Footprinting Lab 1

jlbr included in CEH

2021-02-10 445 words 3 minutes

/ceh/footprinting/footprinting-lab1/images/featured-image.jpg

Contents

Footprinting Lab 1: whois,ping,tracert

My resume of module 02 footprinting form CEH material

Level: ultra easy

Get max Frame size

To get max frame size using ping command:

On Windows
1

> ping www.certifiedhacker.com -f -1 1500
Where:
- -f send fragmented frames
- -l buffer size

On Linux

1

$ ping www.certifiedhacker.com -s 1500

Where:

-s buffer size

for fragmented frames

On Windows is needed specify that frames are fragmented (-f)

On Linux all frames are already fragmented by default

Check host response

If the host response like a normal ping:

1
2
3
4


$ ping www.google.com -s 10
PING www.google.com (64.233.186.99) 56(84) bytes of data.
64 bytes from cb-in-f99.1e100.net (64.233.186.99): icmp_seq=1 ttl=103 time=51.9 ms
...

the host accepts the frame size (10 in the above example)

but if get no response or any other error, the host not accepts the frame size

if host not accepts frame size

In this case if needed adjust the frame size until ther host accepts the frame size

Using ping as traceroute

In a terminal

On Windows
1

> tracert www.google.com
**On Linux
1

$ traceroute www.google.com

these commands show the paths of trafic from your pc to internet

but how get the same result only using a ping command?

R: using TTL (Time To Live) parameter

On Windows
1

> ping www.google.com -i 1 -n 1
where:
- -i TTL in miliseconds
- -n number of frames tho send
**On Linux
1

$ ping www.google.com -t 3 -c 1
where:
- -t TTL in miliseconds
- -c stop after n replies

Get Paths

Specifing the TTL parameter, the response show a diferent ip like this:

1
2
3
4
5
6


$ ping www.google.com -t 3 -c 1 
PING www.google.com (64.233.186.106) 56(84) bytes of data.
From _gateway (192.168.2.1) icmp_seq=1 Time to live exceeded

--- www.google.com ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

in this case i get 192.168.2.1 (my home gw)

Now with TTL to 3:

1
2
3
4
5
6


$ ping www.google.com -t 3 -c 1 
PING www.google.com (64.233.186.105) 56(84) bytes of data.
From 10.11.254.113 (10.11.254.113) icmp_seq=1 Time to live exceeded

--- www.google.com ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

i get 10.11.254.113, simply increasing TTL your get a diferent ip until get the final ip 64.233.186.105

this is a very easy technique to get paths like traceroute or tracert

Nslookup

This tool is used to check DNS records for solve problems, to get ip addres associated to an URL:

On Windows
1

> nslookup google.com
**On Linux
1

$ nslookup www.google.com

to get more detailled info about this command check here