Send an ARP request manually from Windows - command-line

I'm training myself on network scanning and i'm focusing on how to identify a sniffer on my net.
Searching on the web, i find that a possible way is the ARP method: i must send an ARP request to a suspect no broadcast IP to check if it's in promiscuous mode.
My doubt is: if my pc is a Windows 7 machine, is there a way to send manually an ARP resuest? Possibly from command line?

You can use tools like nmap.
nmap -sP -PR <IP address/subnet>
For windows you can use the GUI version of nmap - zenmap.

You can use this version of arping for Windows. If you want an already compiled executable you can find it Here (under the "examples" folder).
Usage:
Arping.exe -i <IP_ADDRESS_OF_YOUR_INTERFACE> -T <TARGET_IP_ADDRESS>

another simple way:
ping TARGET_IP_ADDRESS
then
arp -a
the TARGET_IP_ADDRESS shall be shown as type dynamic.

Related

What does the -P0 option do when using nmap?

I'm trying to understand the basics of nmap and its functionality. I am using wireshark to check the network flow. I have a question regarding the following option.
What is the difference between the following commands. Is it recommended to use the -P0 option or not?
nmap -p113 scanme.nmap.org
nmap -p113 -P0 scanme.nmap.org
I have been trying to find what the -P0 option does but i can't find it in any nmap options cheat sheet.
From the nmap manual we learn:
In previous versions of Nmap, -Pn was -P0. and -PN..
Therefore, -P0 is now -Pn.
Now what is -Pn?
This option skips the Nmap discovery stage altogether. Normally, Nmap uses this stage to determine active machines for heavier scanning. By default, Nmap only performs heavy probing such as port scans, version detection, or OS detection against hosts that are found to be up. Disabling host discovery with -Pn causes Nmap to attempt the requested scanning functions against every target IP address specified. [...]

After running "opkg install tcpdump" on tp-link router flashed OpenWrt successfully, the tcpdump command doesn't work

I am doing a wireless experiment which used a tp-link router WR1043ND flashed OpenWrt system. Because I need to catch packages through the router, I need to install the tcpdump software.
I just used the command "opkg install tcpdump" to install it, and the terminal showed installation successful.
But when I entered "tcpdump" command, I got a failure prompt which showed that
-ash: tcpdump: not found
So I try to know whether the tcpdump was installed. I entered as following:
opkg list | grep tcpdump
the result after filter showing:
openvswitch-ovs-tcpdump - 2.8.1-1 - Dump traffic from an Open vSwitch port using tcpdump
openvswitch-ovs-tcpundump - 2.8.1-1 - Convert ``tcpdump -xx`` output to hex strings
pcapsipdump - 0.2-1 - pcapsipdump is a tool for dumping SIP sessions (+RTP traffic, if available) to disk in a fashion similar to "tcpdump -w" (format is exactly the same), but one file per sip session (even if there is thousands of concurrect SIP sessions).
tcpdump - 4.9.2-1 - Network monitoring and data acquisition tool
tcpdump-mini - 4.9.2-1 - Network monitoring and data acquisition tool (minimal version)
tcpreplay - 4.2.5-1 - tcpreplay is a tool for replaying network traffic from files saved with tcpdump or other tools which write pcap(3) files.
Obviously, the installation was successful.
I really hope somebody can help me handle this question, thanks!

Send message to specific Port (2000) in command line

i wanted to send a mensgem from my computer to the Port 2000 through my computer on my command line !?!
Someone help me ?
Thanks a lot !
In order to send a message you first must understand in what language is the port 2000 speaking and who you want to send a message.
First you should know with who you wanna speak (The IP address of the machine)
Second you should know if this machine will able to hear you (Is the port 2000 open?)
Third you should know what "language" is the port 2000 hearing (The protocol of the open port)
First scan it with nmap to check if the port is open (-p 2000) and what software it's running (-sV), then send a packet with netcat ("nc IP 2000" and then send the content).
That's all i can help you with the information you provided.
Regards
If by "command-line" you mean a unix-like system, then nc (short for netcat, sometimes also present under its full name netcat) is your friend. If you specifically meant the Windows command-line then there's the option of installing netcat as part of http://cygwin.com , or there's a port of nc to Windows as part of this project: http://www.brutman.com/mTCP/
You could also consider downloading PuTTY (or some other telnet client) since that's also a potentially good way of connecting to a port and typing arbitrary text at it.

How to capture packets in localhost between two ports

I have two applications communicating on same machine (localhost) using socket. If application are on different machine I can use Wireshark. But how to capture packets on same machine.
I do not know on which port number application are communicating. Because I am using library calls and do not know lower level details.
We are having our application on Ubuntu and Windows XP.
On Linux you can use netstat to determine the ports that your application are using. Then you can use Wireshark to capture on the loopback interface (just enter your own IP address if 127.0.0.1 dont work).
Refer to: https://stackoverflow.com/questions/1566234/ for capturing on Windows.

How to check if inbound port is in use

I'm developing Firefox addon that communicate with external program by sockets. This program create local socket server on specified port when this addon need it. I would like to ckeck from this addon whether this application has opened this port already.
On Win7 when server isn't created yet I receive in socket created by addon NS_ERROR_CONNECTION_REFUSED in nsIRequestObserver::onStopRequest but if I can feel certain port isn't open when I receive this error?
You try to connect and see if the connection succeeds.
If it doesn't, then the port is not reachable (open).
That's the most obvious and easiest answer.
Other low-level solutions would require polling the OS itself somehow. That would be cross platform specific (so you'd need to write an implementation per platform) and also there is no API readily available so you'd have to mess around with C/C++ or at least js-ctypes, or hack together some ugly "execute this program and check output" stuff. All of which doesn't worth the fuzz.
If you want to find out which "inbound ports" are in use in windows you can use cmd,
if you don't know how to open cmd - open the run dialog by pressing windows-key+r. type cmd and hit enter
type netstat -a and hit enter and it will list all "listening" ports.
more info - http://www.techrepublic.com/blog/it-security/list-open-ports-and-listening-services/