• Home »
  • Security »
  • Backtrack 4: Information Gathering: Route: Protos – IP protocol scanner

Backtrack 4: Information Gathering: Route: Protos – IP protocol scanner

The next tool I will be reviewing is from the same suite of tools as netenum and netmask. Protos is a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.

Lets have a look at our options:

root@666:~# protos -h
protos: invalid option -- 'h'
Usage: ./protos -i eth0 -d 10.1.2.3 -v
-v             verbose
-V             show which protocols are not supported
-u             don't ping targets first
-s             make the scan slow (for very remote devices)
-L             show the long protocol name and it's reference (RFC)
-p x           number of probes (default=5)
-S x           sleeptime is x (default=1)
-a x           continue scan afterwards for x seconds (default=3)
-d dest        destination (IP or IP/MASK)
-i interface   the eth0 stuff
-W             don't scan, just print the protocol list

If you just use the -W option, Protos will spit out a list of all the protocols it can detect: (the output is truncated)

root@666:~# protos -W
0       HOPOPT       IPv6 Hop-by-Hop Option [RFC1883]
1       ICMP         Internet Control Message [RFC792]
2       IGMP         Internet Group Management [RFC1112]
3       GGP          Gateway-to-Gateway [RFC823]
4       IPenc        IP in IP (encapsulation) [RFC2003]
5       ST           Stream [RFC1190,IEN119]
6       TCP          Transmission Control [RFC793]
7       CBT          CBT [Ballardie]
8       EGP          Exterior Gateway Protocol [RFC888,DLM1]
9       IGP          any private interior gateway [IANA]
10      BBN-RCC-MON  BBN RCC Monitoring [SGC]
11      NVP-II       Network Voice Protocol [RFC741,SC3]
12      PUP          PUP [PUP,XEROX]
13      ARGUS        ARGUS [RWS4]
14      EMCON        EMCON [BN7]
15      XNET         Cross Net Debugger [IEN158,JFH2]
16      CHAOS        Chaos [NC3]
17      UDP          User Datagram [RFC768,JBP]
18      MUX          Multiplexing [IEN90,JBP]
19      DCN-MEAS     DCN Measurement Subsystems [DLM1]
20      HMP          Host Monitoring [RFC869,RH6]
21      PRM          Packet Radio Measurement [ZSU]
22      XNS-IDP      XEROX NS IDP [ETHERNET,XEROX]
23      TRUNK-1      Trunk-1 [BWB6]
24      TRUNK-2      Trunk-2 [BWB6]

Lets try a run at a real IP:

root@666:~# protos -i eth0 -d 72.47.202.218 -v -L
72.47.202.218 is alive
TARGET  72.47.202.218
Running in verbose mode
        Afterscan delay is 3
        running in fast scan - pause every 1 probes
        continuing scan afterwards for 3 secs
        supported protocols will be reported
        you supplied the target(s) 72.47.202.218
Scanning 72.47.202.218
>>>>>>>>> RESULTS >>>>>>>>>>

72.47.202.218 may be running (did not negate):
HOPOPT          IPv6 Hop-by-Hop Option [RFC1883]
ICMP            Internet Control Message [RFC792]
IGMP            Internet Group Management [RFC1112]
TCP             Transmission Control [RFC793]
EGP             Exterior Gateway Protocol [RFC888,DLM1]
BBN-RCC-MON     BBN RCC Monitoring [SGC]
PUP             PUP [PUP,XEROX]
EMCON           EMCON [BN7]
CHAOS           Chaos [NC3]
UDP             User Datagram [RFC768,JBP]
HMP             Host Monitoring [RFC869,RH6]
TRUNK-1         Trunk-1 [BWB6]
LEAF-1          Leaf-1 [BWB6]
RDP             Reliable Data Protocol [RFC908,RH6]
ISO-TP4         ISO Transport Protocol Class 4 [RFC905,RC77]
MFE-NSP         MFE Network Services Protocol [MFENET,BCH2]
SEP             Sequential Exchange Protocol [JC120]
IDPR            Inter-Domain Policy Routing Protocol [MXS1]
DDP             Datagram Delivery Protocol [WXC]
TP++            TP++ Transport Protocol [DXF]
IPv6            Ipv6 [Deering]
IPv6-Route      Routing Header for IPv6 [Deering]
IDRP            Inter-Domain Routing Protocol [Sue Hares]
GRE             General Routing Encapsulation [Tony Li]
BNA             BNA [Gary Salamon]
AH              Authentication Header for IPv6 [RFC1826]
SWIPE           IP with Encryption [JI6]
MOBILE          IP Mobility [Perkins]
SKIP            SKIP [Markson]
IPv6-ICMP       ICMP for IPv6 [RFC1883]
61              any host internal protocol [IANA]
63              any local network [IANA]
KRYPTOLAN       Kryptolan [PXL1]
IPPC            Internet Pluribus Packet Core [SHB]
SAT-MON         SATNET Monitoring [SHB]
IPCV            Internet Packet Core Utility [SHB]
CPHB            Computer Protocol Heart Beat [DXM2]
PVP             Packet Video Protocol [SC3]
SUN-ND          SUN ND PROTOCOL-Temporary [WM3]
WB-EXPAK        WIDEBAND EXPAK [SHB]
VMTP            VMTP [DRC3]
VINES           VINES [BXH]
NSFNET-IGP      NSFNET-IGP [HWB]
TCF             TCF [GAL5]
OSPFIGP         OSPFIGP [RFC1583,JTM4]
LARP            Locus Address Resolution Protocol [BXH]
AX.25           AX.25 Frames [BK29]
MICP            Mobile Internetworking Control Pro. [JI6]
ETHERIP         Ethernet-within-IP Encapsulation [RDH1]
99PrivEncr      any private encryption scheme [IANA]
IFMP            Ipsilon Flow Management Protocol [Hinden]
PIM             Protocol Independent Multicast [Farinacci]
SCPS            SCPS [Durst]
A/N             Active Networks [Braden]
SNP             Sitara Networks Protocol [Sridhar]
IPX-in-IP       IPX in IP [Lee]
IATP            Interactive Agent Transfer Protocol [Murphy]
SRP             SpectraLink Radio Protocol [Hamilton]
SMP             Simple Message Protocol [Ekblad]
PTP             Performance Transparency Protocol [Welzl]
FIRE            [Partridge]
CRUDP           Combat Radio User Datagram [Sautter]
IPLT            [Hollbach]
PIPE            Private IP Encapsulation within IP [Petri]
FC              Fibre Channel [Rajagopal]
135             [IANA]
137             [IANA]
139             [IANA]
141             [IANA]
143             [IANA]
145             [IANA]
147             [IANA]
149             [IANA]
151             [IANA]
153             [IANA]
155             [IANA]
157             [IANA]
159             [IANA]
161             [IANA]
163             [IANA]
165             [IANA]
167             [IANA]
169             [IANA]
171             [IANA]
173             [IANA]
175             [IANA]
177             [IANA]
179             [IANA]
181             [IANA]
183             [IANA]
185             [IANA]
187             [IANA]
189             [IANA]
191             [IANA]
193             [IANA]
195             [IANA]
197             [IANA]
199             [IANA]
201             [IANA]
203             [IANA]
205             [IANA]
208             [IANA]
209             [IANA]
212             [IANA]
214             [IANA]
216             [IANA]
218             [IANA]
220             [IANA]
222             [IANA]
224             [IANA]
226             [IANA]
228             [IANA]
230             [IANA]
232             [IANA]
234             [IANA]
236             [IANA]
238             [IANA]
240             [IANA]
242             [IANA]
244             [IANA]
246             [IANA]
248             [IANA]
250             [IANA]
252             [IANA]
254             [IANA]

Thats really all the output it gives. I will be honest I do not see much use for this tool however since we are reviewing every tool and I had to do this one.


List Price: $79.95 USD
New From: $49.15 USD In Stock
Used from: $44.21 USD In Stock

LAN Wiring (Paperback)

By (author): James Trulove


List Price: $75.00 USD
New From: $38.74 USD In Stock
Used from: $2.90 USD In Stock

Share