Enhanced Free Ping Utility In Linux - Sing Tool

May 14, 2011 | By
| Reply More

Linux Ping Tool

Ping is a great utility to check the network connections and troubleshoot the network related problems. It uses ICMP (Internet Connection Message Protocol) packets to check if a system is up and running. But you cannot do much with ping command. SING (Send ICMP Nasty Garbage) tool is like PING, with certain enhancements over ping. 'sing' can send fully customized ICMP packets and has a lot of features like OS finger printing to determine the OS running on a machine. This article describes the common uses of sing tool.

sing

With sing tool, you can

• determine if a host is up (like normal ping command)
• send packets with spoofed IP address
• send packets with spoofed mac address
• perform OS fingerprinting to determine OS of a host/network device.
• mimic or emulate a certain OS
• customize the IP header like ttl field, set/unset Unused bit in IP header, set/unset type of service field (tos) and so on.

Let’s check out the common uses of sing tool

1. singing a host

Normal use like ping command.

$ sing 192.168.1.111
SINGing to 192.168.1.111 (192.168.1.111): 16 data bytes
16 bytes from 192.168.1.111: seq=0 ttl=64 TOS=0 time=206.140 ms
16 bytes from 192.168.1.111: seq=1 ttl=64 TOS=0 time=127.752 ms
16 bytes from 192.168.1.111: seq=2 ttl=64 TOS=0 time=152.000 ms
^C
--- 192.168.1.111 sing statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 127.752/161.964/206.140 ms

2. Limit the number of requests

With -c option, number of ICMP requests can be limited so that 'sing' automatically exits after sending specified number of requests.

$ sing -c 3 192.168.1.7
SINGing to 192.168.1.7 (192.168.1.7): 16 data bytes
16 bytes from 192.168.1.7: seq=0 ttl=128 TOS=0 time=773.990 ms
16 bytes from 192.168.1.7: seq=1 ttl=128 TOS=0 time=184.961 ms
16 bytes from 192.168.1.7: seq=2 ttl=128 TOS=0 time=209.010 ms

--- 192.168.1.7 sing statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 184.961/389.320/773.990 ms

3. Spoof your IP address

Spoof the IP address with -S option. You won't get a reply back, because the target host will send the replies to the spoofed IP address.

$ sing -c 3 -S 192.168.1.111 192.168.1.7
SINGing to 192.168.1.7 (192.168.1.7): 16 data bytes

--- 192.168.1.7 sing statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

4. Spoof the hardware/MAC address

Again, you won't get any reply back.

$ sing -c 3 -MAC 00:FF:AC:33:1:B 192.168.1.111
SINGing to 192.168.1.111 (192.168.1.111): 16 data bytes

--- 192.168.1.111 sing statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

5. OS fingerprinting

Determine the remote device's OS with -O option:

$ sing -c 3 -O 192.168.1.7
SINGing to 192.168.1.7 (192.168.1.7): 16 data bytes
16 bytes from 192.168.1.7: seq=0 ttl=128 TOS=0 time=117.090 ms
16 bytes from 192.168.1.7: seq=1 ttl=128 TOS=0 time=141.224 ms
16 bytes from 192.168.1.7: seq=2 ttl=128 TOS=0 time=165.401 ms

--- 192.168.1.7 sing statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 117.090/141.238/165.401 ms
<*> Remote OS on 192.168.1.7 is a Window$ 2k

$ sing -c 3 -O 192.168.1.1
SINGing to 192.168.1.1 (192.168.1.1): 16 data bytes
16 bytes from 192.168.1.1: seq=0 ttl=254 TOS=66 time=128.475 ms
16 bytes from 192.168.1.1: seq=1 ttl=254 TOS=66 time=152.105 ms
16 bytes from 192.168.1.1: seq=2 ttl=254 TOS=66 time=175.606 ms

--- 192.168.1.1 sing statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 128.475/152.062/175.606 ms

<*> Remote OS on 192.168.1.1 is a UNIX (Linux, Solaris, *BSD, HP-UX, etc.),
<*> Cisco or similar network device

$ sing -c 3 -O 192.168.1.10
SINGing to 192.168.1.10 (192.168.1.10): 16 data bytes
Ouch!! 192.168.1.5 sings host 192.168.1.10 unreachable!!

--- 192.168.1.10 sing statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

<*> Ouch!! I can't guess the remote OS without a reply!

It gives interesting replies (output) when a host is unreachable.

6. Mimic the OS

Using -M option, you can mimic your OS. The possible values for -M option are win, unix, linux, cisco, solaris or shiva. Here, Windows and Solaris are mimicked:

$ sing -c 3 -M win 192.168.1.7
SINGing to 192.168.1.7 (192.168.1.7): 48 data bytes
48 bytes from 192.168.1.7: seq=1 ttl=128 TOS=0 time=186.525 ms
48 bytes from 192.168.1.7: seq=2 ttl=128 TOS=0 time=210.081 ms
48 bytes from 192.168.1.7: seq=3 ttl=128 TOS=0 time=131.313 ms

--- 192.168.1.7 sing statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 131.313/175.973/210.081 ms

$ sing -c 3 -M solaris 192.168.1.7
SINGing to 192.168.1.7 (192.168.1.7): 64 data bytes
64 bytes from 192.168.1.7: seq=0 ttl=128 TOS=0 time=188.626 ms
64 bytes from 192.168.1.7: seq=1 ttl=128 TOS=0 time=109.932 ms
64 bytes from 192.168.1.7: seq=2 ttl=128 TOS=0 time=134.814 ms

--- 192.168.1.7 sing statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 109.932/144.457/188.626 ms

7. Quiet mode

In quiet mode, nothing except the summary lines at the startup and the end are displayed. Quiet mode is switched using -q option:

$ sing -q -c 3 -O 192.168.1.111
SINGing to 192.168.1.111 (192.168.1.111): 16 data bytes

--- 192.168.1.111 sing statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 119.259/143.332/167.434 ms

<*> Remote OS on 192.168.1.111 is a Window$ 2k

8. Manual sequence number

With -seq option the echo sequence number to be used with echo request and reply, can be set manually.

$ sing -seq 24 -c 3 192.168.1.7
SINGing to 192.168.1.7 (192.168.1.7): 16 data bytes
16 bytes from 192.168.1.7: seq=24 ttl=128 TOS=0 time=169.860 ms
16 bytes from 192.168.1.7: seq=25 ttl=128 TOS=0 time=194.116 ms
16 bytes from 192.168.1.7: seq=26 ttl=128 TOS=0 time=320.699 ms

--- 192.168.1.7 sing statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 169.860/228.225/320.699 ms

You can check the changed sequence numbers in the output above.

These are some common uses of sing tool. If you want to customize the packet further, you can refer the manual page of sing command with 'man sing' command.

Filed Under : LINUX HOWTO, OPEN SOURCE TOOLS

Tagged With : ,

Free Linux Ebook to Download

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.