traceroute icmp

1. traceroute first sends an IP packet whose TTL is 1 to the target address. The first router drops the TTL by 1, discards the packet, and sends an ICMP time exceeded message to the source address, in this way, the first route in the path is retrieved. traceroute then sends an IP packet whose TTL is 2 to the target address, so that each route in the path is retri

the TCP protocol-t-p* 3. Using ICMP protocol-I. ** Traceroute www.baidu.com* Traceroute-n www.baidu.com* traceroute-t-P 80-n www.baidu.com** mtr* default is installed* mtr www.baidu.com* Loss Items ** View route hop count, drop packet condition. *//*** Bulk Host service Scan* Purpose: Batch host survival Scan, scan fo

status meaning CLOSED does not use this socket LISTEN socket is listening for inbound connection SYN_SENT socket is trying to establish a connection SYN_RECEIVED is in the initial synchronization state of the connection. The ESTABLISHED connection has been ESTABLISHED. CLOSE_WAIT remote socket closed: waiting to close this socket The FIN_WAIT_1 socket is closed and the connection is being closed. The CLOSING socket is closed, the remote socket is closed, and the close confirmation is temporaril

returned. UDP is non-connection-oriented, so there is no confirmation Information to confirm whether the package has arrived at the destination correctly. Therefore, if your firewall discards the UDP packet, it will open all the UDP ports (?). Some packets on the Internet will be discarded normally, and even some UDP packets sent to the disabled port (non-firewall) will not reach the destination, they will return a reset UDP packet. For this reason, UDP port scanning is always inaccurate and

completed at the application layer. (Or accidental arrival ). Note: Normally, when a UDP packet reaches a closed port, a UDP reset packet is returned. Because UDP is non-connection-oriented, there is no confirmation information to confirm whether the package has arrived at the destination correctly. Therefore, if your firewall discards the UDP packet, it will open all the UDP ports (?). Some packets on the Internet will be discarded normally, and even some UDP packets sent to the disabled port

). Note: Normally, when a UDP packet reaches a closed port, a UDP reset packet is returned. Because UDP is non-connection-oriented, there is no confirmation information to confirm whether the package has arrived at the destination correctly. Therefore, if your firewall discards the UDP packet, it will open all the UDP ports (?). Some packets on the Internet will be discarded normally, and even some UDP packets sent to the disabled port (non-firewall) will not reach the destination, they will

(ping, traceroute-Note that the current UNIX system is traceroute with UDP packets instead of ICMP), error messages (Network/HOST/Port unreachable Network/host/port Unreachable ), information (timestamp timestamp, address mask addresses mask request, etc), or control information (source quench, redirect, etc.).You can find the type of

completely replaces B. What follows is like an intruder's mood. In this sense, any machine's Sniffer can be used to track all communication data ). As mentioned above, I still only have an understanding of the concept and principle and a summary of these aspects. It is not enough to achieve the level of practice. Network Packet Capture is now available, but it is still early to talk about protocol analysis. It is difficult to even construct RAW Socket. If you want to use other methods, it is ev

source IP to simulate DDoS attacks-A forged IP addressHping-p 22-s 10.10.163.233hping-p 22-s 10.10.163.233-a 10.10.163.235Route Scan:Query the number of hops, latency, and delays of a host's route to another hostCommon tools: Traceroute, MTRMTR features: Can test the host to each routing between the connectivityTraceroute parameter Description:Yum Install Traceroute① default UDP protocol (more than 30000 p

The port can be divided into 3 main categories: 1) Accepted ports (well known Ports): from 0 to 1023, they are tightly bound to some services. Usually the communication of these ports clearly indicates the protocol of some kind of service. For example: Port 80 is actually always HTTP traffic. 2 registration port (registered Ports): from 1024 to 49151. They are loosely bound to some services. This means that there are many services that are bound to these ports and are used for many other purpose

Traceroute), let's take a look at the result of this command on the second machine above D:/documents and Settings/hx>tracert 61.152.104.40 Tracing route to 61.152.104.40 over a maximum of hops MS-MS-MS 10.120.32.1 Geneva MS-MS 219.233.244.105 219.233.238.173 Ms Ten MS Ms. Ms 219.233.238.13 MS-MS 202.96.222.73 MS-MS-MS 202.96.222.121 (ms) Ms 61.152.81.86 MS-MS 61.152.87.162 Ms 61.152.99.26 Ms Ms 61.152.99.94 MS-MS-61.152.104.40 Trace co

Traceroute uses ICMP and ttl,icmp for Echo information, including ip,ttl,sequence number, and so on. The TTL field is the initial set field of the sender, the RFC specifies a value of 64, for each router that processes the packet needs to reduce the value of TTL 1 or less time spent in the router, the general router forwarding packet delay of not more than 1s, so

, TCP is not.Seventh Chapter: Ping ProgramHere is the main discussion of the IP record routing options for PingA. Message format　　　　This is the format of the ICMP record routing path, the disadvantage is that it can only record nine, and it records the IP of the routed exit, the destination host's IP will also be recorded, and it records a loop, back and forth to record, the utilization is not high.B.ttlThis value is determined by the sender, for exam

will send the ICMP redirect information to the attacked host, let the host according to the requirements of the hacker to modify the routing table.Experiment PreparationInstall Traceroute:sudo apt-get install tracerouteVirtual Machine Network Configuration Machine Index HWAddr ipaddr 1 00:1c:42:6f:5b:ee 10.211.55.27 2 00:1c:42:cc:87:b6 10.211.55.29

, and all data will pass through the attacker's machine, so there is a great security risk. Defense of ARP Spoofing 1. Do not put your network security trust relationship on the basis of IP address or hardware MAC address, (Rarp also has the problem of deception), the ideal relationship should be based on Ip+mac. 2. Set the static Mac-->ip corresponding table, do not let the host refresh the conversion table you set. 3. Stop using ARP unless it is necessary to save ARP as a permanent entry in t

The ports can be divided into 3 main categories: 1) Recognized ports (well known Ports): from 0 to 1023, they are tightly bound to some services. Usually the communication of these ports clearly indicates the protocol of a certain service. For example: Port 80 is actually always HTTP traffic. 2) Register port (registered Ports): from 1024 to 49151. They are loosely tied to some services. This means that there are many services bound to these ports, which are also used for many other purposes. Fo

: Target HostSendSend and Reply packetsThen, you can check it based on the reply of the target host. Principle: Send a series of IP datagram to the target host. The IP datagram contains a UDP datagram that cannot be delivered (the port is invalid ). Specifically, there are two types of datagram. Working principle: Traceroute sends a series of IP datagram to the target host from the source host. The datagram encapsulates a UDP User Datagram that canno

-p tcp -- tcp-flags RST, ACK-m limit -- limit 5/minute-j LOG -- log-level notice -- log-prefix "RST/ACK:" Iptables-a forward-p tcp -- tcp-flags RST, ACK-j DROP # Deny pings from outside Iptables-a forward-p icmp -- icmp-type 0/0-d 192.168.9.0/24-j ACCEPT Iptables-a forward-p icmp -- icmp-type 0/0-m limit -- limit 5

Preface The ESTABLISHED State http://waringid.blog.51cto.com/65148/512140 In the iptables firewall connection status was discussed earlier ). In addition to this status, iptables is still in the following status, and I will try again later. The network structure of the experiment is accurate. 650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'width = "531" height = "249" border = "0" src = "http://www.bkjia.com/uploads/allimg/131227/0TK

Overview Although the Protocol family is called "TCP/IP", there are many other members in addition to the two main protocols, TCP and IP. Figure 2-1 shows an overview of these protocols. Figure 2-1 shows both IPv4 and IPv6. From the right to the left, the five network applications on the rightmost are using IPV6, And the next six network applications are using IPv4. The network application named tcpdump on the leftmost side can use the BSD grouping filter (BPF) or the data link layer Provi