Re: UDP Port 7 - trying to understand

From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
Date: Fri, 26 May 2006 14:52:20 -0500

On Thu, 25 May 2006, in the Usenet newsgroup comp.security.misc, in article
<4dmhreF1b52elU1@xxxxxxxxxxxxxx>, Sebastian Gottschalk wrote:

Moe Trin wrote:

The "ping" you are used to is the ICMP Type 8 packet, and has
nothing to do with TCP or UDP.

Nitpick: Solaris uses TCP-SYNs for pinging.

Oh, REALLY? That's not quite what the man page indicates. That's also
absolutely NOT what I see on the wire. Have you tried that?

NAME

ping- send ICMP (ICMP6) ECHO_REQUEST packets to network hosts

SYNOPSIS

/usr/sbin/ping host [timeout]
/usr/sbin/ping -s [-l| -U] [-adlLnrRv] [-A addr_family]
[-c traffic_class] [-g gateway [-g gateway...]] [-F flow_label]
[-I interval] [-i interface] [-P tos] [-p port] [-t ttl] host
[data_size] [npackets]

DESCRIPTION

The utility ping utilizes the ICMP (ICMP6 in IPv6) protocol's
ECHO_REQUEST datagram to elicit an ICMP (ICMP6) ECHO_RESPONSE from
the specified host or network gateway.

That a sol-10 box. The -U option (which is _not_ the default) uses UDP,
but UDP is not TCP.

-U
Send UDP packets instead of ICMP (ICMP6) packets. ping sends
UDP packets to consecutive ports expecting to receive back
ICMP (ICMP6) PORT_UNREACHABLE from the target host.

And it defaults to 33434 and incrementing (see the -p option), not port 7.
Are you thinking of 'nisping (1m)'? You may want to re-read that man page
again. Another possible application would be 'arping' or 'hping2' - neither
of which is a standard ping at all,

[compton ~]$ whatis hping2
arping (8) - sends arp and/or ip pings to a given host
hping2 (8) - send (almost) arbitrary TCP/IP packets to network hosts
[compton ~]$

and neither of which are Sun/Solaris applications (although they can be
installed from source).

Old guy
.

References:
- UDP Port 7 - trying to understand
  - From: Java and Swing
- Re: UDP Port 7 - trying to understand
  - From: Moe Trin
- Re: UDP Port 7 - trying to understand
  - From: Sebastian Gottschalk

Prev by Date: Re: Hackers use Google to get private information
Next by Date: capture/sniff/reconstruct graphic files
Previous by thread: Re: UDP Port 7 - trying to understand
Next by thread: Advanced Identification Systems & Biometrics Conference Announcement
Index(es):
- Date
- Thread

Relevant Pages

Re: G8 vs. G4C chess Match
... a ping is UDP based and thus 'connectionless'. ... A "ping" is an ICMP echo request, ... ICMP type 8, usually answered with a "pong" or ICMP echo reply, ICMP ... It's nothing to do with UDP. ...
(uk.radio.amateur)
Re: ping not working
... abusing the network with ping commands. ... You're posting to a Red Hat group - try using traceroute. ... because RFC0791 as originally written said no ICMP can create ... UDP, and so on - the router manufacturers of the day were silently dropping ...
(linux.redhat)
Re: W2k8 Server Reverse Ping nur bei ausgeschalteter Firewall
... Wenn ich UDP aktiviere, ... "Ping ServerName" eine Antwort. ... Ping geht doch via ICMP. ... Aber die Namensauflösung benutzt uA den UDP Port 137 ...
(microsoft.public.de.german.windows.server.networking)
Re: Internet Network issues
... The only thing ping actually tests is "ping" (ICMP). ... UDP work. ... > 1) website is responding, ...
(microsoft.public.windows.server.networking)
Re: Distributed ICMP/UDP scan or attack?
... Looks to me like a ping followed by a UDP connect. ... configured to ping first and use ten decoys. ... icmp at your firewall is a good way mitigate blind ... and tracking system please see: http://aris.securityfocus.com ...
(Incidents)