• Home »
  • Security »
  • Backtrack 4: Information Gathering: Route: Protos – IP protocol scanner

Backtrack 4: Information Gathering: Route: Protos – IP protocol scanner

The next tool I will be reviewing is from the same suite of tools as netenum and netmask. Protos is a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.

Lets have a look at our options:

bash

  1. root@666:~# protos -h
  2. protos: invalid option -- 'h'
  3. Usage: ./protos -i eth0 -d 10.1.2.3 -v
  4. -v             verbose
  5. -V             show which protocols are not supported
  6. -u             don't ping targets first
  7. -s             make the scan slow (for very remote devices)
  8. -L             show the long protocol name and it's reference (RFC)
  9. -p x           number of probes (default=5)
  10. -S x           sleeptime is x (default=1)
  11. -a x           continue scan afterwards for x seconds (default=3)
  12. -d dest        destination (IP or IP/MASK)
  13. -i interface   the eth0 stuff
  14. -W             don't scan, just print the protocol list

If you just use the -W option, Protos will spit out a list of all the protocols it can detect: (the output is truncated)

bash

  1. root@666:~# protos -W
  2. 0       HOPOPT       IPv6 Hop-by-Hop Option [RFC1883]
  3. 1       ICMP         Internet Control Message [RFC792]
  4. 2       IGMP         Internet Group Management [RFC1112]
  5. 3       GGP          Gateway-to-Gateway [RFC823]
  6. 4       IPenc        IP in IP (encapsulation) [RFC2003]
  7. 5       ST           Stream [RFC1190,IEN119]
  8. 6       TCP          Transmission Control [RFC793]
  9. 7       CBT          CBT [Ballardie]
  10. 8       EGP          Exterior Gateway Protocol [RFC888,DLM1]
  11. 9       IGP          any private interior gateway [IANA]
  12. 10      BBN-RCC-MON  BBN RCC Monitoring [SGC]
  13. 11      NVP-II       Network Voice Protocol [RFC741,SC3]
  14. 12      PUP          PUP [PUP,XEROX]
  15. 13      ARGUS        ARGUS [RWS4]
  16. 14      EMCON        EMCON [BN7]
  17. 15      XNET         Cross Net Debugger [IEN158,JFH2]
  18. 16      CHAOS        Chaos [NC3]
  19. 17      UDP          User Datagram [RFC768,JBP]
  20. 18      MUX          Multiplexing [IEN90,JBP]
  21. 19      DCN-MEAS     DCN Measurement Subsystems [DLM1]
  22. 20      HMP          Host Monitoring [RFC869,RH6]
  23. 21      PRM          Packet Radio Measurement [ZSU]
  24. 22      XNS-IDP      XEROX NS IDP [ETHERNET,XEROX]
  25. 23      TRUNK-1      Trunk-1 [BWB6]
  26. 24      TRUNK-2      Trunk-2 [BWB6]

Lets try a run at a real IP:

bash

  1. root@666:~# protos -i eth0 -d 72.47.202.218 -v -L
  2. 72.47.202.218 is alive
  3. TARGET  72.47.202.218
  4. Running in verbose mode
  5.         Afterscan delay is 3
  6.         running in fast scan - pause every 1 probes
  7.         continuing scan afterwards for 3 secs
  8.         supported protocols will be reported
  9.         you supplied the target(s) 72.47.202.218
  10. Scanning 72.47.202.218
  11. >>>>>>>>> RESULTS >>>>>>>>>>
  12.  
  13. 72.47.202.218 may be running (did not negate):
  14. HOPOPT          IPv6 Hop-by-Hop Option [RFC1883]
  15. ICMP            Internet Control Message [RFC792]
  16. IGMP            Internet Group Management [RFC1112]
  17. TCP             Transmission Control [RFC793]
  18. EGP             Exterior Gateway Protocol [RFC888,DLM1]
  19. BBN-RCC-MON     BBN RCC Monitoring [SGC]
  20. PUP             PUP [PUP,XEROX]
  21. EMCON           EMCON [BN7]
  22. CHAOS           Chaos [NC3]
  23. UDP             User Datagram [RFC768,JBP]
  24. HMP             Host Monitoring [RFC869,RH6]
  25. TRUNK-1         Trunk-1 [BWB6]
  26. LEAF-1          Leaf-1 [BWB6]
  27. RDP             Reliable Data Protocol [RFC908,RH6]
  28. ISO-TP4         ISO Transport Protocol Class 4 [RFC905,RC77]
  29. MFE-NSP         MFE Network Services Protocol [MFENET,BCH2]
  30. SEP             Sequential Exchange Protocol [JC120]
  31. IDPR            Inter-Domain Policy Routing Protocol [MXS1]
  32. DDP             Datagram Delivery Protocol [WXC]
  33. TP++            TP++ Transport Protocol [DXF]
  34. IPv6            Ipv6 [Deering]
  35. IPv6-Route      Routing Header for IPv6 [Deering]
  36. IDRP            Inter-Domain Routing Protocol [Sue Hares]
  37. GRE             General Routing Encapsulation [Tony Li]
  38. BNA             BNA [Gary Salamon]
  39. AH              Authentication Header for IPv6 [RFC1826]
  40. SWIPE           IP with Encryption [JI6]
  41. MOBILE          IP Mobility [Perkins]
  42. SKIP            SKIP [Markson]
  43. IPv6-ICMP       ICMP for IPv6 [RFC1883]
  44. 61              any host internal protocol [IANA]
  45. 63              any local network [IANA]
  46. KRYPTOLAN       Kryptolan [PXL1]
  47. IPPC            Internet Pluribus Packet Core [SHB]
  48. SAT-MON         SATNET Monitoring [SHB]
  49. IPCV            Internet Packet Core Utility [SHB]
  50. CPHB            Computer Protocol Heart Beat [DXM2]
  51. PVP             Packet Video Protocol [SC3]
  52. SUN-ND          SUN ND PROTOCOL-Temporary [WM3]
  53. WB-EXPAK        WIDEBAND EXPAK [SHB]
  54. VMTP            VMTP [DRC3]
  55. VINES           VINES [BXH]
  56. NSFNET-IGP      NSFNET-IGP [HWB]
  57. TCF             TCF [GAL5]
  58. OSPFIGP         OSPFIGP [RFC1583,JTM4]
  59. LARP            Locus Address Resolution Protocol [BXH]
  60. AX.25           AX.25 Frames [BK29]
  61. MICP            Mobile Internetworking Control Pro. [JI6]
  62. ETHERIP         Ethernet-within-IP Encapsulation [RDH1]
  63. 99PrivEncr      any private encryption scheme [IANA]
  64. IFMP            Ipsilon Flow Management Protocol [Hinden]
  65. PIM             Protocol Independent Multicast [Farinacci]
  66. SCPS            SCPS [Durst]
  67. A/N             Active Networks [Braden]
  68. SNP             Sitara Networks Protocol [Sridhar]
  69. IPX-in-IP       IPX in IP [Lee]
  70. IATP            Interactive Agent Transfer Protocol [Murphy]
  71. SRP             SpectraLink Radio Protocol [Hamilton]
  72. SMP             Simple Message Protocol [Ekblad]
  73. PTP             Performance Transparency Protocol [Welzl]
  74. FIRE            [Partridge]
  75. CRUDP           Combat Radio User Datagram [Sautter]
  76. IPLT            [Hollbach]
  77. PIPE            Private IP Encapsulation within IP [Petri]
  78. FC              Fibre Channel [Rajagopal]
  79. 135             [IANA]
  80. 137             [IANA]
  81. 139             [IANA]
  82. 141             [IANA]
  83. 143             [IANA]
  84. 145             [IANA]
  85. 147             [IANA]
  86. 149             [IANA]
  87. 151             [IANA]
  88. 153             [IANA]
  89. 155             [IANA]
  90. 157             [IANA]
  91. 159             [IANA]
  92. 161             [IANA]
  93. 163             [IANA]
  94. 165             [IANA]
  95. 167             [IANA]
  96. 169             [IANA]
  97. 171             [IANA]
  98. 173             [IANA]
  99. 175             [IANA]
  100. 177             [IANA]
  101. 179             [IANA]
  102. 181             [IANA]
  103. 183             [IANA]
  104. 185             [IANA]
  105. 187             [IANA]
  106. 189             [IANA]
  107. 191             [IANA]
  108. 193             [IANA]
  109. 195             [IANA]
  110. 197             [IANA]
  111. 199             [IANA]
  112. 201             [IANA]
  113. 203             [IANA]
  114. 205             [IANA]
  115. 208             [IANA]
  116. 209             [IANA]
  117. 212             [IANA]
  118. 214             [IANA]
  119. 216             [IANA]
  120. 218             [IANA]
  121. 220             [IANA]
  122. 222             [IANA]
  123. 224             [IANA]
  124. 226             [IANA]
  125. 228             [IANA]
  126. 230             [IANA]
  127. 232             [IANA]
  128. 234             [IANA]
  129. 236             [IANA]
  130. 238             [IANA]
  131. 240             [IANA]
  132. 242             [IANA]
  133. 244             [IANA]
  134. 246             [IANA]
  135. 248             [IANA]
  136. 250             [IANA]
  137. 252             [IANA]
  138. 254             [IANA]

Thats really all the output it gives. I will be honest I do not see much use for this tool however since we are reviewing every tool and I had to do this one.

Semiology of Graphics: Diagrams, Networks, Maps (Hardcover)


List Price: $79.95 USD
New From: $46.36 USD In Stock
Used from: $33.48 USD In Stock

LAN Wiring (Paperback)


List Price: $75.00 USD
New From: $45.46 USD In Stock
Used from: $3.99 USD In Stock

Share