Difference between revisions of "ping"
From Noah.org
Jump to navigationJump to searchLine 5: | Line 5: | ||
I usually use nmap instead of ping to check the state of a given host and port. | I usually use nmap instead of ping to check the state of a given host and port. | ||
− | Nmap is essential for diagnosing network problems, but using the | + | Nmap is essential for diagnosing network problems, but using the default port-scan mode |
− | can be problematic because a lot of servers have automated [http://en.wikipedia.org/wiki/Intrusion-detection_system Intrusion Detection System] tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not | + | can be problematic because a lot of servers have automated [http://en.wikipedia.org/wiki/Intrusion-detection_system Intrusion Detection System] tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an [http://en.wikipedia.org/wiki/Intrusion-detection_system IDS]. The following will stealthily check the state of port 22 (SSH) without sending a PING: |
<pre>nmap -P0 -sS -p22 www.example.com</pre> | <pre>nmap -P0 -sS -p22 www.example.com</pre> |
Revision as of 17:18, 26 June 2007
nmap "ping"
I usually use nmap instead of ping to check the state of a given host and port. Nmap is essential for diagnosing network problems, but using the default port-scan mode can be problematic because a lot of servers have automated Intrusion Detection System tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an IDS. The following will stealthily check the state of port 22 (SSH) without sending a PING:
nmap -P0 -sS -p22 www.example.com
This is a similar check for port 80 (http):
nmap -P0 -sS -p80 www.example.com