CEH Scanning Methodology - Check for Live Systems
Checking for Live Systems - ICMP Scanning (重要)
- Ping scan involves sending ICMP ECHO requests to a host. If the host is live, it will return an ICMP ECHO reply.
- This scan is useful for locating active devices or determining if ICMP is passing through a firewall.
Ping Sweep
- Ping sweep is used to determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts. If a host is live, it will return an ICMP ECHO reply.
- Attackers calculate subnet masks using Subnet Mask Calculators to identify the number of hosts present in the subnet.
- Attackers then use ping sweep to create an inventory of live systems in the subnet.
| Type | Name | 意思 |
|---|---|---|
| 0 | Echo Reply | 是一個回應訊息 |
| 3 | Destination Unreachable | 表示目的地不可到達 |
| 8 | Echo | 請求回應訊息 |
| 11 | Time Exeeded for a Datagram | 當資料封包在某些路由現象中逾時﹐告知來源該封包已被忽略忽略。 |
在 ICMP 使用中﹐不同的類別會以不同的代碼來描述具體的狀況。以 Type 3 ( Distination Unreachable ) 為例,其下的代碼(code)如下所列:
- 0: Network Unreachable
- 1: Host Unreachable
- 2: Protocol Unreachable
- 3: Port Unreachable
- 9: Communication with Destination Network is Administratively Prohibited
- 10: Communication with Destination Host is Administratively Prohibited
- 13: Communication Administratively Prohibited (blocked)
Type 11 code:
- 0: Time to Live exceeded in Transit
- 1: Fragment Reassembly Time Exceeded
Ping Sweep Tools
- Angry IP Scanner pings each IP address to check if it's alive, then optionally resolves its hostname, determines the MAC address, scans ports, etc.
- SolarWinds Engineer Toolset's Ping Sweep enables scanning a range of IP addresses to identify which IP addresses are in use and which ones are currently free. It also performs reverse DNS lookup.