This article only summarizes the implementation principles of the two commonly used network commands and some practical instructions. These things are usually distributed in a variety of books or articles. I am so diligent, so I can sum up, and I have a little understanding and experience to help you understand. These are also very basic things, nothing advanced.
Ping
This should be used by everyone. The most important thing is to check whether the target host can be connected. The Ping program sends an ICMP echo request packet to the target host and waits for the echo ICMP response. Then print the echo message. A Ping failure does not necessarily indicate that the IP address does not exist or is not connected to the network, because the host of the other party may have restrictions, such as installing a firewall, therefore, Ping failure does not mean that you cannot use FTP or TELNET to connect.
PING results include the number of bytes, response time, and survival time. The Ping program calculates the return time by storing the request sending time in the ICMP packet data. When a response is returned, the response time is obtained based on the current time minus the sending time of the message. TTL is stored in the IP datagram header and can be obtained directly.
When I talked to Dancefire last time about Skynet firewall, isn't Skynet capable of identifying which programs are connecting to the network? When I tried to use Ping, SkyNet didn't know, there is no warning. Can the ICMP Trojan be prevented by Skynet?
Tracert
A probe routing program allows us to see the route through which the IP datagram reaches the destination.
Tracert uses the TTL value in the ICMP and IP datagram headers. TTL (Time To Live) is the survival Time of an IP datagram. When each IP datagram passes through a vro, the TTL value is subtracted from 1 or the stay Time in the vro, however, most data packets stay in the vro for less than one second. Therefore, the TTL value is actually reduced by 1. In this way, the TTL value is equivalent to the counter of a vro.
When the router receives an IP datagram whose TTL is 0 or 1, the router no longer forwards the data, but directly discards it and sends an ICMP "timeout" message to the source host. The key to the Tracert program is that the source address of the IP header of the echo icmp packet is the IP address of the router. At the same time, if the destination host is reached, we cannot know, So Tracert also sends a UDP message to the destination host, and selects a large value as the UDP port, this prevents any application on the host from using this port. Therefore, when the target host is reached, the UDP module generates an error "the port cannot be reached" to determine whether the destination is reached.
It is said that the TTL value obtained by ping is used to determine the host type. This method can be roughly used to determine why the common TTL value is not the standard. This is because ICMP data packets are routed to the vro line. Therefore, ping and tracert are used together to determine the host type more easily (but not necessarily the two routes are the same, so, it is still an approximate value, but it is closer to the point, and the default TTL value of the host can be changed ).
C:> ping 211.99.199.204
Pinging 211.99.199.204 with 32 bytes of data:
Reply from 211.99.199.204: bytes = 32 time = 20 ms TTL = 248
Reply from 211.99.199.204: bytes = 32 time <10 ms TTL = 248
Reply from 211.99.199.204: bytes = 32 time = 10 ms TTL = 248
Reply from 211.99.199.204: bytes = 32 time = 10 ms TTL = 248
Ping statistics for 211.99.199.204:
Packets: Sent = 4 bytes ED = 4 Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0 ms Maximum = 20 ms Average = 10 ms
C:> tracert 211.99.199.204
Tracing route to 211.99.199.204 over a maximum of 30 hops
1 10 MS 10 MS 20 MS 211.99.57.121
2 10 MS 10 MS 10 MS 202.96.13.1
3 MS 10 MS 20 MS 202.96.13.62
4 20 MS 10 MS 10 MS 210.77.139.186
5 <10 MS 10 MS 20 MS 210.77.139.170
6 <10 MS <10 MS 10 MS 211.99.193.154
7 <10 MS 10 MS <10 MS 211.99.199.204
Trace complete.
C:>
The TTL obtained by Ping is 248, which is reduced by 7 after 7 routers. Therefore, the TTL value of the host is 255. In this case, let's judge. Below are the default TTL values for some hosts.
The TTL field value of LINUX Kernel 2.2.x & 2.4.x ICMP echo response is 64.
FreeBSD 4.1 4.0 3.4;
Sun Solaris 2.5.1 2.6 2.7 2.8;
OpenBSD 2.6 2.7
NetBSD
Hp ux 10.20
The TTL field value of the ICMP echo response is 255
Windows 95/98/98SE
Windows ME
The TTL field value of the ICMP echo response is 32.
Windows NT
Windows 2000
The TTL field value of the ICMP echo response is 128