A new version of Nmap and its associated tools was just recently released. Included within that suite is the NPing tool. NPing is a packet generator, and ping utility with a great deal of versatility. The feature I want to discuss today is the new Echo Mode released with Nping 0.5.50. The changelog gives a great description of the change:
[Nping] Added echo mode, a novel technique for discovering how your packets are changed (or dropped) in transit between the host they originated and a target machine. It can detect network address translation, packet filtering, routing anomalies, and more.
Nmap provides us all with a public target to test this one. The command I used was:
nping --echo-client "public" echo.nmap.orgThe result of the is seen here:
SENT (1.4533s) ICMP 192.168.0.74 > 74.207.244.221 Echo request (type=8/code=0) ttl=64 id=24665 iplen=28CAPT (1.5589s) ICMP 71.37.173.244 > 74.207.244.221 Echo request (type=8/code=0) ttl=56 id=24665 iplen=28RCVD (1.6547s) ICMP 74.207.244.221 > 192.168.0.74 Echo reply (type=0/code=0) ttl=56 id=30077 iplen=28
On line one you see the IP address of my machine as it is traveling out of my network towards the target. On line two, you can see the the CAPT (captured) packet shows a different IP address now being the source of our ping. This clearly shows how NAT is being implemented by my network.
Read more about nping’s echo-client mode here.
