ping:check_whether_a_host_is_alive_with_tcp
Differences
This shows you the differences between two versions of the page.
| ping:check_whether_a_host_is_alive_with_tcp [2016/11/21 01:38] – created peter | ping:check_whether_a_host_is_alive_with_tcp [2019/12/01 22:21] (current) – removed peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Ping - Check whether a host is alive with TCP ====== | ||
| - | |||
| - | TCP can be used to check the host's presence without using an ICMP ping. This can be done, using multiple tools, We will see them one by one. | ||
| - | |||
| - | ===== Using hping ===== | ||
| - | |||
| - | **Hping** is a very big tool out which can be used to send custom TCP packets to remote host with desired flags to analyse the reply. | ||
| - | |||
| - | So now lets check the host's presence with the help of TCP and hping. | ||
| - | <code bash> | ||
| - | hping -S -p 80 192.168.0.103 | ||
| - | </ | ||
| - | |||
| - | Result | ||
| - | |||
| - | < | ||
| - | HPING 192.168.0.103 (eth0 192.168.0.103): | ||
| - | len=46 ip=192.168.0.103 ttl=64 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.8 ms | ||
| - | len=46 ip=192.168.0.103 ttl=64 DF id=0 sport=80 flags=SA seq=1 win=5840 rtt=1.5 ms | ||
| - | len=46 ip=192.168.0.103 ttl=64 DF id=0 sport=80 flags=SA seq=2 win=5840 rtt=2.2 ms | ||
| - | len=46 ip=192.168.0.103 ttl=64 DF id=0 sport=80 flags=SA seq=3 win=5840 rtt=1.2 ms | ||
| - | </ | ||
| - | |||
| - | Let's have a look at the tcpdump output at the host with PING disabled. | ||
| - | |||
| - | <code bash> | ||
| - | tcpdump -i eth0 -s0 host 192.168.0.102 | ||
| - | </ | ||
| - | |||
| - | Result | ||
| - | |||
| - | < | ||
| - | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
| - | listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes | ||
| - | 03: | ||
| - | 03: | ||
| - | 03: | ||
| - | 03: | ||
| - | 03: | ||
| - | 03: | ||
| - | </ | ||
| - | |||
| - | If you observe the TCPDUMP output, you will be able to see that, a SYN request (shown with " | ||
| - | |||
| - | Hping is sending a reset packet just after the syn, as it does not need the connection to be fully established. | ||
| - | |||
| - | |||
| - | ===== Using tcping ===== | ||
| - | |||
| - | Another utility that can be used to check the presence of the host, when ping is disabled is tcping. | ||
| - | |||
| - | Lets see its usage. | ||
| - | |||
| - | <code bash> | ||
| - | tcping 192.168.0.103 80 | ||
| - | </ | ||
| - | |||
| - | Result | ||
| - | |||
| - | < | ||
| - | 192.168.0.103 port 80 open. | ||
| - | </ | ||
| - | |||
| - | |||
| - | ===== Using nmap ===== | ||
| - | |||
| - | The famous NMAP tool can also be used to check the host aliveness by using TCP. NMAP does this by simply sending a TCP ACK packet to the host(For which a RST packet will be send back by the remote host). | ||
| - | |||
| - | * **-PT** option in NMAP can be used for TCP PING. An ACK packet is send to 80 port by default when -PT flag is used with NMAP. | ||
| - | |||
| - | <code bash> | ||
| - | nmap -PT 192.168.0.103 | ||
| - | </ | ||
| - | |||
| - | Result | ||
| - | |||
| - | < | ||
| - | Starting Nmap 4.85BETA5 ( http:// | ||
| - | Interesting ports on 192.168.0.103: | ||
| - | Not shown: 995 closed ports | ||
| - | PORT STATE SERVICE | ||
| - | 22/ | ||
| - | 25/ | ||
| - | 80/ | ||
| - | 111/tcp open rpcbind | ||
| - | 443/tcp open https | ||
| - | MAC Address: 08: | ||
| - | Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds | ||
| - | </ | ||
| - | |||
| - | If you want to specify a particular port with -PT option for tcp ping, then you can do that as shown below. | ||
| - | |||
| - | <code bash> | ||
| - | nmap -PT443 192.168.0.103 | ||
| - | </ | ||
| - | |||
| - | Result | ||
| - | |||
| - | < | ||
| - | Starting Nmap 4.85BETA5 ( http:// | ||
| - | Interesting ports on 192.168.0.103: | ||
| - | Not shown: 995 closed ports | ||
| - | PORT STATE SERVICE | ||
| - | 22/ | ||
| - | 25/ | ||
| - | 80/ | ||
| - | 111/tcp open rpcbind | ||
| - | 443/tcp open https | ||
| - | </ | ||
ping/check_whether_a_host_is_alive_with_tcp.1479692316.txt.gz · Last modified: 2020/07/15 09:30 (external edit)