I've never seen that particular idiom for sending icmp packets. The
first thing I would try for debugging this would be to fire up
wireshark and see if any packets actually hit the wire and, if they
do, see what kind they are.
Let us know how it turns out; I'm as interested in this as you are.
Thanks,
james
On Sat, Nov 8, 2008 at 6:05 PM, Bryan Richardson <[EMAIL PROTECTED]> wrote:
> So along these lines...
>
> I basically only need the ping sweep functionality of nmap at this point, so
> I was going to follow the pingecho function available in the Ruby Standard
> Library to make something similar in Metasploit. Below is the code from the
> standard library.
>
> # File ping.rb, line 44
> def pingecho(host, timeout=5, service="echo")
>
> begin
> timeout(timeout) do
> s = TCPSocket.new(host, service)
>
> s.close
> end
> rescue Errno::ECONNREFUSED
>
> return true
> rescue Timeout::Error, StandardError
>
> return false
> end
> return true
>
> end
>
> I am using the Rex TCP implementation so it can be routed via a Meterpreter
> session. However, after some testing it looks like Rex's TCP implementation
> might not handle the 'echo' service (I simply replaced the 'TCPSocket.new'
> code above with '::Rex::Socket::Tcp.create'). Does anyone know for sure?
> For example, for the 'PeerPort' option passed to Rex's TCP socket create
> method, i'm using 'PeerPort' => 'echo'. When I do this, I rescue a
> StandardError that says 'The connection was refused by the remote host
> ('192.0.1.11:0').' However, I can ping 192.0.1.11 from my machine just
> fine...
>
> Any suggestions?!
>
> --
> Thanks!
> Bryan
>
> On Sat, Nov 8, 2008 at 12:02 PM, <[EMAIL PROTECTED]> wrote:
>>
>> It is possible, kinda. Metasploit can route its traffic through a
>> meterpreter session but there is currently no way to route traffic
>> from outside tools. On my todo list is a socks proxy extension for
>> meterpreter which should make that easier for applications that
>> support tunneling through socks (web browsers are the best example
>> here). The main downside of a socks proxy is that nmap doesn't work
>> with it by default.
>>
>> egypt
>>
_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers
