Ping Tracert'ing to a certain port

TinCool

Is it possible to run a ping, pathping or a tracert command to a certain port of an IP or DNS Name ? ie. if you wanted to ping the SSL port of a url or IP, would it be possible to do this ?

Kali

traceroute -p

rob1891

Nope

Ping (traceroute is a derivative of ping) uses ICMP, which is a protocol below the TCP or UDP. ICMP is a part of IP on the network layer and TCP and UDP are on the transport layer.

Anyway, ICMP does not use ports like TCP/UDP so you cannot ping a specfic port. I guess you could say ICMP is not aware of the existance of things like ports (though I just read in the treaceroute man pages that it uses UDP fr something, now I am confused ... well I don't care, you still can't ping/traceroute a port)

You could create a socket to the machine on a specific port to determine if something is running on that port, or use a port scanner. I hope you aren't planning on any naughtiness

rob

(if you dont get any of the layer stuff then you need to read up on networking or ask someone else to explain it to you :P)

rob1891

Originally posted by Kali
traceroute -p

Are you sure about this, the man pages say:

-p port
Set the base UDP port number used in probes.The
default is 33434. traceroute hopes that nothing
is listening on UDP ports (base+(nhops-
1)*nqueries) to (base+(nhops*nqueries)-1)at the
destination host, so that an ICMP (ICMP6)

SunOS 5.9 Last change: 27 Oct 1999 4

System Administration Commands traceroute(1M)

PORT_UNREACHABLE message will be returned to
terminate the route tracing. If something is
listening on a port in the default range, this
option can be used to select an unused port
range. nhops is defined as the number of hops
between the source and the destination.

This what I didn't quite understand, why ICMP uses UDP, a layer above it. I think ICMP is a bit weird Anyway, the -p option only lets you tell traceroute to avoid ports that there are services running on.

rob
<edit>fix formatting</edit>

Gavin

to the first poster. The answer is no.
You are trying to use a ICMP packet to connect to a daemon running on a port. ICMP knows nothing about the various other services so can't report on them.

if you want to test it, telnetting to the port is the best bet.

As for rob, unix traceroute uses UDP. The program itself uses it, ICMP doesn't use UDP.

Gav

glimmerman

traceroute sends udp packets to a hopefully unused port on the destination host, with varying ttl's (so as to track progress through routers I guess), looking for an icmp port unreachable message to come back, indicating it has reached the destination.

Kali

Originally posted by rob1891
Originally posted by Kali
traceroute -p

Are you sure about this, the man pages say:
This what I didn't quite understand, why ICMP uses UDP, a layer above it. I think ICMP is a bit weird Anyway, the -p option only lets you tell traceroute to avoid ports that there are services running on.

oh dear i really should read the post rather than just the topic before i reply.
traceroute -p will just set a starting destination port and as already mentioned works on the fact that the destination port doesn't accept UDP packets so is useless for whats needed (traceroute can use ICMP btw so rob isnt way off)

anyway back to the original post.. what exactly do you want to find out?
is a certain port alive?
what services are on a particular port?
where a particular port is being forwarded to?
download any decent port scanner and they'll tell you the first two anyway...

TinCool

All I want to find out is whether a certain port of an IP is active ie. accepting connections. I don't want to go down the road of port scanning, just a simple dos command would've been nice.

rob1891

port scanning has a bit of a bad vibe, doesn't it. There is a very useful network admin tool called nmap. Primarily for unix, but I'm sure I saw a windows command line + gui version earlier today.

You could write something short in perl or C or java or ... to open a socket and report success or failure, so this app is a little overkill if you are just seeing what's alive on a single port, but it does so many things and is quite smart and cool get it anyway

Download the command line only here (very small):

http://download.insecure.org/nmap/dist/nmap-3.00-win32.zip

If it doesn't work follow the instructions on this page (I didn't follow them and it worked, so perhaps they are unnecessary on win2000):

http://www.insecure.org/nmap/nmap_download.html

I got it scanning a single port thus:

H:\nmap-3.00>nmap -p 80-80 www.iol.ie

Starting nmap V. 3.00 ( www.insecure.org/nmap )
Interesting ports on ostrich.esatclear.ie (194.145.128.36):
Port State Service
80/tcp open http

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

Rob!

(sorry, I'm assuming your on windows cause you've got tracert)

TinCool

Yes, assumed right I'm using Windows. Thanks for your suggestions. I will take a look at that nmap tool.

Hobbes

Originally posted by rob1891
port scanning has a bit of a bad vibe, doesn't it.

Indeed. If you are doing this in work I would check with IS if you are not doing it to your own machines. In a lot of companies running that sort of program will get you into serious trouble if you don't have permission to do it.