new icmpping versus regular Windows ping ?

Hi ! Apologies for my question not directly related to Port Explorer, but, I downloaded an ICMP "ping" utility for windows according to a recommendation of these forums recently and have been using it. I reckon you DiamondCS folk and fans are very helpful and kind to newbies...

My question is how exactly does it differ from the version of "ping" built-in to Windows ? Both use ICMP (AFAIU), maybe different ICMP service numbers ?

The external ping utility does work in cases where the regular windows one doesn't, and in some cases it's the opposite. I'd like to grasp what each do differently... Please someone explain this to me !


TIA

--
Czerno

 

Hi Czerno, As this is not a Port Explorer support issue. I have moved the thread to a more appropriate forum where it should get more attention.

Than you. Pilli

 

What ICMP ping utility are you using? Are you a hacker trying to send unsolicited ICMP pings to other people's computers? If you ICMP ping me, I've got a powerful firewall here to block you out.
What are you using that ICMP ping utility for anyway, hacker guy?

 

If both use ICMP then there is no difference - ICMP Pings use the Echo Request and Echo Return types which are defined in RFC 792.

What do you mean by "doesn't work"? Does it time out, give an "Unknown host" message (only applicable to domain names, not IP addresses) or something else?

 

There are many legitimate uses for ping utilities. I use PingPlotter to check latency and packet loss when my broadband connection seems slow or I think there is a problem with my current DNS servers.

Nick

 

Here's a page you may find legitimate Czerno....http://users.pandora.be/educypedia/computer/internettcpip.htm.

BTW Nick, that looks a rather useful tool.


GF

 

i just downloaded, but havent installed Tesseract from http://www.snapfiles.com/get/tesseract.html
is pingplotter a better option? thanks

 

The developer of Tesseract wrote many nice apps. I used that one a long time ago. PingPlotter is popular at my ISP's forum at DSLReports.

Nick

 

thanks, Nick. i'll have alook at the link.

 

Thank you, Paranoid ! Yes both the downloaded ping utility & the proggie built-in Windows bith use ICMP, however that does not mean they use the same ICMP service types. They definitely do not work the same on (moderately complex) combination of LAN/WAN, and furthermore one tends to give results when the other fails en-route, and vice versa.

What you are saying re. ICMP echo request/return, is that what the built-in windows 2000 "ping" uses ? I'm sure I read that Windows pings differently from Unix...

I wish I could provide a link to the external ping program I am referring to, unfortunately I did not record the source URL - I found it advertised on these fora however. AFAIU this "icmpping" makes use of the Windows "icmp.dll" , whereas the builtin "ping" does not... It might also use other ICMP service type requests than the other ping.

Cheers

--
Czerno

 

Edit : am I stupid!!! This identifies itself as :

"DiamondCS ICMP Ping v1.0 (www.diamondcs.com.au)"

--
Czerno

 

There's not much scope for using other ICMP types aside from Echo Request/Replys. However some "Ping" utilities (like HPing) do offer the option of crafted TCP/UDP packets so it is quite likely that your other Ping utility is using these instead.

Ping is a standard mechanism and should vary little (if at all) from OS to OS. Traceroute/tracert is another matter - Windows and Unix do implement this differently.

Icmp.dll allows programs to create their own packets, bypassing Windows' TCP/IP stack (so it could be used to create abnormal packets for testing, for example). It is not restricted to the ICMP protocol despite its name AFAIK.

 

All right guys, what's the difference between a Traceroute and a normal ICMP ping?
They say ICMP ping attacks always come from port 8. But these days I've been getting some weird traceroutes coming from port 11 from China, I wonder if this is some sort of hacking attempt or new trojan?
Traceroutes are also called ICMP in my firewall.

Here's an example of one of those traceroute packets from China:
Type: 11 ( Time-to-live exceeded from router)


What are these Traceroutes?

 

Traceroute sends ICMP packets to from point A to point B across a network or the internet(example- your computer to www.wilders.org) to trace the path data takes to reach the destination. The computer sends out an ICMP packet with a time to live set at 0 so it expires upon receipt. The first router in route of the destination replys back with an ICMP Time Exceeded message. The time taken to complete this back & forth communication lets the computer know the distance between itself and the first router hop in the route. The TTL is incremented enough to be passed on to the second router in the route & then the third, ect...

Type 11 ICMP packets (different than port 11) are the Time Exceeded messages your router would send out if someone did a traceroute to your router's IP address.
Normally these packets are harmless but traceroute can be used in flooding attacks that could cause a Windows box to completely freeze up.

Bored to death yet?

 

i havent re-read this, so it might be alittle off topic, but nadirah, you may find it useful. http://www.karenware.com/current.asp

here's another page i got from GF
http://users.pandora.be/educypedia/computer/internettcpip.htm

here's a great site i got from a P2K link
http://www.faqs.org/faqs/

 

"I'm always interested Mr P." I did notice that tool a while back looking for a utility to experiment with,
it may have been at SnapFiles. Nice of you to provide one that's both free and compatible with most window versions.
SoftPerfect Network Scanner homepage....http://www.softperfect.com/products/networkscanner/.

One that looks similair, located on your following link but function limited by the new sp2 is SuperScan v4.0.
Several other programs written by Robin Keir (listed at the bottom) have found a new home there.
Foundstone offer's a few other nice utilities I noticed too....knew about these BTW.

Now I'm not gonna b able to keep up with all these cool utilities you keep dropping on the forum Mr.P,
but I ran across this link which I haven't had the time to fully check out....maybe some more helpful tools?
http://www.cerias.purdue.edu/tools_and_resources/hotlist/details.php?id=22.

I'll keep my eye's open n thanks!

GF