[Icescan-cvs] IceScan Makefile.am, 1.13, 1.14 config.h.in, 1.6, 1.7 configure.ac, 1.12, 1.13 icesca
Status: Alpha
Brought to you by:
darkkey
From: Alexander B. <da...@us...> - 2009-04-14 15:43:41
|
Update of /cvsroot/icescan/IceScan In directory 23jxhf1.ch3.sourceforge.com:/tmp/cvs-serv31421 Modified Files: Makefile.am config.h.in configure.ac icescan.1 icescan.html Log Message: Initial libDnet import to repository. Index: icescan.1 =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.1,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** icescan.1 7 Apr 2009 13:39:55 -0000 1.11 --- icescan.1 14 Apr 2009 15:43:35 -0000 1.12 *************** *** 6,9 **** --- 6,11 ---- .nh + .do mso www.tmac + .ad l *************** *** 14,18 **** .B \fBicescan\fR [\fIscan_type\fR] [\fIoptions\fR] <\fItarget\fR> .SH DESCRIPTION ! \fBIceScan\fR is an open source tool (GPL licenced) for network audit and exploraion. You can find that IceScan in some options and features very close to Nmap (\fIhttp://www.insecure.org/nmap/\fR) and that's the true. IceScan was written for educational purposes, but even now have some features, that doesn't exists in other \fIfree\fR network auditing tools, so you may find it useful in process of security auditing your network(s). .PP Either as Nmap, main result provided by IceScan is ports table. It consist of three columns: port number/protocol, port state and service. Port can have different states: open, closed, filtered (filt), open|filtered (o|f) and unfiltered (unfilt). Open port means that there's an application on target, listening for connections/datagrams on this port. Filtered port is a port blocked by firewall. Closed ports have no applications listening on them, but access isn't blocked by firewall. Unfiltered port isn't blocked by firewall and may be opened or closed. And at last, open|filtered port means that port isn't closed and IceScan can't determine which state is has: opened or filtered. The service column provide some information about application that running or can be run on this port. This information may include supposed protocol or application name and version. --- 16,22 ---- .B \fBicescan\fR [\fIscan_type\fR] [\fIoptions\fR] <\fItarget\fR> .SH DESCRIPTION ! \fBIceScan\fR is an open source tool (GPL licenced) for network audit and exploraion. You can find that IceScan in some options and features very close to ! .URL http://www.insecure.org/nmap/ "Nmap" ! and that's the true. IceScan was written for educational purposes, but even now have some features, that doesn't exists in other \fIfree\fR network auditing tools, so you may find it useful in process of security auditing your network(s). .PP Either as Nmap, main result provided by IceScan is ports table. It consist of three columns: port number/protocol, port state and service. Port can have different states: open, closed, filtered (filt), open|filtered (o|f) and unfiltered (unfilt). Open port means that there's an application on target, listening for connections/datagrams on this port. Filtered port is a port blocked by firewall. Closed ports have no applications listening on them, but access isn't blocked by firewall. Unfiltered port isn't blocked by firewall and may be opened or closed. And at last, open|filtered port means that port isn't closed and IceScan can't determine which state is has: opened or filtered. The service column provide some information about application that running or can be run on this port. This information may include supposed protocol or application name and version. *************** *** 22,28 **** IceScan can work in two modes: active (nmap-like mode) and passive. In active mode, it acts as standart port scanner. In passive mode, IceScan do not send any packets, instead of this, it listens for incoming packets and try to create "map" of the network. Two modes can be combined: passive discovery with following active scanning. .PP ! Also see \fIREADME\fR and \fIINSTALL\fR for more on using/installing IceScan and \fINEWS\fR for information about IceScan news. .PP ! You can get the newest version of IceScan from: \fIhttp://sf.net/projects/IceScan\fR, or, from CVS: pserver:ano...@ic...:/cvsroot/icescan, module name is IceScan. .SH OPTIONS SUMMARY --- 26,38 ---- IceScan can work in two modes: active (nmap-like mode) and passive. In active mode, it acts as standart port scanner. In passive mode, IceScan do not send any packets, instead of this, it listens for incoming packets and try to create "map" of the network. Two modes can be combined: passive discovery with following active scanning. .PP ! Also see ! .URL README README ! and ! .URL INSTALL INSTALL ! for more on using/installing IceScan and \fINEWS\fR for information about IceScan news. .PP ! You can download the newest version of IceScan from ! .URL http://sf.net/projects/IceScan "homepage" ! , or, from CVS: pserver:ano...@ic...:/cvsroot/icescan, module name is IceScan. .SH OPTIONS SUMMARY *************** *** 462,466 **** .SH BUGS .PP ! IceScan is still under constant development, so it is possible that you will encounter a bug while using it. Please report bugs to <icescan-devs(at)lists.sourceforge.net>. \%(\fIhttp://lists.sf.net/mailman/listinfo/icescan-devs\fR) .PP Be sure you tell us: --- 472,478 ---- .SH BUGS .PP ! IceScan is still under constant development, so it is possible that you will encounter a bug while using it. Please report bugs to <icescan-devs(at)lists.sourceforge.net>. \%( ! .URL "subscribe" http://lists.sf.net/mailman/listinfo/icescan-devs ! ) .PP Be sure you tell us: *************** *** 498,522 **** Also, big work for bringing IceScan to life was done by Konstantin Karpov[\fIQ_\fR] <q_(at)peterstar.ru> ! See \fIAUTHORS\fR for more details and names of people who made contributions to IceScan or whos code/algorithms/etc implemented in IceScan. .SH REFERENCES ! .TP 4 ! 1.\ Libpcap portable packet capture library ! \%http://www.tcpdump.org ! .TP 4 ! 2.\ WinPcap library ! \%http://www.winpcap.org ! .TP 4 ! 3.\ PCRE library ! \%http://www.pcre.org ! .TP 4 ! 4.\ Libdnet ! \%http://libdnet.sourceforge.net ! .TP 4 ! 5.\ arp-scan ! \%http://www.nta-monitor.com/tools/arp-scan/ ! .TP 4 ! 6.\ p0f ! \%http://lcamtuf.coredump.cx/p0f.shtml --- 510,546 ---- Also, big work for bringing IceScan to life was done by Konstantin Karpov[\fIQ_\fR] <q_(at)peterstar.ru> ! See ! .URL AUTHORS AUTHORS ! for more details and names of people who made contributions to IceScan or whos code/algorithms/etc implemented in IceScan. ! ! ! .SH MAILING LISTS ! <icescan-cvs(at)lists.sourceforge.net> -- IceScan CVS History. Here you can see latest CVS patches and monitor development process of IceScan. ! .PP ! <icescan-devs(at)lists.sourceforge.net> -- IceScan Developers and Users list. Write here, if you want to propose a patch, report about wanted feature, or simply ask developers about IceScan work. Also, send bugs here, if you find any. ! .PP ! You can subscribe at ! .URL http://sourceforge.net/mail/?group_id=185109 "mailing lists page". ! .SH REFERENCES ! .PP ! 1. ! .URL http://www.tcpdump.org "Libpcap portable packet capture library" ! .PP ! 2. ! .URL http://www.winpcap.org "WinPcap library" ! .PP ! 3. ! .URL http://www.pcre.org "PCRE library" ! .PP ! 4. ! .URL http://libdnet.sourceforge.net "Libdnet" ! .PP ! 5. ! .URL http://www.nta-monitor.com/tools/arp-scan/ "arp-scan" ! .PP ! 6. ! .URL http://lcamtuf.coredump.cx/p0f.shtml "p0f" *************** *** 531,533 **** You should use this software only for LEGAL purposes. .PP ! See \fICOPYING\fR for more details. --- 555,559 ---- You should use this software only for LEGAL purposes. .PP ! See ! .URL COPYING COPYING ! for more details. Index: configure.ac =================================================================== RCS file: /cvsroot/icescan/IceScan/configure.ac,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** configure.ac 7 Apr 2009 13:39:55 -0000 1.12 --- configure.ac 14 Apr 2009 15:43:35 -0000 1.13 *************** *** 26,31 **** AC_PROG_CC ! CXXFLAGS = "$CXXFLAGS" ! LDFLAGS = "$LDFLAGS" case "$host" in --- 26,32 ---- AC_PROG_CC ! ! #CXXFLAGS = "$CXXFLAGS" ! #LDFLAGS = "$LDFLAGS" case "$host" in *************** *** 90,94 **** # Checks for libraries. ! AC_CHECK_LIB([dnet], [arp_open]) AC_CHECK_LIB([pcap], [main]) AC_CHECK_LIB([pcre], [main]) --- 91,111 ---- # Checks for libraries. ! LIBDNETDIR=dnet-exported ! AC_CONFIG_SUBDIRS( dnet-exported ) ! CPPFLAGS="-I$LIBDNETDIR/include $CPPFLAGS" ! LIBDNET_LIBS="$LIBDNETDIR/src/.libs/libdnet.a" ! DNET_DEPENDS="$LIBDNETDIR/src/.libs/libdnet.a" ! # LDFLAGS="$LDFLAGS $LIBDNET_LIBS" ! DNET_BUILD="dnet_build" ! DNET_CLEAN="dnet_clean" ! DNET_DIST_CLEAN="dnet_dist_clean" ! AC_SUBST(LIBDNET_LIBS) ! AC_SUBST(LIBDNETDIR) ! AC_SUBST(DNET_DEPENDS) ! AC_SUBST(DNET_BUILD) ! AC_SUBST(DNET_CLEAN) ! AC_SUBST(DNET_DIST_CLEAN) ! ! #AC_CHECK_LIB([dnet], [arp_open]) AC_CHECK_LIB([pcap], [main]) AC_CHECK_LIB([pcre], [main]) Index: icescan.html =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** icescan.html 7 Apr 2009 13:39:55 -0000 1.2 --- icescan.html 14 Apr 2009 15:43:35 -0000 1.3 *************** *** 13,27 **** <a href="#OS DETECTION:">OS DETECTION:</a><br> <a href="#INTERFACES">INTERFACES</a><br> ! <a href="#FW/EVASION AND SPOOFING OPTIONS">FW/EVASION AND SPOOFING OPTIONS</a><br> <a href="#OTHER OPTIONS">OTHER OPTIONS</a><br> <a href="#EXAMPLES">EXAMPLES</a><br> <a href="#BUGS">BUGS</a><br> <a href="#AUTHOR">AUTHOR</a><br> <a href="#REFERENCES">REFERENCES</a><br> <a href="#LICENSE">LICENSE</a><br> <!-- Creator : groff version 1.15 --> ! <!-- CreationDate: Sun Apr 5 18:39:12 2009 --> ! <!-- Total number of pages: 6 --> <!-- Page: 1 --> <!-- left margin: 100 --> --- 13,30 ---- <a href="#OS DETECTION:">OS DETECTION:</a><br> <a href="#INTERFACES">INTERFACES</a><br> ! <a href="#SCRIPTING && IDS">SCRIPTING && IDS</a><br> ! <a href="#FW/IDS EVASION AND SPOOFING OPTIONS">FW/IDS EVASION AND SPOOFING OPTIONS</a><br> ! <a href="#OUTPUT">OUTPUT</a><br> <a href="#OTHER OPTIONS">OTHER OPTIONS</a><br> <a href="#EXAMPLES">EXAMPLES</a><br> <a href="#BUGS">BUGS</a><br> <a href="#AUTHOR">AUTHOR</a><br> + <a href="#MAILING LISTS">MAILING LISTS</a><br> <a href="#REFERENCES">REFERENCES</a><br> <a href="#LICENSE">LICENSE</a><br> <!-- Creator : groff version 1.15 --> ! <!-- CreationDate: Fri Apr 10 23:50:38 2009 --> ! <!-- Total number of pages: 8 --> <!-- Page: 1 --> <!-- left margin: 100 --> *************** *** 30,50 **** <a name="SYNOPSIS"></a><h2>SYNOPSIS</h2><p><font size=3><B>icescan</B> <font size=3>[<font size=3><I>scan_type</I><font size=3>] [<font size=3><I>options</I><font size=3>] <<font size=3><I>target</I><font size=3>></p> <a name="DESCRIPTION"></a><h2>DESCRIPTION</h2><p><font size=3><B>IceScan</B> <font size=3>is an open source tool (GPL licenced) for network audit and exploraion. You can find that IceScan in<br> ! some options and features very close to Nmap (<font size=3><I>http://www.insecure.org/nmap/</I><font size=3>) and that's the true. IceScan was<br> ! written for educational purposes, but even now have some features, that doesn't exists in other <font size=3><I>free</I> <font size=3>network<br> ! auditing tools, so you may find it useful in process of security auditing your network(s).</p> <p><font size=3>Either as Nmap, main result provided by IceScan is ports table. It consist of three columns: port number/protocol, port state and service. Port can have different states: open, closed, filtered (filt), open|filtered (o|f) and unfiltered</p> <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="99.0698%"> <p><font size=3>(unfilt). Open port means that there's an application on target, listening for connections/datagrams on this port.<br> Filtered port is a port blocked by firewall. Closed ports have no applications listening on them, but access isn't<br> blocked by firewall. Unfiltered port isn't blocked by firewall and may be opened or closed. And at last,<br> ! open|filtered port means that port isn't closed and IceScan can't determine which state is has: opened or filtered. The service column provide some information about application that running or can be run on this port. This<br> information may include supposed protocol or application name and version.</p> <p><font size=3>The other type of results may include discovery(reverse DNS lookups, MACs timestamps, etc), fingerprinting<br> (OS version, device type and etc) information and also some vulnerability testings.</p> ! <p><font size=3>Also see <font size=3><I>README</I> <font size=3>and <font size=3><I>INSTALL</I> <font size=3>for more on using/installing IceScan and <font size=3><I>NEWS</I> <font size=3>for information about IceScan news.</p> ! <p><font size=3>You can get the newest version of IceScan from: <font size=3><I>http://sf.net/projects/IceScan</I><font size=3>, or, from CVS:<br> pserver:ano...@ic...:/cvsroot/icescan, module name is IceScan.</p> </td> --- 33,57 ---- <a name="SYNOPSIS"></a><h2>SYNOPSIS</h2><p><font size=3><B>icescan</B> <font size=3>[<font size=3><I>scan_type</I><font size=3>] [<font size=3><I>options</I><font size=3>] <<font size=3><I>target</I><font size=3>></p> <a name="DESCRIPTION"></a><h2>DESCRIPTION</h2><p><font size=3><B>IceScan</B> <font size=3>is an open source tool (GPL licenced) for network audit and exploraion. You can find that IceScan in<br> ! some options and features very close to and that's the true. IceScan was written for educational purposes, but<br> ! even now have some features, that doesn't exists in other <font size=3><I>free</I> <font size=3>network auditing tools, so you may find it useful in<br> ! process of security auditing your network(s).</p> <p><font size=3>Either as Nmap, main result provided by IceScan is ports table. It consist of three columns: port number/protocol, port state and service. Port can have different states: open, closed, filtered (filt), open|filtered (o|f) and unfiltered</p> <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="99.8450%"> <p><font size=3>(unfilt). Open port means that there's an application on target, listening for connections/datagrams on this port.<br> Filtered port is a port blocked by firewall. Closed ports have no applications listening on them, but access isn't<br> blocked by firewall. Unfiltered port isn't blocked by firewall and may be opened or closed. And at last,<br> ! open|filtered port means that port isn't closed and IceScan can't determine which state is has: opened or filtered.<br> ! The service column provide some information about application that running or can be run on this port. This<br> information may include supposed protocol or application name and version.</p> <p><font size=3>The other type of results may include discovery(reverse DNS lookups, MACs timestamps, etc), fingerprinting<br> (OS version, device type and etc) information and also some vulnerability testings.</p> ! <p><font size=3>IceScan can work in two modes: active (nmap-like mode) and passive. In active mode, it acts as standart port<br> ! scanner. In passive mode, IceScan do not send any packets, instead of this, it listens for incoming packets and try<br> ! to create "map" of the network. Two modes can be combined: passive discovery with following active scanning.</p> ! <p><font size=3>Also see and for more on using/installing IceScan and <font size=3><I>NEWS</I> <font size=3>for information about IceScan news.</p> ! <p><font size=3>You can get the newest version of IceScan from , or, from CVS:<br> pserver:ano...@ic...:/cvsroot/icescan, module name is IceScan.</p> </td> *************** *** 76,79 **** --- 83,87 ---- <span style=" text-indent: 0.2400in;"></span>-PP [seconds]: passive discovery; capture packets for [seconds]<br> <span style=" text-indent: 0.2400in;"></span>-n: disable reverse-dns lookups<br> + <span style=" text-indent: 0.2400in;"></span>--use-first-resolve: use only 1st IP in DNS resolving of target<br> <span style=" text-indent: 0.2400in;"></span>--dns-servers <dns1[,dns2],...>: specify custom DNS servers<br> <span style=" text-indent: 0.2400in;"></span>--system-dns: use standart(OS) DNS resolver<br> *************** *** 87,94 **** <span style=" text-indent: 0.2400in;"></span>-SU: udp scan<br> <span style=" text-indent: 0.2400in;"></span>-S0: no scan<br> ! <span style=" text-indent: 0.2400in;"></span>-SL: list scan<br> ! <span style=" text-indent: 0.2400in;"></span>--scanflags <flags>: Customize TCP scan flags (SF/SX/SN scans)<br> ! <span style=" text-indent: 0.2400in;"></span>--data-length <len>: Append random data to sent packets<br> ! <span style=" text-indent: 0.2400in;"></span>-p <port range>: specify port range to scan (default 1-1024), example: 1-10,12-14</p> </td> <td valign="top" align="left" width="28.8372%"> --- 95,99 ---- <span style=" text-indent: 0.2400in;"></span>-SU: udp scan<br> <span style=" text-indent: 0.2400in;"></span>-S0: no scan<br> ! <span style=" text-indent: 0.2400in;"></span>-SL: list scan</p> </td> <td valign="top" align="left" width="28.8372%"> *************** *** 106,114 **** </td> <td valign="top" align="left" width="83.7963%"> ! <p><font size=3>OS DETECTION:<br> <span style=" text-indent: 0.2400in;"></span>-O: passive os fingerprinting (works with -SS and -SP)<br> INTERFACES:<br> <span style=" text-indent: 0.2400in;"></span>--list-interfaces: list all interfaces<br> <span style=" text-indent: 0.2400in;"></span>-e <iface-number>: use interface <iface-number> for pcap/source iface<br> <span style=" text-indent: 0.2400in;"></span>--send-eth: use channel(2) level to send raw packets<br> <span style=" text-indent: 0.2400in;"></span>--send-ip: use network(3) level to send raw packets<br> --- 111,123 ---- </td> <td valign="top" align="left" width="83.7963%"> ! <p><font size=3><span style=" text-indent: 0.2400in;"></span>--scanflags <flags>: Customize TCP scan flags (SF/SX/SN scans)<br> ! <span style=" text-indent: 0.2400in;"></span>--data-length <len>: Append random data to sent packets<br> ! <span style=" text-indent: 0.2400in;"></span>-p <port range>: specify port range to scan (default 1-1024), example: 1-10,12-14<br> ! OS DETECTION:<br> <span style=" text-indent: 0.2400in;"></span>-O: passive os fingerprinting (works with -SS and -SP)<br> INTERFACES:<br> <span style=" text-indent: 0.2400in;"></span>--list-interfaces: list all interfaces<br> <span style=" text-indent: 0.2400in;"></span>-e <iface-number>: use interface <iface-number> for pcap/source iface<br> + <span style=" text-indent: 0.2400in;"></span>--pcap-filter "expression": use pcap filter<br> <span style=" text-indent: 0.2400in;"></span>--send-eth: use channel(2) level to send raw packets<br> <span style=" text-indent: 0.2400in;"></span>--send-ip: use network(3) level to send raw packets<br> *************** *** 134,137 **** --- 143,147 ---- <span style=" text-indent: 0.2400in;"></span>-oI/oG <filename>: Output scan in normal/grepable format to given file<br> <span style=" text-indent: 0.2400in;"></span>-oA <base_filename>: Output in all formats at once<br> + <span style=" text-indent: 0.2400in;"></span>-w <filename>: dump all recieved packets to file<br> <span style=" text-indent: 0.2400in;"></span>--packet-trace: print all packets that sent and received<br> <span style=" text-indent: 0.2400in;"></span>--open: show only open (or possibly open) port(s)<br> *************** *** 139,143 **** <span style=" text-indent: 0.2400in;"></span>-v[v[v[v]]]]: verbose levels<br> OTHER:<br> - <span style=" text-indent: 0.2400in;"></span>--use-first-resolve: use only 1st IP in DNS resolving of target<br> <span style=" text-indent: 0.2400in;"></span>--uid0: assume that the current user is fully privileged<br> <span style=" text-indent: 0.2400in;"></span>--uid1: assume that the current user isn't fully privileged<br> --- 149,152 ---- *************** *** 156,167 **** identified using a syntax similar to that of IPv4 addresses: a four-part dotted-decimal address, followed by a slash,<br> then a number from 0 to 32: A.B.C.D/N. The dotted decimal portion is interpreted, like an IPv4 address, as a<br> ! 32-bit binary number that has been broken into four 8-bit bytes. The number following the slash is the prefix length, the number of shared initial bits, counting from the left-hand side of the address. Example: giving IceScan<br> ! 192.168.0.0/24 will force scan of IPs 192.168.0.0 - 192.168.0.255 (including network and broadcast addresses).</p> <p><font size=3>Multiple targets also can be defined in one line, separated with spaces. You can mix CIDR blocks, IPs or domain<br> names. For example: icescan -n -P0 -SF 127.0.0.1 192.168.0.0/24 scanme.nmap.org</p> ! <a name="HOST DISCOVERY OPTIONS"></a><h2>HOST DISCOVERY OPTIONS</h2><p><font size=3>Before you can scan the target machine, you should check is it really up. If you don't know this, you can<br> ! incorrectly interpret port scanning results. Also, host discovery can provide you some additional information on<br> ! target, such as MACs, timestamps and etc.</p> ! <p><font size=3>Note: -P* options can be combined. By default -PE (root-mode) or -PA (non-root mode) are on.<br> </p> --- 165,183 ---- identified using a syntax similar to that of IPv4 addresses: a four-part dotted-decimal address, followed by a slash,<br> then a number from 0 to 32: A.B.C.D/N. The dotted decimal portion is interpreted, like an IPv4 address, as a<br> ! 32-bit binary number that has been broken into four 8-bit bytes. The number following the slash is the prefix length, the number of shared initial bits, counting from the left-hand side of the address. Example: giving IceScan</p> ! ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="98.4568%"> ! <p><font size=3>192.168.0.0/24 will force scan of IPs 192.168.0.0 - 192.168.0.255 (including network and broadcast addresses).</p> <p><font size=3>Multiple targets also can be defined in one line, separated with spaces. You can mix CIDR blocks, IPs or domain<br> names. For example: icescan -n -P0 -SF 127.0.0.1 192.168.0.0/24 scanme.nmap.org</p> ! <p><font size=3><B>-iL</B> <font size=3><filename> | - (stdin) (input targets from file|stdin)</p> ! </td> ! <td valign="top" align="left" width="1.5432%"> ! </td> ! </tr> ! </table> ! <p><font size=3>Target(s) will be read from specified file or stdin, instead of command line arguments...<br> </p> *************** *** 169,174 **** <!-- left margin: 100 --> <!-- right margin: 747 --> ! <p><font size=3><B>-P0</B> <font size=3>(no ping)<br> ! <span style=" text-indent: 0.2400in;"></span>This options tells IceScan skip host discovery process and set target(s) to be up.</p> <p><font size=3><B>-PA/-PF/-PS</B> <font size=3>[portlist] (ACK or connect()/FIN/SYN ping)</p> --- 185,217 ---- <!-- left margin: 100 --> <!-- right margin: 747 --> ! ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="96.7542%"> ! <p><font size=3><B>--exclude</B> <font size=3><host1[,host2][,host3],...> (exclude hosts/nets)<br> ! <span style=" text-indent: 0.2400in;"></span>Specified domain names, hosts and networks will be excluded from target(s) list. Note: NO RESOLVING<br> ! <span style=" text-indent: 0.2400in;"></span>from domain names here.</p> ! <p><font size=3><B>--excludefile</B> <font size=3><filename>| - (stdin) (exclude list from file|stdin)</p> ! </td> ! <td valign="top" align="left" width="3.2457%"> ! </td> ! </tr> ! </table> ! <p><font size=3>Same as previous option, but exludes list will be read from specified file or stdin.</p> ! <a name="HOST DISCOVERY OPTIONS"></a><h2>HOST DISCOVERY OPTIONS</h2> ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="97.8362%"> ! <p><font size=3>Before you can scan the target machine, you should check is it really up. If you don't know this, you can<br> ! incorrectly interpret port scanning results. Also, host discovery can provide you some additional information on<br> ! target, such as MACs, timestamps and etc.</p> ! <p><font size=3>Note: -P* options can be combined. By default -PE (root-mode) or -PA (non-root mode) are on.</p> ! <p><font size=3><B>-P0</B> <font size=3>(no ping)</p> ! </td> ! <td valign="top" align="left" width="2.1638%"> ! </td> ! </tr> ! </table> ! <p><font size=3>This options tells IceScan skip host discovery process and set target(s) to be up.</p> <p><font size=3><B>-PA/-PF/-PS</B> <font size=3>[portlist] (ACK or connect()/FIN/SYN ping)</p> *************** *** 236,272 **** <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="96.4451%"> ! <p><font size=3><B>--dns-servers</B> <font size=3><dns1[,dns2],...> (specify dns servers)<br> ! <span style=" text-indent: 0.2400in;"></span>By default, IceScan tries to resolve all domain names using DNS servers, that specified in system settings<br> ! <span style=" text-indent: 0.2400in;"></span>(e.g. /etc/resolv.conf or registry). Here, you can define custom dns servers, that will be used instead.</p> ! <p><font size=3><B>--system-dns</B> <font size=3>(use standart(OS) DNS resolver)</p> </td> ! <td valign="top" align="left" width="3.5549%"> </td> </tr> </table> ! <p><font size=3>Use gethostbyname() and etc resolver (also known as system resolver) instead of internal IceScan resolve<br> <span style=" text-indent: 0.2400in;"></span>system.</p> <a name="SCAN OPTIONS"></a><h2>SCAN OPTIONS</h2><p><font size=3>The defailt post scanning methods are connect() in non-superuser mode and tcp SYN in superuser mode.</p> ! <p><font size=3><B>-ST</B> <font size=3>(tcp connect())</p> ! ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="98.6090%"> ! <p><font size=3><span style=" text-indent: 0.2400in;"></span>The simplest scan engine, that use standart BSD sockets API function connect(). IceScan tries to connect()<br> <span style=" text-indent: 0.2400in;"></span>to specified port(s) and use getsockopt() function to detect its status. This is not a very good choice for<br> <span style=" text-indent: 0.2400in;"></span>stealthy scan. Moreover, this scan type is easily detected with firewall and IDS software. But this is the only<br> ! <span style=" text-indent: 0.2400in;"></span>scan method in non-superuser mode.</p> ! <p><font size=3><B>-SS</B> <font size=3>(tcp SYN scan)</p> ! </td> ! <td valign="top" align="left" width="1.3910%"> ! </td> ! </tr> ! </table> <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> <td valign="top" align="left" width="99.8454%"> ! <p><font size=3><span style=" text-indent: 0.2400in;"></span>The most-known and most-efficient scan method. It's stealthy, fast and almost reliable. We send tcp-SYN<br> <span style=" text-indent: 0.2400in;"></span>segment to target port, and, if we get RST answer, the port seems to be closed; if we recieve tcp SYN/ACK<br> <span style=" text-indent: 0.2400in;"></span>segment, the port is open, we should send RST packet to close connection. If we get no reply at all, the port is<br> --- 279,314 ---- <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="93.6631%"> ! <p><font size=3><B>--use-first-resolve</B> <font size=3>(use only 1st IP in DNS resolving of target)<br> ! <span style=" text-indent: 0.2400in;"></span>When IceScan given a domain name that resolves in multiple IPs, only the first IP will be processed for<br> ! <span style=" text-indent: 0.2400in;"></span>discovering/scanning.</p> ! <p><font size=3><B>--dns-servers</B> <font size=3><dns1[,dns2],...> (specify dns servers)</p> </td> ! <td valign="top" align="left" width="6.3369%"> </td> </tr> </table> ! <p><font size=3>By default, IceScan tries to resolve all domain names using DNS servers, that specified in system settings<br> ! <span style=" text-indent: 0.2400in;"></span>(e.g. /etc/resolv.conf or registry). Here, you can define custom dns servers, that will be used instead.</p> ! <p><font size=3><B>--system-dns</B> <font size=3>(use standart(OS) DNS resolver)<br> ! <span style=" text-indent: 0.2400in;"></span>Use gethostbyname() and etc resolver (also known as system resolver) instead of internal IceScan resolve<br> <span style=" text-indent: 0.2400in;"></span>system.</p> <a name="SCAN OPTIONS"></a><h2>SCAN OPTIONS</h2><p><font size=3>The defailt post scanning methods are connect() in non-superuser mode and tcp SYN in superuser mode.</p> ! <p><font size=3><B>-ST</B> <font size=3>(tcp connect())<br> ! <span style=" text-indent: 0.2400in;"></span>The simplest scan engine, that use standart BSD sockets API function connect(). IceScan tries to connect()<br> <span style=" text-indent: 0.2400in;"></span>to specified port(s) and use getsockopt() function to detect its status. This is not a very good choice for<br> <span style=" text-indent: 0.2400in;"></span>stealthy scan. Moreover, this scan type is easily detected with firewall and IDS software. But this is the only<br> ! <span style=" text-indent: 0.2400in;"></span>scan method in non-superuser mode.<br> ! </p> ! ! <!-- Page: 4 --> ! <!-- left margin: 100 --> ! <!-- right margin: 747 --> <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> <td valign="top" align="left" width="99.8454%"> ! <p><font size=3><B>-SS</B> <font size=3>(tcp SYN scan)<br> ! <span style=" text-indent: 0.2400in;"></span>The most-known and most-efficient scan method. It's stealthy, fast and almost reliable. We send tcp-SYN<br> <span style=" text-indent: 0.2400in;"></span>segment to target port, and, if we get RST answer, the port seems to be closed; if we recieve tcp SYN/ACK<br> <span style=" text-indent: 0.2400in;"></span>segment, the port is open, we should send RST packet to close connection. If we get no reply at all, the port is<br> *************** *** 308,345 **** </tr> </table> - <p><font size=3><B>-SI</B> <font size=3>(IP Protocol scan)<br> - <span style=" text-indent: 0.2400in;"></span>IP protocol scan can determine what protocol types (TCP, ICMP, IGMP, etc.) supported by target host. It<br> - <span style=" text-indent: 0.2400in;"></span>use raw IP packets and ICMP messages to check it.<br> - </p> - - <!-- Page: 4 --> - <!-- left margin: 100 --> - <!-- right margin: 747 --> <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="99.0726%"> ! <p><font size=3><B>-SN/SF/SX/SM</B> <font size=3>(stealth tcp Null/FIN/XMAS/Mainmon scan)<br> ! <span style=" text-indent: 0.2400in;"></span>Rare variations of TCP scan. With this scan types, we send tcp segment with<br> ! <span style=" text-indent: 0.2400in;"></span>none/FIN/FIN+PSH+URG/FIN+ACK flags set. If we recieved an RST packet, we set port status to closed,<br> ! <span style=" text-indent: 0.2400in;"></span>else we think that it's open|filtered port.</p> ! <p><font size=3><B>-SP</B> <font size=3>[seconds] (passive scan)</p> </td> ! <td valign="top" align="left" width="1.0000%"> </td> </tr> </table> ! <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="99.3818%"> ! <p><font size=3><span style=" text-indent: 0.2400in;"></span>In passive scan we capture packets for a given interval or until Ctrl-C is hit. Network traffic can be recieved<br> ! <span style=" text-indent: 0.2400in;"></span>from interface (<font size=3><B>-e</B> <font size=3>option) or from dumpfile (<font size=3><B>--input-dumpfile</B> <font size=3>option). Target argument(s) act like filter in this<br> ! <span style=" text-indent: 0.2400in;"></span>scan type: every packet that doesn't fit target specification will be ignored). But you set target to 0.0.0.0/0 to<br> ! <span style=" text-indent: 0.2400in;"></span>explore all hosts mentioned in network traffic data. When tcp SYN+ACK/RST packet is recived by IceScan,<br> ! <span style=" text-indent: 0.2400in;"></span>it detemines, that source port on source target is open/closed. This scan type also can be used in combination<br> ! <span style=" text-indent: 0.2400in;"></span>with passive OS (<font size=3><B>-O</B><font size=3>) fingerprinting option to detect target's OS. Also, with passive scan you can gain<br> ! <span style=" text-indent: 0.2400in;"></span>information about MAC addresses, MTUs and timestamps.</p> ! <p><font size=3><B>-SU</B> <font size=3>(udp scan)</p> </td> <td valign="top" align="left" width="1.0000%"> --- 350,396 ---- </tr> </table> <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="97.5270%"> ! <p><font size=3><B>-SI</B> <font size=3>(IP Protocol scan)<br> ! <span style=" text-indent: 0.2400in;"></span>IP protocol scan can determine what protocol types (TCP, ICMP, IGMP, etc.) supported by target host. It<br> ! <span style=" text-indent: 0.2400in;"></span>use raw IP packets and ICMP messages to check it.</p> ! <p><font size=3><B>-SN/SF/SX/SM</B> <font size=3>(stealth tcp Null/FIN/XMAS/Mainmon scan)</p> </td> ! <td valign="top" align="left" width="2.4730%"> </td> </tr> </table> ! <table width="100%" rules="none" frame="none" cols="4"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="3.2457%"> ! </td> ! <td valign="top" align="left" width="1.0000%"> ! </td> ! <td valign="top" align="left" width="95.6723%"> ! <p><font size=3>Rare variations of TCP scan. With this scan types, we send tcp segment with<br> ! none/FIN/FIN+PSH+URG/FIN+ACK flags set. If we recieved an RST packet, we set port status to closed,<br> ! else we think that it's open|filtered port.</p> ! </td> ! <td valign="top" align="left" width="1.0000%"> ! </td> ! </tr> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="3.2457%"> ! <p><font size=3><B>-SP</p> ! </B></td> ! <td valign="top" align="left" width="1.0000%"> ! </td> ! <td valign="top" align="left" width="95.6723%"> ! <p><font size=3>[seconds] (passive scan)<br> ! In passive scan we capture packets for a given interval or until Ctrl-C is hit. Network traffic can be recieved<br> ! from interface (<font size=3><B>-e</B> <font size=3>option) or from dumpfile (<font size=3><B>--input-dumpfile</B> <font size=3>option). Target argument(s) act like filter in this<br> ! scan type: every packet that doesn't fit target specification will be ignored). But you set target to 0.0.0.0/0 to<br> ! explore all hosts mentioned in network traffic data. When tcp SYN+ACK/RST packet is recived by IceScan,<br> ! it detemines, that source port on source target is open/closed. This scan type also can be used in combination<br> ! with passive OS (<font size=3><B>-O</B><font size=3>) fingerprinting option to detect target's OS. Also, with passive scan you can gain<br> ! information about MAC addresses, MTUs and timestamps.</p> </td> <td valign="top" align="left" width="1.0000%"> *************** *** 347,350 **** --- 398,402 ---- </tr> </table> + <p><font size=3><B>-SU</B> <font size=3>(udp scan)</p> <table width="100%" rules="none" frame="none" cols="2"> *************** *** 418,428 **** # tcp syn signatures<br> [tcpsynack]<br> ! # tcp syn+ack signatures<br> ! [tcprst]<br> # tcp rst signatures<br> For more information of signatures format, see <font size=3><I>passiveos-fp</I> <font size=3>file.</p> <p><font size=3><B>-O</B> <font size=3>(passive os fingerprinting)</p> </td> ! <td valign="top" align="left" width="1.0000%"> </td> </tr> --- 470,493 ---- # tcp syn signatures<br> [tcpsynack]<br> ! # tcp syn+ack signatures</p> ! </td> ! <td valign="top" align="left" width="1.0000%"> ! </td> ! </tr> ! </table> ! <br> ! <!-- Page: 5 --> ! <!-- left margin: 100 --> ! <!-- right margin: 744 --> ! ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="56.6770%"> ! <p><font size=3>[tcprst]<br> # tcp rst signatures<br> For more information of signatures format, see <font size=3><I>passiveos-fp</I> <font size=3>file.</p> <p><font size=3><B>-O</B> <font size=3>(passive os fingerprinting)</p> </td> ! <td valign="top" align="left" width="43.3230%"> </td> </tr> *************** *** 431,446 **** <span style=" text-indent: 0.2400in;"></span>signature if can't detect OS type. In such case, if you know target OS type and version, please send following<br> <span style=" text-indent: 0.2400in;"></span>output and full description of scanned device to ice...@li....</p> ! <a name="INTERFACES"></a><h2>INTERFACES</h2><p><font size=3>With options of this section you can define way how packets will be delivered to network by IceScan and the way<br> ! how they will be captured from there.</p> <p><font size=3><B>--list-interfaces</B> <font size=3>(list all interfaces)<br> <span style=" text-indent: 0.2400in;"></span>Simply lists all network interfaces (with their numbers) that are available for packet sending/recieving.</p> <p><font size=3><B>-e</B> <font size=3><iface-number> (use specific interface for capture/send)<br> <span style=" text-indent: 0.2400in;"></span>If this option used, the IceScan will listen and send packets from selected interface (interfaces numbers can<br> ! </p> ! ! <!-- Page: 5 --> ! <!-- left margin: 100 --> ! <!-- right margin: 746 --> ! <p><span style=" text-indent: 0.2400in;"></span><font size=3>be printed with <font size=3><B>--list-interfaces</B> <font size=3>option). All other interfaces and interface auto-detection will be disabled.</p> <p><font size=3><B>--send-eth</B> <font size=3>(use channel(2) level to send raw packets)<br> <span style=" text-indent: 0.2400in;"></span>IceScan will use pcap mechanism for injecting packets into network. This is default in almost cases.</p> --- 496,517 ---- <span style=" text-indent: 0.2400in;"></span>signature if can't detect OS type. In such case, if you know target OS type and version, please send following<br> <span style=" text-indent: 0.2400in;"></span>output and full description of scanned device to ice...@li....</p> ! <a name="INTERFACES"></a><h2>INTERFACES</h2><p><font size=3>With options of this section you can define way how packets will be delivered to network by IceScan and the way how they will be captured from there.</p> <p><font size=3><B>--list-interfaces</B> <font size=3>(list all interfaces)<br> <span style=" text-indent: 0.2400in;"></span>Simply lists all network interfaces (with their numbers) that are available for packet sending/recieving.</p> + + <table width="100%" rules="none" frame="none" cols="2"> + <tr valign="top" align="left"> + <td valign="top" align="left" width="98.6025%"> <p><font size=3><B>-e</B> <font size=3><iface-number> (use specific interface for capture/send)<br> <span style=" text-indent: 0.2400in;"></span>If this option used, the IceScan will listen and send packets from selected interface (interfaces numbers can<br> ! <span style=" text-indent: 0.2400in;"></span>be printed with <font size=3><B>--list-interfaces</B> <font size=3>option). All other interfaces and interface auto-detection will be disabled.</p> ! <p><font size=3><B>--pcap-filter</B> <font size=3><"expression"> (use pcap filter)</p> ! </td> ! <td valign="top" align="left" width="1.3975%"> ! </td> ! </tr> ! </table> ! <p><font size=3>If this option set, all incoming packets will be filtered with pcap filter "expression". For more information on<br> ! <span style=" text-indent: 0.2400in;"></span>pcap filters, check TCPDUMP ( http://www.tcpdump.org ) homepage.</p> <p><font size=3><B>--send-eth</B> <font size=3>(use channel(2) level to send raw packets)<br> <span style=" text-indent: 0.2400in;"></span>IceScan will use pcap mechanism for injecting packets into network. This is default in almost cases.</p> *************** *** 448,452 **** <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="98.1424%"> <p><font size=3><B>--send-ip</B> <font size=3>(use network(3) level to send raw packets)<br> <span style=" text-indent: 0.2400in;"></span>IceScan will use rawsockets mechanism for injecting packets into network. Note: this won't work on some<br> --- 519,523 ---- <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="98.4472%"> <p><font size=3><B>--send-ip</B> <font size=3>(use network(3) level to send raw packets)<br> <span style=" text-indent: 0.2400in;"></span>IceScan will use rawsockets mechanism for injecting packets into network. Note: this won't work on some<br> *************** *** 454,458 **** <p><font size=3><B>--promisc</B> <font size=3>(put interface(s) in promiscuous mode)</p> </td> ! <td valign="top" align="left" width="1.8576%"> </td> </tr> --- 525,529 ---- <p><font size=3><B>--promisc</B> <font size=3>(put interface(s) in promiscuous mode)</p> </td> ! <td valign="top" align="left" width="1.5528%"> </td> </tr> *************** *** 462,466 **** <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="98.9164%"> <p><font size=3><span style=" text-indent: 0.2400in;"></span>useless for active scan mode.</p> <p><font size=3><B>--input-dumpfile</B> <font size=3><dumpfile> (input tcpdump file for passive scan/ping)<br> --- 533,537 ---- <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="99.2236%"> <p><font size=3><span style=" text-indent: 0.2400in;"></span>useless for active scan mode.</p> <p><font size=3><B>--input-dumpfile</B> <font size=3><dumpfile> (input tcpdump file for passive scan/ping)<br> *************** *** 468,485 **** <span style=" text-indent: 0.2400in;"></span>used).</p> </td> ! <td valign="top" align="left" width="1.0836%"> </td> </tr> </table> ! <a name="FW/EVASION AND SPOOFING OPTIONS"></a><h2>FW/EVASION AND SPOOFING OPTIONS</h2><a name="OTHER OPTIONS"></a><h2>OTHER OPTIONS</h2><a name="EXAMPLES"></a><h2>EXAMPLES</h2><a name="BUGS"></a><h2>BUGS</h2> <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="97.0588%"> <p><font size=3>IceScan is still under constant development, so it is possible that you will encounter a bug while using it. Please<br> ! report bugs to <icescan-bugs(at)lists.sourceforge.net>. (<font size=3><I>http://lists.sf.net/mailman/listinfo/icescan-bugs</I><font size=3>)</p> <p><font size=3>Be sure you tell us:</p> <p><font size=3>1) Operating System and version (the command 'uname -sr' may tell you this, although on</p> </td> ! <td valign="top" align="left" width="2.9412%"> </td> </tr> --- 539,750 ---- <span style=" text-indent: 0.2400in;"></span>used).</p> </td> ! <td valign="top" align="left" width="1.0000%"> </td> </tr> </table> ! <a name="SCRIPTING && IDS"></a><h2>SCRIPTING && IDS</h2><p><font size=3>IceScan has small scripting features, based on LUA. Currently, scripting engine in early development stages and<br> ! highly experimental.</p> ! <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="95.3416%"> ! <p><font size=3><B>-SC</B> <font size=3>(script scan)<br> ! <span style=" text-indent: 0.2400in;"></span>IceScan will try to execute script, passed with <font size=3><B>--script</B> <font size=3>option after open port is discovered and port type<br> ! <span style=" text-indent: 0.2400in;"></span>satisfy script conditions.</p> ! <p><font size=3><B>--script</B> <font size=3><script filename> (script name to run)</p> ! </td> ! <td valign="top" align="left" width="4.6584%"> ! </td> ! </tr> ! </table> ! <p><font size=3>Sets script filename to load and run after discovering any open port.</p> ! <a name="FW/IDS EVASION AND SPOOFING OPTIONS"></a><h2>FW/IDS EVASION AND SPOOFING OPTIONS</h2><p><font size=3>Options in this section used for customizing outgoing IP packets to make them chance of evading firewall and/or</p> ! ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="60.8696%"> ! <p><font size=3>IDS.</p> ! <p><font size=3><B>-s</B> <font size=3><IPv4 address> (spoof source address)<br> ! <span style=" text-indent: 0.2400in;"></span>With this option, you can set source address of outgoing packets.</p> ! <p><font size=3><B>--source-port/-g</B> <font size=3><portnum> (use specified source port number)</p> ! </td> ! <td valign="top" align="left" width="39.1304%"> ! </td> ! </tr> ! </table> ! <p><font size=3>In default mode of operation, IceScan select source port randomly from range of 9999-65534. This option<br> ! <span style=" text-indent: 0.2400in;"></span>forces outgoing tcp/udp packets have predefined source port.</p> ! <p><font size=3><B>--ttl</B> <font size=3><value> (set IP time-to-live field)<br> ! <span style=" text-indent: 0.2400in;"></span>After setting this option, all outgoing IP packets will have specified value in TTL field.</p> ! ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="94.5652%"> ! <p><font size=3><B>--bounce-http-proxy</B> <font size=3><<hostname>:<port>> connect() through HTTP proxy<br> ! <span style=" text-indent: 0.2400in;"></span>If you have address(es) of HTTP proxy, you can use them in your connect() (-ST) scans to reach more<br> ! <span style=" text-indent: 0.2400in;"></span>stealthiness. IceScan will try to pass probes through HTTP proxy, instead of direct connection.</p> ! <p><font size=3><B>--ip-options</B> <font size=3>< R | T | U > (add specific IP option to outgoing packets)</p> ! </td> ! <td valign="top" align="left" width="5.4348%"> ! </td> ! </tr> ! </table> ! <p><font size=3>With this option you can add specific (only one) option to outgoing packets: R (record route), T (record<br> ! </p> ! ! <!-- Page: 6 --> ! <!-- left margin: 100 --> ! <!-- right margin: 750 --> ! <p><span style=" text-indent: 0.2400in;"></span><font size=3>internet timestamps), U (record timestamps and ip addresses). Only one option still can be specified at one</p> ! ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="97.6923%"> ! <p><font size=3><span style=" text-indent: 0.2400in;"></span>time.</p> ! <p><font size=3><B>--tcp-options</B> <font size=3><N|E|S|T0|T|?x|Mx|Wx,...> (add specific tcp options)<br> ! <span style=" text-indent: 0.2400in;"></span>Add specific TCP options to outgoing packets, like timestamp, MSS and more. Options are passed in string,<br> ! <span style=" text-indent: 0.2400in;"></span>with comma as delimeter. Here are all list of available options:</p> ! </td> ! <td valign="top" align="left" width="2.3077%"> ! </td> ! </tr> ! </table> ! ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="65.3846%"> ! <p><font size=3><span style=" text-indent: 0.2400in;"></span>N - NOP option<br> ! <span style=" text-indent: 0.2400in;"></span>E - EOL option<br> ! <span style=" text-indent: 0.2400in;"></span>Wx - window scaling option, value x<br> ! <span style=" text-indent: 0.2400in;"></span>Mx - maximum segment size option, value x<br> ! <span style=" text-indent: 0.2400in;"></span>S - selective ACK OK<br> ! <span style=" text-indent: 0.2400in;"></span>T - timestamp<br> ! <span style=" text-indent: 0.2400in;"></span>T0 - timestamp with zero value<br> ! <span style=" text-indent: 0.2400in;"></span>?n - unrecognized option number n.<br> ! <span style=" text-indent: 0.2400in;"></span>Options will be applied to all outgoing tcp segments in superuser mode.</p> ! <p><font size=3><B>--badchksum</B> <font size=3>(send packets with a wrong TCP/UDP checksums)</p> ! </td> ! <td valign="top" align="left" width="34.6154%"> ! </td> ! </tr> ! </table> ! <p><font size=3>All outgoing packets CRC filed will be filled with random junk value.</p> ! <a name="OUTPUT"></a><h2>OUTPUT</h2> ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="98.9231%"> ! <p><font size=3>Output options configure IceScan output parameters, debugging and logs. Currently, IceScan supports two types<br> ! of output formats: normal (also known as "nmap-style") and grepable (useful for parsing with sed, awk, grep and<br> ! other tools). In all cases when you can set filename you can also use "-" if you want print information to stdout.</p> ! <p><font size=3><B>-oI/oG-</B> <font size=3><filename> (output results in normal/grepable format to file)</p> ! </td> ! <td valign="top" align="left" width="1.0769%"> ! </td> ! </tr> ! </table> ! ! <table width="100%" rules="none" frame="none" cols="4"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="3.2308%"> ! </td> ! <td valign="top" align="left" width="1.0000%"> ! </td> ! <td valign="top" align="left" width="94.6154%"> ! <p><font size=3>Results of IceScan will be put to file (or to stdout) in selected format. You can combine options to output with<br> ! different formats into different files.</p> ! </td> ! <td valign="top" align="left" width="1.6923%"> ! </td> ! </tr> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="3.2308%"> ! <p><font size=3><B>-oA</p> ! </B></td> ! <td valign="top" align="left" width="1.0000%"> ! </td> ! <td valign="top" align="left" width="94.6154%"> ! <p><font size=3><base_filename> (output in all formats at once)<br> ! Results of IceScan will be put into files base_filename.icescan (normal style) and base_filename.grep<br> ! (grepable style).</p> ! </td> ! <td valign="top" align="left" width="1.6923%"> ! </td> ! </tr> ! </table> ! <p><font size=3><B>-w</B> <font size=3><filename> (dump all recieved packets to file)<br> ! <span style=" text-indent: 0.2400in;"></span>All recieved packets will be dumped to tcpdump-format file specified by filename.</p> ! <p><font size=3><B>--packet-trace</B> <font size=3>(print all packets that are sent and received)<br> ! <span style=" text-indent: 0.2400in;"></span>Every recieved and sent packet/connection will be printed in tcpdump style. By the way, with this options, you<br> ! <span style=" text-indent: 0.2400in;"></span>can easily use IceScan instead of tcpdump, just type:<br> ! <span style=" text-indent: 0.2400in;"></span>icescan -e <interface> -P0 -SP --packet-trace 0.0.0.0/0</p> ! ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="99.2308%"> ! <p><font size=3><B>--open</B> <font size=3>(show only open/possibly open ports)<br> ! <span style=" text-indent: 0.2400in;"></span>In output port tables only open (or possibly open, such unfiltered state) ports will be shown; other ports will be<br> ! <span style=" text-indent: 0.2400in;"></span>skipped.</p> ! <p><font size=3><B>-d<debug level></B> <font size=3>(set debug level)</p> ! </td> ! <td valign="top" align="left" width="1.0000%"> ! </td> ! </tr> ! </table> ! <p><font size=3>Sets IceScan debug output on with selected level. Levels from 1 to 9 are available.</p> ! <p><font size=3><B>-v[v[v[v]]]]</B> <font size=3>(verbose levels)<br> ! <span style=" text-indent: 0.2400in;"></span>Sets IceScan output verbosity level. Four levels are available. Setting upper levels may fill your screen with<br> ! <span style=" text-indent: 0.2400in;"></span>MUCH useless and unimportant information, be careful!</p> ! <a name="OTHER OPTIONS"></a><h2>OTHER OPTIONS</h2> ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="97.0769%"> ! <p><font size=3>Misceleanous options of IceScan.</p> ! <p><font size=3><B>--uid0</B> <font size=3>(assume that the current user is fully privileged)<br> ! <span style=" text-indent: 0.2400in;"></span>If you set this option, IceScan will work as it has superuser proveleges (e.g. root in *nix or Administrator in<br> ! <span style=" text-indent: 0.2400in;"></span>NT systems).</p> ! <p><font size=3><B>--uid1</B> <font size=3>(assume that the current user isn't fully privileged)</p> ! </td> ! <td valign="top" align="left" width="2.9231%"> ! </td> ! </tr> ! </table> ! <p><font size=3>If you set this option, IceScan won't use any features, that require superuser priveleges.</p> ! <p><font size=3><B>-V/--version</B> <font size=3>(print version information and exit)<br> ! <span style=" text-indent: 0.2400in;"></span>IceScan will print version information, information of used libraries and exit.</p> ! <p><font size=3><B>-?</B> <font size=3>(help message)<br> ! <span style=" text-indent: 0.2400in;"></span>Short scrib anout all IceScan parameters and options.<br> ! </p> ! ! <!-- Page: 7 --> ! <!-- left margin: 100 --> ! <!-- right margin: 749 --> ! <a name="EXAMPLES"></a><h2>EXAMPLES</h2> ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="97.2265%"> ! <p><font size=3>Here are some examples of IceScan usage. To collect information about all hosts in network segment using the<br> ! passive scan, use:</p> ! <p><font size=3>icescan -n -v -SP -e <interface_number> 0.0.0.0/0</p> ! <p><font size=3>To list available interfaces, sumply type:</p> ! <p><font size=3>icescan --list-interfaces</p> ! <p><font size=3>To scan target in active mode with FIN-scan, type:</p> ! <p><font size=3>icescan -SF <target_ip></p> ! <p><font size=3>To use OS fingerprinting feature in active scan mode, you can use:</p> ! <p><font size=3>icescan -O -SS -v <target_ip></p> ! </td> ! <td valign="top" align="left" width="2.7735%"> ! </td> ! </tr> ! </table> ! <a name="BUGS"></a><h2>BUGS</h2> ! <table width="100%" rules="none" frame="none" cols="2"> ! <tr valign="top" align="left"> ! <td valign="top" align="left" width="96.6102%"> <p><font size=3>IceScan is still under constant development, so it is possible that you will encounter a bug while using it. Please<br> ! report bugs to <icescan-devs(at)lists.sourceforge.net>. ( )</p> <p><font size=3>Be sure you tell us:</p> <p><font size=3>1) Operating System and version (the command 'uname -sr' may tell you this, although on</p> </td> ! <td valign="top" align="left" width="3.3898%"> </td> </tr> *************** *** 488,496 **** <table width="100%" rules="none" frame="none" cols="4"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="1.8576%"> </td> ! <td valign="top" align="left" width="18.2663%"> </td> ! <td valign="top" align="left" width="79.5666%"> <p><font size=3>Linux systems it will probably tell you only the version number of the Linux kernel, not of<br> the distribution as a whole; on Linux systems, please tell us both the version number of the<br> --- 753,761 ---- <table width="100%" rules="none" frame="none" cols="4"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="1.8490%"> </td> ! <td valign="top" align="left" width="18.1818%"> </td> ! <td valign="top" align="left" width="79.1988%"> <p><font size=3>Linux systems it will probably tell you only the version number of the Linux kernel, not of<br> the distribution as a whole; on Linux systems, please tell us both the version number of the<br> *************** *** 501,511 **** </tr> <tr valign="top" align="left"> ! <td valign="top" align="left" width="1.8576%"> <p><font size=3>2)</p> <p><font size=3>3)</p> </td> ! <td valign="top" align="left" width="18.2663%"> </td> ! <td valign="top" align="left" width="79.5666%"> <p><font size=3>Version of libpcap, libdnet and libpcre. Compressed config.log file.</p> <p><font size=3>Version of IceScan (the command 'icescan -V' will tell you, unless the bug is so severe as<br> --- 766,776 ---- </tr> <tr valign="top" align="left"> ! <td valign="top" align="left" width="1.8490%"> <p><font size=3>2)</p> <p><font size=3>3)</p> </td> ! <td valign="top" align="left" width="18.1818%"> </td> ! <td valign="top" align="left" width="79.1988%"> <p><font size=3>Version of libpcap, libdnet and libpcre. Compressed config.log file.</p> <p><font size=3>Version of IceScan (the command 'icescan -V' will tell you, unless the bug is so severe as<br> *************** *** 516,525 **** </tr> <tr valign="top" align="left"> ! <td valign="top" align="left" width="1.8576%"> <p><font size=3>4)</p> </td> ! <td valign="top" align="left" width="18.2663%"> </td> ! <td valign="top" align="left" width="79.5666%"> <p><font size=3>The command you used to invoke IceScan, and the sequence of operations you performed<br> that caused the bug to appear.</p> --- 781,790 ---- </tr> <tr valign="top" align="left"> ! <td valign="top" align="left" width="1.8490%"> <p><font size=3>4)</p> </td> ! <td valign="top" align="left" width="18.1818%"> </td> ! <td valign="top" align="left" width="79.1988%"> <p><font size=3>The command you used to invoke IceScan, and the sequence of operations you performed<br> that caused the bug to appear.</p> *************** *** 529,532 **** --- 794,801 ---- </tr> </table> + + <table width="100%" rules="none" frame="none" cols="2"> + <tr valign="top" align="left"> + <td valign="top" align="left" width="99.5378%"> <p><font size=3>If the bug is produced by a particular trace file, please be sure to send a trace file along with your bug description.<br> Please don't send a trace file greater than 1 MB when compressed. If the trace file contains sensitive information<br> *************** *** 534,550 **** <p><font size=3>If IceScan died on you with a 'segmentation violation', 'bus error', 'abort', or other error that produces a UNIX<br> core dump file, you can help the developers a lot if you have a debugger installed. A stack trace can be obtained<br> ! by using your debugger ('gdb' in this example), the IceScan binary, and the resulting core file. Here's an example of how to use the gdb command 'backtrace' to do so.</p> ! <p><font size=3>$ <font size=3><B>gdb icescan core</p> ! </B> <table width="100%" rules="none" frame="none" cols="2"> <tr valign="top" align="left"> ! <td valign="top" align="left" width="96.1300%"> ! <p><font size=3>(gdb) <font size=3><B>backtrace<br> ! <span style=" text-indent: 0.0300in;"></span></B>.... prints the stack trace<br> (gdb) <font size=3><B>quit<br> </B>$</p> <p><font size=3>The core dump file may be named "icescan.core" rather than "core" on some platforms (e.g., BSD systems).</p> </td> ! <td valign="top" align="left" width="3.8700%"> </td> </tr> --- 803,825 ---- <p><font size=3>If IceScan died on you with a 'segmentation violation', 'bus error', 'abort', or other error that produces a UNIX<br> core dump file, you can help the developers a lot if you have a debugger installed. A stack trace can be obtained<br> ! by using your debugger ('gdb' in this example), the IceScan binary, and the resulting core file. Here's an example<br> ! of how to u... [truncated message content] |