CEH Scanning Methodology - Check for Live Systems

Checking for Live Systems - ICMP Scanning (重要)

  • Ping scan involves sending ICMP ECHO requests to a host. If the host is live, it will return an ICMP ECHO reply.
  • This scan is useful for locating active devices or determining if ICMP is passing through a firewall.

Ping Sweep

  • Ping sweep is used to determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts. If a host is live, it will return an ICMP ECHO reply.
  • Attackers calculate subnet masks using Subnet Mask Calculators to identify the number of hosts present in the subnet.
  • Attackers then use ping sweep to create an inventory of live systems in the subnet.
Type Name 意思
0 Echo Reply 是一個回應訊息
3 Destination Unreachable 表示目的地不可到達
8 Echo 請求回應訊息
11 Time Exeeded for a Datagram 當資料封包在某些路由現象中逾時﹐告知來源該封包已被忽略忽略。

在 ICMP 使用中﹐不同的類別會以不同的代碼來描述具體的狀況。以 Type 3 ( Distination Unreachable ) 為例,其下的代碼(code)如下所列:

  • 0: Network Unreachable
  • 1: Host Unreachable
  • 2: Protocol Unreachable
  • 3: Port Unreachable
  • 9: Communication with Destination Network is Administratively Prohibited
  • 10: Communication with Destination Host is Administratively Prohibited
  • 13: Communication Administratively Prohibited (blocked)

Type 11 code:

  • 0: Time to Live exceeded in Transit
  • 1: Fragment Reassembly Time Exceeded

Ping Sweep Tools

  • Angry IP Scanner pings each IP address to check if it's alive, then optionally resolves its hostname, determines the MAC address, scans ports, etc.
  • SolarWinds Engineer Toolset's Ping Sweep enables scanning a range of IP addresses to identify which IP addresses are in use and which ones are currently free. It also performs reverse DNS lookup.

results matching ""

    No results matching ""