Checking for Live Systems – ICMP Scanning
- Ping scan involves sending ICMP ECHO requests to a host. If the host is live, it will return an ICMP ECHO reply.
- This scan is useful for locating active devices or determining if ICMP is passing through a firewall.
- Ping sweep is used to determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts. If a host is live, it will return an ICMP ECHO reply.
- Attackers calculate subnet masks using Subnet Mask Calculators to identify the number of hosts present in the subnet.
- Attackers then use ping sweep to create an inventory of live systems in the subnet.
||is a response message
||Indicates that the destination is unreachable
||request response message
||Time Exeeded for a Datagram
||When a data packet times oout in some routing phenomenon inform the source that the packet has been ignored
In ICMP usage, different categories use different codes to describe specific conditions. Take Type 3 ( Distination Unreachable ) as an example, the code under it is as follows:
- 0: Network Unreachable
- 1: Host Unreachable
- 2: Protocol Unreachable
- 3: Port Unreachable
- 9: Communication with Destination Network is Administratively Prohibited
- 10: Communication with Destination Host is Administratively Prohibited
- 13: Communication Administratively Prohibited (blocked)
Type 11 code:
- 0: Time to Live exceeded in Transit
- 1: Fragment Reassembly Time Exceeded
- Angry IP Scanner pings each IP address to check if it’s alive, then optionally resolves its hostname, determines the MAC address, scans ports, etc.
- SolarWinds Engineer Toolset’s Ping Sweep enables scanning a range of IP addresses to identify which IP addresses are in use and which ones are currently free. It also performs reverse DNS lookup.