Detect ICMP response

[hazcod]

Hi, is there a way of using the library to detect whether a host responds to ICMP?
At the moment I have something along the lines of:

	switch mode {
	case "tcp":
		typeScanner = []func(*nmap.Scanner){
			nmap.WithServiceInfo(),
			nmap.WithSYNScan(),
			nmap.WithOSDetection(),
			nmap.WithOSScanGuess(),
			nmap.WithOSScanLimit(),
		}
		break
	case "udp":
		typeScanner = []func(*nmap.Scanner){
			nmap.WithServiceInfo(),
			nmap.WithUDPScan(),
		}
		break
	case "icmp":
		typeScanner = []func(*nmap.Scanner){
			nmap.WithServiceInfo(),
			nmap.WithICMPEchoDiscovery(),
			nmap.WithOSDetection(),
			nmap.WithOSScanGuess(),
		}
		break
	default:
		return errors.New("unknown scan mode: " + mode)
	}

...
			nmap.WithContext(ctx),
			nmap.WithTargets(ip.String()),
			nmap.WithDisabledDNSResolution(),
			nmap.WithPrivileged(),
			nmap.WithTimingTemplate(nmap.TimingAggressive),

But not sure if ServiceInfo and OSDetection do anything at the ICMP scanning phase.

[Ullaakut]

Hi @hazcod!

Can you give some more details on what exactly you expect and what doesn't work as-is? The example code you wrote doesn't work for you?

Thanks :)

[hazcod]

Hi @Ullaakut , I would want to know if a host responds to ICMP at all.
I'm not sure what results to interpret if it doesn't. Will it return no Hosts? No Ports?

[Ullaakut]

I'm currently working so I can't check it right away, but if you want I'll give it a try this evening and let you know :) Also to see it by using the nmap command line, you can simply run nmap with -X to export it to XML, and the data that you will see in the XML output should be accessible from this library.

[Ullaakut]

Here is what you'd get from a run of nmap -sn -PE <ip> with this library (it would be marshalled into a go struct though)

───────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: output.xml
───────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ <?xml version="1.0" encoding="UTF-8"?>
   2   │ <!DOCTYPE nmaprun>
   3   │ <?xml-stylesheet href="file:///usr/local/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
   4   │ <!-- Nmap 7.80 scan initiated Mon Apr 27 08:51:02 2020 as: nmap -sn -PE -oX output.xml localhost -->
   5   │ <nmaprun scanner="nmap" args="nmap -sn -PE -oX output.xml localhost" start="1587970262" startstr="Mon Apr 27
       │ 08:51:02 2020" version="7.80" xmloutputversion="1.04">
   6   │ <verbose level="0"/>
   7   │ <debugging level="0"/>
   8   │ <host><status state="up" reason="localhost-response" reason_ttl="0"/>
   9   │ <address addr="127.0.0.1" addrtype="ipv4"/>
  10   │ <hostnames>
  11   │ <hostname name="localhost" type="user"/>
  12   │ <hostname name="localhost" type="PTR"/>
  13   │ </hostnames>
  14   │ </host>
  15   │ <runstats><finished time="1587970262" timestr="Mon Apr 27 08:51:02 2020" elapsed="0.02" summary="Nmap done at
       │  Mon Apr 27 08:51:02 2020; 1 IP address (1 host up) scanned in 0.02 seconds" exit="success"/><hosts up="1" do
       │ wn="0" total="1"/>
  16   │ </runstats>
  17   │ </nmaprun>

So yes, I can confirm that with this method you can validate whether a host responds to the ping. However, remember that you need to be root to use ICMP mode, otherwise it will revert to TCP.