PDA

View Full Version : ping



Pages : [1] 2

Witch_King
09-22-2001, 12:11 AM
How do people use 'ping' in the command prompt? What can you learn from it. I don't get it.

no-one
09-22-2001, 12:21 AM
ping [ipadress]
or
ping [computername] (must have netboui installed)

or to see what else it can do

ping /?

mithrandir
09-22-2001, 12:25 AM
From a DOS prompt...

C:\>ping 65.85.170.164

Pinging 65.85.170.164 with 32 bytes of data:

Reply from 65.85.170.164: bytes=32 time=870ms TTL=113
Reply from 65.85.170.164: bytes=32 time=770ms TTL=113
Reply from 65.85.170.164: bytes=32 time=801ms TTL=113
Request timed out.

Ping statistics for 65.85.170.164:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 770ms, Maximum = 870ms, Average = 610ms



To test the reachability of a device across a network, a TCP/IP ICMP (Internet Control Message Protocol) echo request can be sent. An ICMP echo request, generated by the Ping command.

PING (Packet Internet Groper) is a diagnostic utility used to determine whether a computer is properly connected to devices/Internet. However, it can be used to "flood" network access of a computer.

Betazep
09-22-2001, 12:28 AM
play around with

tracert
route print
netstat

no-one
09-22-2001, 12:29 AM
i hope to god thats not someone you know's ip stealth.

mithrandir
09-22-2001, 12:31 AM
If you want to work out your own IP Witch_King, from a DOS prompt type winipcfg, or ipconfig.

mithrandir
09-22-2001, 12:34 AM
That IP tried to hack me, but zonealarm got it. Anyway, I could type in any ip say 192.148.66.10 and it would ping it - any random ip will work usually. That's how most hacks are done.

no-one
09-22-2001, 12:36 AM
hah... actually that ping is terrible for a cable modem 750+ he must some distance from you r have UT runnin in the background or somethin...

mithrandir
09-22-2001, 12:41 AM
Okay bad example, but anyway, its mostly a trial and error process. Cable users are easier targets as their IPs are usually fixed.

no-one
09-22-2001, 12:42 AM
quite true, but the same goes for DSL, though Cable IP's change like once every 3 months or somethin like that depends on your ISP i guess.

mithrandir
09-22-2001, 12:45 AM
Not that I would target anyone, although doing the CCNA has taught me heaps about hacking.

no-one
09-22-2001, 12:47 AM
it will do that.

no-one
09-22-2001, 12:50 AM
so how "Certified" are you?

mithrandir
09-22-2001, 12:58 AM
I haven't finished the course yet, but before I started I'd been doing network related stuff for about a year. Short answer: I'm not certified yet.

no-one
09-22-2001, 01:00 AM
thats cool, Good luck hope ya make it.

good way to pick up all the standard security holes though... as you said good way to learn hacking.

mithrandir
09-22-2001, 01:03 AM
Thanks no-one. Yeah well you pick up on things that you wouldn't expect. It's also been cool learning to configure routers as well.

Witch_King
09-22-2001, 01:08 AM
Okay, I didn't know about ipconfig, thanks. I already used the command ping /?, but it doesn't tell me what ping is used for. Can anyone give a good explanation.

Also in zonealarm, under securty and under 'local zone contents', should I have anything listed. I keep blocking my IP, is that okay?

mithrandir
09-22-2001, 01:52 AM
Can anyone give a good explanation.

See my first reply :)

mithrandir
09-22-2001, 02:05 AM
If you want to know specifically what the command from DOS does try:

http://www.aaroncity.com/text/ping.htm

Or DOS commands in general (point 9 is ping):

http://www.angelfire.com/co2/phreakers/CompMTips.html

And from ZDNet:

http://www.zdnet.com/products/stories/reviews/0,4161,2423002,00.html

hope this helps.

Witch_King
09-22-2001, 02:26 AM
Does the Internet Provider (IP) get ........ed off when you have a firewall?

mithrandir
09-22-2001, 02:30 AM
What would they care?

Witch_King
09-22-2001, 02:37 AM
I don't know, but my firewall keeps blocking my Internet Provider. Infact it blocks about 200 people per day, at least today so far. Many of those, about 10% are from my IP.

mithrandir
09-22-2001, 02:41 AM
Are you using ZoneAlarm? Then set your local settings to medim, and internet to high.

Your ISP shouldn't be blocked, but you are no doubt receiving a stray packet from their servers. I wouldn't worry about that, I get those all the time.

Witch_King
09-22-2001, 02:58 AM
Yes, I downloaded Zone Alarm today. It's great. So you just block everything? Do you examing the log much to see who is trying to get in. I'm thinking of writing a C program to check the IP's for me and report to me who's trying to get in and how often.

Betazep
09-22-2001, 03:18 AM
Don't view everything as an attack. It sometimes seems that way, but many times ZA gives you bent information.

The idea of the firewall is to make you invisible to the world. You are not supposed to exist.... it makes you a harder target.

If a person scans a block of IP adresses and yours is in that set, ZA will pick it up and let you know... but they are not trying to get in per say. They are only looking for services to exploit. Most of them are looing for the easy door. Webservers on port 80, ftp, telnet. If they don't even get a reply back from your computer... they pass by without a thought. That is what ZA does for you. Still you can give your IP away through other means... (like coming here for example or signing up for one of my contests) Then your existence is known... but there is a way around that too...

Look into "A4 Proxy" If you truly want to not exist... A4 Proxy, ZA, and a hardware router like NETGEAR. That is about all you need to make even a network in your house invisible.

I used to be really into being hidden. Now I just don't give a crap. I run a triple boot entry computer and could care less if I lose a leg of it because I have daily backups and other computers on the network. Format C... reinstall.

p.s. You might be seeing a lot of traffic because you have a trojan. Close all internet software programs (Browser etc) and run "netstat" from the command line. If you are connected... be concerned...)

Witch_King
09-22-2001, 03:22 AM
What is 'netstat'? Also why is Port 80 volnerable?

Witch_King
09-22-2001, 03:23 AM
Should I post the info that I got when I ran netstat?

Fordy
09-22-2001, 03:27 AM
Port 80 is your HTTP Port

Witch_King
09-22-2001, 03:29 AM
Okay say you know of someone who has apachi running on port 80. Is he vulnerable?

Witch_King
09-22-2001, 03:35 AM
When I use netstat it gives me information but how do I know if that information is bad? What should I look for?

rick barclay
09-22-2001, 05:52 AM
when you ping an ip, you are simply checking to see if anyone
is currently online using that ip. It's like making a phone call.

Ping will send a certain number of dummy data packets to the
ip number you tell it to ping and then wait for a reply. If the ping
is successful then somebody's at the other end. If no answer,
then nobody's home.

A network guy once told me that once he finds a rogue hacker
scanning him, then he (the network guy) will turn around and
ping the rogue to death. I don't know why, except maybe to
annoy the guy if he's even listening. I don't know. I'm still
trying to figure it all out.

There are many packet sniffers and network scanners available.
Some are ridiculously expensive. My favorite it Netscan Tools Pro.

There's also a program that will graphically traceroute an ip. I forget its name right now. I've used it a couple of times. I traced
one guy scanning me all the way back to Great Britain. Most
trace routes seem to end at the main routing or backbone
cities, like Atlanta, etc.

It's very interesting--for about an hour.

rick barclay

Fordy
09-22-2001, 07:14 AM
>>There's also a program that will graphically traceroute an ip. I forget its name right now


I think its NeoTrace

iain
09-22-2001, 07:57 AM
Open up MSDOS prompt and type:

ping -h


This will give you a list of switches you can use like specify packet size, number of pings, ttl etc..

no-one
09-22-2001, 10:29 AM
actually i had zone alarm i got about a few thousand+ hits one day it kinda worried me till i realized it was for ther previous day where i had left Limewire on all night and 15,000+ people tried to get an episode of Co... um well lets just say a very popular series i had mistakenly left in my shared folder.

Moral:
if you use file sharing programs your gonna get hammered with reconnects.

just look for the asses that hammer you all day on every port, i had two of those dumasses in the same day.

Betazep
09-22-2001, 10:40 AM
>>There's also a program that will graphically traceroute an ip. I forget its name right now

VisRoute

Ping of Death doesn't really work anymore unless the person is running an older version of WIN95 or WIN 3.X.

Increasing the packet size is an interesting thing, but you really can't get the packet large enough with "ping" (the prog) to do much interference in todays cable modem world. (Now twenty people pinging the max size can tend to bog users down, but is quite temporary and worthless.) Plus, doing this causes unneccessary traffic through all of the boxes that you encounter before the computer you are pinging.

Witch_King

CLOSE_WAIT is ok most of the time. It means that you were doing something with that particular protocol on that particular port to that particular port.... but you are no longer doing anything and your computer is waiting to see if you are going to reconnect.

ESTABLISHED means you are currently receiving/transmitting data from a particular source. This can be bad if you have everything closed down. It can mean you have a trojan that is making you bleed access onto the net.


PORT 80 is the standard port for HTTP web applications and web servers. You will see port 8080 used on your machine for web requests. A web server is only vulnerable if the person running it allows it to be. EVERYTHING has exploits... even APACHE. Doesn't mean that your friend's Apache is unsecure tho...

HERE IS A SIMPLE DEMO FOR SECURITY

I noticed that I was being hit considerably by a certain computer on a UDP protocol. UDP is a standard much like TCP but it is fire and forget instead of ACK/NACK. I got the IP of the user attacking me and did a ping to see if he was still on. I got a reply from his computer, so I knew he existed. I then did a tracert to see where he was hitting me from. This gave me his ISP information. WIth this information I got the ISPs abuse email address and telephone numbers to call the person that registered the first outgoing server with INTERNIC. I continued to find more information by scanning his box. He was wide open. Several ports were soliciting connections. I found a telnet port and telnetted into it. There was no welcome message, but it did connect. I typed WHO and hit enter. I got the name of the server (a UNIX box) and an email of the person that owns it. Perfect! I emailed the guy letting him know that there were UDP attacks coming from his box. He replied within the hour and stated that his box was compromised and that he unplugged it from the net until he could figure out how to set it up more securely. Sure enough, the attacks stopped.... I was happy. A week later I received an email from my ISP stating that I was using there service improperly by scanning other computers and I need to stop immediately. I shrugged... and went on with my day. The end...

~Betazep

Witch_King
09-22-2001, 11:06 AM
Ocassionaly there is an established http when I run netstat. What can I do about it? Can I kill the process?

The tracert only returns me the IP after 19 hops.

Witch_King
09-22-2001, 11:12 AM
Shame on me, that IP is cprogramming.com!!! If you type in ping www.cprogramming.com you get the IP but if you ping the IP with the -a switch you don't get the URL.

Witch_King
09-22-2001, 11:13 AM
Also what about the LISTENING state? You didn't mention that. Is this okay? I think I'm going to get a book on TCP/IP. Would this be a good choice? I don't know anything about this stuff.

Witch_King
09-22-2001, 11:17 AM
I guess we can say that cprogramming is from Europe.

Unregistered
09-22-2001, 02:57 PM
Originally posted by Fordy
>>There's also a program that will graphically traceroute an ip. I forget its name right now


I think its NeoTrace

That sounds like it. At least I've heard the name before.

rb

mithrandir
09-22-2001, 06:35 PM
>The tracert only returns me the IP after 19 hops.

That's a pretty slow return, tracert should return at 14 hops at worst.

I will put what each port number represents on my website if anyone is interested.

mithrandir
09-22-2001, 06:55 PM
Better yet go here (http://www.good-stuff.co.uk/useful/portfull.html).

-KEN-
09-22-2001, 07:51 PM
>>A network guy once told me that once he finds a rogue hacker
scanning him, then he (the network guy) will turn around and
ping the rogue to death. <<

I do that, too! Either that or I do a nice, quick portscan (with Blue's portscanner - the fastest I've used). If the person at least has a firewall, it should alert the the rogue/attacker/whatever that he's messing with the wrong person. Have you ever looked at your firewall after a portscan? It's scary.

Ok, LISTENING state could be either fine or bad. It means that your computer is waiting for a connection to that port, which could be a trojan server. I doubt it though. I was just teaching my friend some of this stuff yesterday. He was all "Yeah, let's hack someone and bring down yahoo!" and I laughed hysterically. All I had taught him was how to ping, tracert, and telnet. Which, given the right computer, IS enough to "hack" it, but I doubt any computer is THAT vulnerable.

On this topic, does anyone know any good books on network security etc? I don't care if it's a book on hacking or cracking, either. I really wanna get into network security. All I have right now is a book on the TCP/IP protocol.

the funniest thing is that it's not too hard to do something like mess with a website, but I'm too much of a scaredy-cat to even try it out. Maybe if I got permission from my friend? (he has his own site) but then would his host be mad at me? hmmm...

mithrandir
09-22-2001, 08:02 PM
>All I have right now is a book on the TCP/IP protocol.

Try looking for something by Cisco.

Don't waste your time with "hacking" books - as the saying goes "a magician never reveals his secrets".

no-one
09-22-2001, 08:07 PM
>ll I had taught him was how to ping, tracert, and telnet. Which, given the right computer, IS enough to "hack" it, but I doubt any computer is THAT vulnerable. <

I can in fact actually hack a Win2k box with a comand promt using only what comes with winndows that is and an ip, that is if hes a complete newb when it comes to security. and a lot of people don't know about this though anyone pro/knowlegable will shut it down immediatly.

mithrandir
09-22-2001, 08:21 PM
http://www.happyhacker.org/gtmhh/begin11.shtml

This has some pretty general information on telnet if anyone is intersted.

no-one
09-22-2001, 08:26 PM
atually i can do it without using telnet...

-KEN-
09-22-2001, 08:29 PM
Are you talking about exploits in the server? That's fairly simple...buffer overflow, anyone? :D

anyone know where there's enough info that I could learn to play a game of virtual capture-the-flag with someone else? (IE putting a text file on their desktop saying "I Got the flag!") I've been trying to figure out that for so long, but it seems that if a person has file sharing disabled, it's impossible.

Yeah, I figured "hacker" books would be no good. Network security books it is. I'll take that author's name into consideration, thanks.

mithrandir
09-22-2001, 08:31 PM
>I'll take that author's name into consideration, thanks.

Cisco as in the mulit-billion dollar company Cisco is what I meant.

no-one
09-22-2001, 08:32 PM
>Are you talking about exploits in the server? That's fairly simple...buffer overflow, anyone? <

nope even simpler than that.