No firewalls can block icmp packets since its the basic way of communication & talking with the alive hosts. Many tools in linux use this protocol for OS fingerprinting such as sing & hping2. First we need to know the alive hosts in a subnet.
>for i in {1..254}; do ping -c1 192.168.0.$i; done |grep "ttl"
This command will print all reply summary from alive hosts
In this command, I'm using shell programming to ping all hosts in my subnet 192.168.0.0/24 .
We can also use another application called fping.
install fping by executing command
>sudo apt-get install fping
To query the network for alive hosts in the subnet 192.168.1.0/24 give the command.
>fping -g 192.168.1.0/24 | grep "alive"
or
>fping -g 192.168.1.0 192.168.1.255 | grep "alive"
Now as we have found the alive ips we can continue to OS fingerprinting
Install sing by command > sudo apt-get install sing
For OS fingerprinting type sing -O ip_address
There is another well known tool called NMAP, its glamourised in movies like MATRIX & Swordfish. It has varied options for playing around with the packets being send.
>nmap -v -sP 172.17.191.0/24 |grep "up" // scanning a subnet for alive ips
>nmap -v -v -A 172.17.191.203 // scanning a pc
If this command don't works try "nmap -v -v -A -PN 172.17.191.203" forcing icmp packets.
Zenmap is another tool, which is GUI version of nmap. GFI languard is another famous tool.
Watch this video on OS fingerprinting using Zenmap
Further reading .
http://nmap.org/book/osdetect.html
http://nostromo.joeh.org/osf.pdf
Mời tải về bản cập nhật Safari 9 Beta 2
9 years ago
No comments:
Post a Comment