre> | ||
Latest revision as of 11:28, 4 December 2019
ping patterns
Some network problems can be caused at a very low level where errors are triggered by signal noise and problems with data representation in signaling. Some data patterns can help reveal these problems. PIng can be used to send specific patterns useful for testing. ping -g 00 # all zeroes FF # all ones 55 # alternating ones and zeros and ones (assuming big-endian bit order same as big-endian network byte order, otherwise you would see alternating zeros and ones (starting with zero) 80 - one with seven zeros (1 n 7) 1000 - one with 15 zeros
Network Byte Order
The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).
To send a 32-bit integer 0xA0B0C0D (decimal 168496141) in big-endian/network byte order
the following table shows how the bits are transmitted, reading from left to right.
We name the most significant byte byte zero (representing 0x0A).
Network byte order is big-endian for both byte order and for bit order.
The most significant bit of most significant byte first).
The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).
byte offset 0 1 2 3
bit offset 01234567 01234567 01234567 01234567
-----------------------------------------------------
binary 00001010 00001011 00001100 00001101
hex byte 0A 0B 0C 0D
00 # zeroes FF # ones 55 # alternating zeros and ones 80 # one with seven zeros (1 n 7) 1000 # one with 15 zeros
nmap "ping"
I usually use nmap instead of ping to check the state of a given host and port. See also Traceroute#tcptraceroute for checking host:port. Nmap is essential for diagnosing network problems, but using the default port-scan mode can be problematic because a lot of servers have automated Intrusion Detection System tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an IDS. The following will stealthily check the state of port 22 (SSH) without sending a PING:
nmap -P0 -sS -p22 www.example.com
This is a similar check for port 80 (http):
nmap -P0 -sS -p80 www.example.com
