Nmap Series D------OSI three-layer scanning

Source: Internet
Author: User

host scan discovery via OSI layer three (network layer)

OSI The third layer of the model is the data link layer, where the protocols that work primarily are IP and ICMP. You can use different IP protocols to send different packages to the target host. You can also use different ICMP requests to determine if the target host is online.

Network layer

To establish a reply between the communication applications of the computer

IP , ICMP

1, ippingScan

principle : The host Discovery principle is similar to the ping command, which is to send a packet to the target host, indicating that the target host is alive if a reply is received.

IP The protocol ping scanning technique is to send different packages to the destination host by using different IP protocols (ICMP: Protocol number 1,IGMP: protocol number 2,TCP: protocol number 6,UDP: protocol number 17). If the source host receives a response, it indicates that the target host is online.

IP protocol Ping Scan syntax format:

>nmap-po [ target ip/target hostname]

Example 1 scans the host 192.168.1.1 through ARP ping to determine if the host is alive (preferably add-sp).

>nmap-po 192.168.1.1

C:\windows\system32>nmap-sp-po 192.168.1.1

starting Nmap 6.47 (http://nmap.org) at 2015-07-0618:48 China Standard Time

Nmap Scan Report for 192.168.1.1

Host is up (0.0010s latency).

MAC address:14:75:90:92:b2:40 (Tp-link Technologiesco.)

Nmap done:1 IP Address (1 host up) scanned in 24.20seconds

2, IcmppingScan

principle : The host Discovery principle is similar to the ping command, which is to send a packet to the target host, indicating that the target host is alive if a reply is received.

ICMP Full name Internet Control Message Protocol. There are several ICMP ping scanning techniques, namely ICMP echo Ping, icmp timestamp ping, ICMP mask ping, which detects if the target host is online by sending an ICMP echo packet to the target host.

ICMP Echo Ping Scan Syntax Format:

>nmap-sp-pe [ target ip/target hostname]

Example 1 scans host 192.168.1.1 with ICMP Echo ping to determine if the host is alive (preferably add-sp).

>nmap-sp-pe 192.168.1.1

C:\windows\system32>nmap-sp-pe 192.168.1.102

starting Nmap 6.47 (http://nmap.org) at 2015-07-0623:39 China Standard Time

Note:host seems down. If It is really up, but Blockingour ping probes, TRY-PN

Nmap done:1 IP Address (0 hosts up) scanned in 13.71seconds

From above we can see the router scan, the route will be the ICMP echo packet is lost

ICMP Timestamp ping Scan syntax format:

>nmap-sp-pp [ target ip/target hostname]

Example 2 pings the host 192.168.1.1 with the ICMP timestamp to determine if the host is alive (preferably add-sp).

>NMAP-SP-PP 192.168.1.1

C:\windows\system32>nmap-sp-pe 192.168.1.1

starting Nmap 6.47 (http://nmap.org) at 2015-07-0623:45 China Standard Time

Nmap Scan Report for 192.168.1.1

Host is up (0.00s latency).

MAC address:14:75:90:92:b2:40 (Tp-link Technologiesco.)

Nmap done:1 IP Address (1 host up) scanned in 24.31seconds

ICMP Mask Ping Scan syntax format:

>nmap-sp-pm [ target ip/target hostname]

Example 3 uses the ICMP mask ping to scan the host 192.168.1.1 to determine if the host is alive (preferably add-sp).

>NMAP-SP-PM 192.168.1.1

C:\WINDOWS\SYSTEM32>NMAP-SP-PM 192.168.1.1

starting Nmap 6.47 (http://nmap.org) at 2015-07-0715:23 China Standard Time

Nmap Scan Report for 192.168.1.1

Host is up (0.0030s latency).

MAC address:14:75:90:92:b2:40 (Tp-link Technologiesco.)

Nmap done:1 IP Address (1 host up) scanned in 24.23seconds


This article from "Technology bo" blog, declined reprint!

Nmap Series D------OSI three-layer scanning

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.