fping是一个将ICMP ECHO_REQUEST数据包发送到网络中的主机的命令。
fping[options] [systems…]
fping是一个类似ping的程序,它使用Internet控制消息协议(ICMP)回显请求来确定目标主机是否正在响应。fping与ping的不同之处在于,网络管理员可以在命令行上指定任意数量的目标,或者指定一个包含要ping的目标列表的文件。fping将发送一个ping包,并以循环方式移动到下一个目标,而不是在它超时或回复之前发送到一个目标。在默认模式下,如果一个目标回复,它将被记录下来并从要检查的目标列表中删除;如果一个目标没有在一定的时间限制和/或重试限制内响应,它被指定为不可到达。fping还支持向目标发送指定数量的ping,或者无限期循环(就像在ping中那样)。与ping不同,fping是在脚本中使用的,因此它的输出被设计为易于解析。
┌──(kali㉿kali)-[~]
└─$ fping -h
Usage: fping [options] [targets...]
Probing options:
-4, --ipv4 only ping IPv4 addresses
-6, --ipv6 only ping IPv6 addresses
-b, --size=BYTES amount of ping data to send, in bytes (default: 56)
-B, --backoff=N set exponential backoff factor to N (default: 1.5)
-c, --count=N count mode: send N pings to each target
-f, --file=FILE read list of targets from a file ( - means stdin)
-g, --generate generate target list (only if no -f specified)
(give start and end IP in the target list, or a CIDR address)
(ex. fping -g 192.168.1.0 192.168.1.255 or fping -g 192.168.1.0/24)
-H, --ttl=N set the IP TTL value (Time To Live hops)
-I, --iface=IFACE bind to a particular interface
-l, --loop loop mode: send pings forever
-m, --all use all IPs of provided hostnames (e.g. IPv4 and IPv6), use with -A
-M, --dontfrag set the Don't Fragment flag
-O, --tos=N set the type of service (tos) flag on the ICMP packets
-p, --period=MSEC interval between ping packets to one target (in ms)
(in loop and count modes, default: 1000 ms)
-r, --retry=N number of retries (default: 3)
-R, --random random packet data (to foil link data compression)
-S, --src=IP set source address
-t, --timeout=MSEC individual target initial timeout (default: 500 ms,
except with -l/-c/-C, where it's the -p period up to 2000 ms)
Output options:
-a, --alive show targets that are alive
-A, --addr show targets by address
-C, --vcount=N same as -c, report results in verbose format
-D, --timestamp print timestamp before each output line
-e, --elapsed show elapsed time on return packets
-i, --interval=MSEC interval between sending ping packets (default: 10 ms)
-n, --name show targets by name (-d is equivalent)
-N, --netdata output compatible for netdata (-l -Q are required)
-o, --outage show the accumulated outage time (lost packets * packet interval)
-q, --quiet quiet (don't show per-target/per-ping results)
-Q, --squiet=SECS same as -q, but show summary every n seconds
-s, --stats print final stats
-u, --unreach show targets that are unreachable
-v, --version show version
-x, --reachable=N shows if >=N hosts are reachable or not
┌──(kali㉿kali)-[~]
└─$ fping -h
Usage: fping [options] [targets...]
探测选项:
-4, --ipv4 只 ping IPv4 地址
-6, --ipv6 只 ping IPv6 地址
-b, --size=BYTES 自定义要发送的ping的数据包大小,以字节为单位(默认值:56)
-B, --backoff=N 设置指数补偿系数为N(默认值:1.5,范围1.0—5.0之间)
-c, --count=N 计数模式:向每个目标发送N次ping
-d, --rdns 使用DNS查找返回ping数据包的地址。这使您可以为fping提供IP地址列表作为输入,并在 输出中显示主机名。这类似于选项-n / -name,但是即使您将主机名作为目标(NAME-> IP-> NAME),也会强制执行反向DNS查找。
-f, --file=FILE 从文件中读取目标列表(-表示标准输入)
-g, --generate 生成目标IP列表 (仅当未指定-f时使用)
(给出目标列表的开始和结束IP地址,或者CIDR地址)
(例. fping -g 192.168.1.0 192.168.1.255 或 fping -g 192.168.1.0/24)
-H, --ttl=N 设置IP的TTL值(Time To Live hops:生存时间跳数)
-I, --iface=IFACE 指定特定网卡ping
-l, --loop 循环模式:一直发送ping
-m, --all 向目标主机的每一个IP地址发送ping(包括IPv4和IPv6),与-A一起使用
-M, --dontfrag 设置IP标头中的“不分片”位(用于确定/测试MTU)
-O, --tos=N 在ICMP数据包上设置服务类型(tos),N可以是十进制或十六进制(0xh)格式
-p, --period=MSEC 设置ping数据包到一个目标的时间间隔(单位:毫秒)
(在循环和计数模式下,默认值:1000ms)
-r, --retry=N ping重试次数 (默认值: 3)
-R, --random 随机分组数据(为了阻止链路数据压缩),代替全0作为分组数据,将ping生成随机字节, 来阻止像链路数据压缩的情形。
-S, --src=IP 设置源IP地址
-t, --timeout=MSEC 设置ping到单个目标IP初始超时时间。 (默认: 500 ms,
但 -l/-c/-C除外, 其中-p周期最长为2000ms)
输出选项:
-a, --alive 显示存活的主机
-A, --addr 显示目标地址
-C, --vcount=N 与-c相同,报告以详细格式结果
-D, --timestamp 在每个输出行之前打印时间戳
-e, --elapsed 显示返回数据包经过的时间
-i, --interval=MSEC 自定义发送ping报文的时间间隔(默认为10ms)
-n, --name 显示目标主机名(与-d等效)
-N, --netdata 与netdata兼容的输出(需要-l -Q)
-o, --outage 显示累计中断时间(丢失的数据包/报文时间间隔)
-q, --quiet 安静模式(不显示按目标或者按ping的结果)
-Q, --squiet=SECS 与-q相同,但是每n秒显示一次摘要
-s, --stats 打印最终统计
-u, --unreach 显示无法达到的目标
-v, --version 显示fping版本
-x, --reachable=N 显示> = N个主机是否可访问
┌──(kali㉿kali)-[~]
└─$ fping www.google.com
www.google.com is alive
┌──(kali㉿kali)-[~]
└─$ fping www.baidu.com
www.baidu.com is alive
┌──(kali㉿kali)-[~]
└─$ fping 172.16.1.103
172.16.1.103 is alive
┌──(kali㉿kali)-[~]
└─$ fping www.fjnu.edu.cn
www.fjnu.edu.cn is alive
**网络安全小技巧:**使用fping回显打印unreachable,有两种情况
┌──(kali㉿kali)-[~]
└─$ fping www.pku.edu.cn
www.pku.edu.cn is unreachable
┌──(kali㉿kali)-[~]
└─$ fping 172.16.1.254
ICMP Host Unreachable from 172.16.1.120 for ICMP Echo sent to 172.16.1.254
ICMP Host Unreachable from 172.16.1.120 for ICMP Echo sent to 172.16.1.254
ICMP Host Unreachable from 172.16.1.120 for ICMP Echo sent to 172.16.1.254
ICMP Host Unreachable from 172.16.1.120 for ICMP Echo sent to 172.16.1.254
172.16.1.254 is unreachable
对比实验:
打开PC1(172.16.1.104)防火墙,允许IPv4回显请求进站,这时候对PC1使用fping
┌──(kali㉿kali)-[~]
└─$ fping 172.16.1.104
172.16.1.104 is alive
打开PC1(172.16.1.104)防火墙,禁止IPv4回显请求进站,这时候对PC1使用fping
┌──(kali㉿kali)-[~]
└─$ fping 172.16.1.104
172.16.1.104 is unreachable
┌──(kali㉿kali)-[~]
└─$ fping 172.16.1.104
172.16.1.104 is alive
在PC1(172.16.1.104 )上使用wireshark抓包分析。根据报文得出,在默认情况下,ICMP报文的大小是56bytes
┌──(kali㉿kali)-[~]
└─$ fping -b 100 172.16.1.104
192.168.11.3 is alive
根据报文看出,现在ICMP的报文大小是100bytes。
备注:普通ping命令的报文大小为48bytes
┌──(kali㉿kali)-[~]
└─$ fping -c 5 172.16.1.104
172.16.1.104 : [0], 64 bytes, 0.298 ms (0.298 avg, 0% loss)
172.16.1.104 : [1], 64 bytes, 0.312 ms (0.305 avg, 0% loss)
172.16.1.104 : [2], 64 bytes, 0.219 ms (0.276 avg, 0% loss)
172.16.1.104 : [3], 64 bytes, 0.257 ms (0.271 avg, 0% loss)
172.16.1.104 : [4], 64 bytes, 0.219 ms (0.261 avg, 0% loss)
172.16.1.104 : xmt/rcv/%loss = 5/5/0%, min/avg/max = 0.219/0.261/0.312
#谷歌
kali@kali:~$ fping -d www.google.com
kix06s01-in-f4.1e100.net is alive
kali@kali:~$ fping -d 216.58.196.228
kix06s01-in-f228.1e100.net is alive
#思科
kali@kali:~$ fping -d www.cisco.com
a23-47-139-188.deploy.static.akamaitechnologies.com is alive
kali@kali:~$ fping -d 23.47.139.188
a23-47-139-188.deploy.static.akamaitechnologies.com is alive
#华为
kali@kali:~$ fping -d www.huawei.com
a23-47-140-106.deploy.static.akamaitechnologies.com is alive
kali@kali:~$ fping -d 23.47.140.106
a23-47-140-106.deploy.static.akamaitechnologies.com is alive
#阿里巴巴(日本)
kali@kali:~$ fping -d www.Alibaba.com
116-223-150-229.rev.home.ne.jp is alive
kali@kali:~$ fping -d 116.223.150.229
116-223-150-229.rev.home.ne.jp is alive
#fjnu
┌──(kali㉿kali)-[~]
└─$ fping -d www.fjnu.edu.cn
28.157.33.36.adsl-pool.ah.cnuninet.net is alive
┌──(kali㉿kali)-[~/桌面]
└─$ cat IP_targets 1 ⨯
172.16.1.11
172.16.1.21
172.16.1.31
172.16.1.41
172.16.1.51
┌──(kali㉿kali)-[~/桌面]
└─$ fping -f IP_targets
172.16.1.21 is alive
172.16.1.31 is alive
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.11
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.11
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.11
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.11
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.51
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.51
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.51
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.51
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.41
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.41
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.41
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.41
172.16.1.11 is unreachable
172.16.1.41 is unreachable
172.16.1.51 is unreachable
┌──(kali㉿kali)-[~]
└─$ fping -g 172.16.1.2 172.16.1.6 1 ⨯
172.16.1.2 is alive
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.3
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.3
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.3
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.3
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.5
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.5
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.5
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.5
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.4
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.4
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.4
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.4
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.6
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.6
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.6
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.6
172.16.1.3 is unreachable
172.16.1.4 is unreachable
172.16.1.5 is unreachable
172.16.1.6 is unreachable
或使用CIDR地址
┌──(kali㉿kali)-[~]
└─$ fping -g 172.16.1.0/29
172.16.1.2 is alive
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.1
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.1
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.1
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.1
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.3
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.3
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.3
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.3
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.6
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.5
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.6
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.6
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.6
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.5
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.5
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.5
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.4
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.4
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.4
ICMP Host Unreachable from 172.16.1.129 for ICMP Echo sent to 172.16.1.4
172.16.1.1 is unreachable
172.16.1.3 is unreachable
172.16.1.4 is unreachable
172.16.1.5 is unreachable
172.16.1.6 is unreachable
┌──(kali㉿kali)-[~]
└─$ fping -H 111 172.16.1.111
172.16.1.111 is alive
默认的icmp ttl为64,下图是通过wireshark抓包来验证ttl
kali@kali:~$ fping -I eth0 192.168.11.3
192.168.11.3 is alive
kali@kali:~$ fping -I eth1 192.168.11.3
192.168.11.3 is alive
┌──(kali㉿kali)-[~]
└─$ fping -l 172.16.1.111
172.16.1.111 : [0], 64 bytes, 0.280 ms (0.280 avg, 0% loss)
172.16.1.111 : [1], 64 bytes, 0.215 ms (0.248 avg, 0% loss)
172.16.1.111 : [2], 64 bytes, 0.225 ms (0.240 avg, 0% loss)
172.16.1.111 : [3], 64 bytes, 0.231 ms (0.238 avg, 0% loss)
172.16.1.111 : [4], 64 bytes, 0.326 ms (0.256 avg, 0% loss)
172.16.1.111 : [5], 64 bytes, 0.250 ms (0.255 avg, 0% loss)
172.16.1.111 : [6], 64 bytes, 0.218 ms (0.249 avg, 0% loss)
172.16.1.111 : [7], 64 bytes, 0.241 ms (0.248 avg, 0% loss)
^C
172.16.1.111 : xmt/rcv/%loss = 8/8/0%, min/avg/max = 0.215/0.248/0.326
(关于-A用法,请下滑到输出选项介绍)
┌──(kali㉿kali)-[~]
└─$ fping -m www.google.com -A
216.58.220.100 is alive
2404:6800:4004:812::2004: error while sending ping: Network is unreachable
2404:6800:4004:812::2004 is unreachable
┌──(kali㉿kali)-[~]
└─$ fping -m www.baidu.com -A
119.63.197.151 is alive
119.63.197.139 is alive
最大传输单元(Maximum Transmission Unit,MTU)用来通知对方所能接受数据服务单元的最大尺寸,说明发送方能够接受的有效载荷大小。
从下面我们可以得出kali的最大MTU是1472bytes,如果超过该字节的数据分组,将会被分片后在传输。
┌──(kali㉿kali)-[~]
└─$ fping -b 1472 -M 172.16.1.111
172.16.1.111 is alive
┌──(kali㉿kali)-[~]
└─$ fping -b 1473 -M 172.16.1.111
172.16.1.111: error while sending ping: Message too long
172.16.1.111 is unreachable
我们通过在wireshark中抓取的数据报文来详细分析。
(1)使用fping 172.16.1.111命令获取的报文
普通的不加-b选项的fping命令发出的icmp请求报文的大小是56字节,在IP头部Flags字段中,“Don’t fragment”为set即1,表示该报文不能分片。Fragment offset(片偏移)字段值为0,表示该报文没有分组重组。
(2)使用fping -b 1472 -M 172.16.1.111命令获取的报文
自定义发出的icmp请求数据包大小为1472字节,在IP头部Flags字段中,“Don’t fragment”为set即1,Fragment offset(片偏移)字段值为0。这些说明该数据包也没有被分片重组,而是单独一个数据包被发送出去。
(3)使用fping -b 1473 -M 172.16.1.111,发现在使用-M选项后,kali无法发出1473字节的icmp数据包,再根据(2)可以确定kali默认的MTU是1472字节。
(4)使用fping -b 1473 172.16.1.111,不使用-M限制分片重组后,数据包能正常发出。
使用-b选项,自定义icmp数据包大小为1473,查看在该报文的IP头部Flags字段中,“Don’t fragment”为Not set即0,表示该报文可以分片。Fragment offset(片偏移)字段值为1480,表示该报文已经分组重组了。