The arping application is a simple command that will allow you to ping devices by hostname, IP address, or MAC address. The unfortunate part is that most device will not respond to the arp requests, which are directed broadcast ICMP echo requests, though there are some out there that do. I go into more detail below regarding pinging via MAC address by providing an example of the typical output, example output when a MAC address responds to the ICMP echo requests, and details about how to configure hosts to respond to these ICMP echo requests. I also show a couple of the switches available with arping and provide examples of using arping to ping devices by IP and host.
I remember being so happy about 0trace when I started to write some Backtrack related articles because even though 0trace is fairly simple it is really useful to locate the full path to devices you are investigating. In the article below I will explain the necessary 0trace input from the command line, what needs to be done to complete a successful trace to a target using 0trace, and provide some example of devices in front of and behind a firewall blocking ICMP or traceroute requests.
Previously I wrote a brief article on 0trace in Backtrack 4 which can be located here however in the process of writing an updated article for Backtrack 5 I noticed that 0trace was no longer working. Every single time I would attempt to run an accurate trace through a firewall the results would come back empty and display “Probe rejected by target.” At first I was thinking maybe companies have really tightened down their firewalls however that didn’t make any sense because of how 0trace works using a standard port such as port 80 to allow traffic to pass because the servers function is to serve web pages. Below I describe the error in more detail and how you can resolve it.
PBNJ is made ip of two commands which are scanpbnj and outputpbnj. The manpages for both scanpbnj and outputpbnj are located in collapsed tables at the bottom of this post in case you want more details. When you run scanpbnj it technically a script that runs nmap and dumps the results to a database. The scanpbnj command will store results in various database formats including CSV, MySQL, PostgreSQL, and SQLite. Once the results are stored you can pull the results from the database using outputpbnj which can output report style results in CSV format, tab delimited format, or HTML format. Continue reading below for more details regarding outputpbnj and scanpbnj on Backtrack Linux 5 r2.