Using Backtrack 4: Information Gathering: Route: protos

protos

Purpose:

From /phenoelit-us.org:

Protos is a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.

More accurately, protos reports back on *supported* protocols for a particular host or router. This information is valuable because it may indicate alternate pathways to exploit. For instance, if ICMP is blocked, meaning you can’t use ping or traceroute, you could try a tool with the same functionality that works over a different protocol, for instance arpping.

Stage:

Information Gathering

Home Page:

http://phenoelit-us.org/

Tutorial:

http://phenoelit-us.org/irpas/docu.html#protos

Protos is a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.
Usage: ./protos -i eth0 -d 10.1.2.3 -v

 -v		verbose
-V show which protocols are not supported
-u don't ping targets first
-s make the scan slow (for very remote devices)
-L show the long protocol name and it's reference (RFC)
-p x number of probes (default=5)
-S x sleeptime is x (default=1)
-a x continue scan afterwards for x seconds (default=3)
-d dest destination (IP or IP/MASK)
-i interface the eth0 stuff
-W don't scan, just print the protocol list

Normal output for a Windows host looks like this:

 10.1.1.4 may be running (did not negate):
ICMP IGMP TCP UDP

While a cisco router supports more:

 10.1.1.1 may be running (did not negate):
ICMP IPenc TCP IGP UDP GRE SWIPE MOBILE SUN-ND EIGRP IPIP