Ground Zero wrote: > Cum pot sa-mi dau seama daca un host e pe Internet daca nu are porturi > deschise (sau nu le stiu eu, sau nu se vad de la mine) si blocheaza > ping? M-am gindit la nmap sau traceroute dar si astea se bazeaza pe > porturi. Exista ceva de TCP, UDP sau ICMP care sa-i tradeze prezenta pe > net oricind? Se pp. ca stiu IP-ul.
Dupa cum se vede mai jos, un host care are o stiva TCP/IP functionala, nu asculta pe nici un port si blocheaza ICMP, raspunde unui pachet TCP(SYN) cu un pachet TCP(RST, ACK). Destul ca sa-i tradeze prezenta. # hping 192.168.0.99 -p 1234 -S HPING 192.168.0.99 (eth0 192.168.0.99): S set, 40 headers + 0 data bytes len=46 ip=192.168.0.99 ttl=64 DF id=0 sport=1234 flags=RA seq=0 win=0 rtt=0.3 ms len=46 ip=192.168.0.99 ttl=64 DF id=0 sport=1234 flags=RA seq=1 win=0 rtt=0.3 ms len=46 ip=192.168.0.99 ttl=64 DF id=0 sport=1234 flags=RA seq=2 win=0 rtt=0.2 ms len=46 ip=192.168.0.99 ttl=64 DF id=0 sport=1234 flags=RA seq=3 win=0 rtt=0.4 ms # tcpdump src 192.168.0.99 and tcp tcpdump: listening on eth0 17:23:07.613439 192.168.0.99.1234 > 192.168.0.98.2879: R 0:0(0) ack 1403965937 w in 0 (DF) 17:23:08.604427 192.168.0.99.1234 > 192.168.0.98.2880: R 0:0(0) ack 1384301775 w in 0 (DF) 17:23:09.604416 192.168.0.99.1234 > 192.168.0.98.2881: R 0:0(0) ack 310312926 wi n 0 (DF) 17:23:22.570019 192.168.0.99.1234 > 192.168.0.98.2803: R 0:0(0) ack 1811675540 win 0 (DF) 17:23:23.564432 192.168.0.99.1234 > 192.168.0.98.2804: R 0:0(0) ack 1390572988 win 0 (DF) 17:23:24.564406 192.168.0.99.1234 > 192.168.0.98.2805: R 0:0(0) ack 1204541547 win 0 (DF) 17:23:25.564579 192.168.0.99.1234 > 192.168.0.98.2806: R 0:0(0) ack 874591480 win 0 (DF) Grig
