Ping Lab

[toggle_content title="Transcript"] In this lab I want to talk about foot printing and reconnaissance utilities. Let us talk about ping command - so what I am going to do is open up a command line terminal here and really maximize this to get the best use of our space. The basic functionality of this tool is to really just test connectivity between the source and destination. There is a variety of different ways in which the protocol can be used. You can - depending on what utility of where you are actually doing it from. Meaning a host of router or switch etc. or a UNIX box really depends on the protocol used and you could use a packet sniffer to realistically look at exactly how this happens. But we are going to take a look here briefly on a windows client. The most part it is all basically the same you do get some results that are different like I said depending on what the source is but from a windows client. We are simply going to go the command prompt and we are going to type in ping /? and we are going to see what types of options we have on windows. So as we review this you can see that there is a tac t this basically just forces ping to operate and keep pinging and pinging and pinging and pinging until you tell to stop. There is -a or tac a for resolving the actually address to a host name there is tac n if you only want a particular number responses to come back. You can set the buffer size or the size of the packet going across from the source and destination using a -l you can do an f for fragments. You can do attack r for record the route but that only works for IP version - you have a tac w which is for the time out value actually in milliseconds - you also can specify whether you want to use IP version 4 or more importantly version 6 - it is likely to be on the upcoming horizon. So don't forget you can set to operate in IPv6 mode by just adding -6 to it. So let us go ahead and clear our screen and then just take a few examples of what this looks like. I am going to type in ping and you can say that I am going to get basically four responses back and you can see that is being hosted at the IP address 199 and 195 199.130 I can also do this in reverse if I want to. I could do a ping -a and hit enter and it wil try to resolve this in the reverse way and if you can come up with a name. It will - in this case the only thing that we were able to find here is that it is actually being hosted at the server 10 at So that is helpful in some of the things that I would hope for. Also you can see that the size right here is routinely 32 if I looked down that column here. You can see that the time out values are constantly in milli seconds and the average around 40 which is pretty I would say normal. Also the time to live which is the number of hops along the route until time out. In this case 56 which is more than enough to get to this destination. We also get a summary sent here and it says it sent for packets to received four packets and at zero percent loss. Other values here would be a 100% loss - every now and then you get something that is dropped one out of the four or it will come with something like 25% loss or 50% or 75% and then it is using it depending on the number of actual ICMP types and codes that actually sent across. So that is the basic construct of the ping command - now we can also do this a couple of different ways and actually see this command used differently and this is what I would go more into the intermediate or advanced style labs. So what we can do is we can ping in this case we are going to add an f and then the load size of 1500 and you will see here what comes back. It says packets need to be fragmented by the defragmented bit is set. So sometimes we can use that to our advantage and just learn a little bit about what goes on between our source and our destination. Now in this case there is likely to be a firewall between the source and destination and that is pretty indicative of basically not allowing the fragment bit to set. But what we could do here is we could change this. I could change this to like twelve hundred for the load size and you can see that I actually get responses when I set my load size to 1200 but I don't get them when the load size is at 1500 and again I am telling fragments at both these packets. So at 1500 the packets needs to be fragmented but at 1200 it didn't. So what I like realistically could do - I could do just kind of just guessing at this point and see exactly where it starts timing out and where it stops timing out. So I am just kind of incrementing up here from 1200 to 1300 to 1400 and then I will go to 1499 and you can see. 1499 is too high but 1400 is too low. So we will just kind of - we will keep doing this until we got right at that happy medium. So there at 1415 it worked we could jump up here to 1475 and we realistically took a dollar cent. So it going to be somewhere between 50 and 475. So let us try 1460. So it is above 1460 - so let us do 1466, 68, 69 and basically we are going to keep doing this until we get to that point where we know exactly where it is. 70, 71, 72 73, and there you go. So right between 1472 which I got a reply versus 1473 - which I did not get a reply that is basically the magic number on what I would be looking for. And so that is some pretty good information right there in terms of learning about between what goes on in the source and the destination in trying to find out exactly. How things are configured because it is going to be a lot of variables in between where ever you currently are versus where ever your destination currently is. So I am going to go ahead and clear the screen - we are going to do a couple of other things here. Let us try pinging with a dash n - in this case I am going to do a -n2 and you can see in this case the number of times realistically check this out. One time it went through and the other time it timed out at a 50% loss - so we can run that again and see if there is an anomaly there and it will probably was considering this time I ran it again. So interestingly enough you can see I dropped a packet right there. Other things we can do ping - let us go back to help. Let us look at the tac i - sometimes you have a tac-i and it really just depends on what version of windows you have - so we could do a ping techi and then number 4 and then and you can see that the I actually expired in transit. So I is specifically for the time to live. So I can set that so in this case the route is above 4 hops away between me and my destination and I could slowly start tweaking this to see exactly when I get a response and when I don't and that tells you. Kind of how far you are between you and your destination in terms of the number of hops. So I want to dial this in - normally I would do something like techi-1 and then 2 and then 3 and then 4, then 5 and then see when & exactly where their timing out and I could go all the way out realistically to a 100 here. But you see if I did it at i equals 10 I get a reply but if I did it down at 6 I timed out. So we will giggles here we would 8 which seems to be right in the middle and we will see if I gets a reply and that tells on average and even 8 looks like it is timing out. So that is a little bit about the ICMP utility or the ping utility. Ping is really the front end most of the time it is ICMP that goes across. So just in summary we use the techi for time to live the n for the number in which you actually want. We could have a t it is easy to show you a t real quick. Tech that will just keep doing it until basically I tell it to stop and you can see it is beyond the traditional force that is not there. You can also add a -a for host name resolution. So what I encourage you to do here is realistically get to know the utilities, instead of just looking into these utilities like ping. Ping and IP address really get intimate with utilities by looking at all of the options. [/toggle_content] Ping is a host path tracing tool. Its purpose is to test/validate connectivity of a targeted host source.  Ping also confirms the host IP address when successfully connected. This lab demonstrates its usefulness when pen testing.  
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?