0

I was testing out icmp time stamp response on one of my servers using ping and hping3.

Here is result of hping3

# hping3 --icmp-ts x.x.x.x
HPING  x.x.x.x: icmp mode set, 28 headers + 0 data bytes
len=40 ip=x.x.x.x ttl=56 id=45158 icmp_seq=0 rtt=7.2 ms
ICMP timestamp: Originate=41509629 Receive=12709214 Transmit=12709214
ICMP timestamp RTT tsrtt=7

len=40 ip=x.x.x.x ttl=56 id=45159 icmp_seq=1 rtt=6.6 ms
ICMP timestamp: Originate=41510629 Receive=12710214 Transmit=12710214
ICMP timestamp RTT tsrtt=6

and results from ping with the -T tsandaddr option:

# ping -T tsandaddr x.x.x.x
PING  (x.x.x.x) 56(124) bytes of data.

It doesn't return any results.

May I know which is more accurate? hping3 manage to receive a response. Also, when doing a normal ping to my server, the behavior is Port unreachable :

# ping x.x.x.x
PING x.x.x.x 56(84) bytes of data.
From x.x.x.x icmp_seq=1 Destination Port Unreachable
...

since it's unreachable, why did hping3 receive a response? Or am i interpreting the output of hping3 wrongly?

I am doing this test on linux thanks

Pang Ser Lark
  • 135
  • 6
  • 1
    This is in no way an InfoSec question. – schroeder Apr 25 '15 at 03:51
  • 1
    If you want to understand what may be different, capture the packets from your machine when you run the 2 tests and see how the 2 programs send their traffic. – schroeder Apr 25 '15 at 03:53
  • Thanks but why not? this is under pen testing topic which is also infosec –  Apr 25 '15 at 03:53
  • 2
    Nothing about your tests have anything to do with pentesting. This is a networking question that might be useful when pentesting. – schroeder Apr 25 '15 at 03:54

0 Answers0