Backtrack 4: Information Gathering: Route: Protos – IP protocol scanner

The tool I will be reviewing is from the same suite of tools as netenum and netmask. Protos is a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.
Lets have a look at our options:

01	root@666:~# protos -h

02	protos: invalid option -- 'h'

03	Usage: ./protos -i eth0 -d 10.1.2.3 -v

04	-v             verbose

05	-V             show which protocols are not supported

06	-u             don't ping targets first

07	-s             make the scan slow (for very remote devices)

08	-L             show the long protocol name and it's reference (RFC)

09	-p x           number of probes (default=5)

10	-S x           sleeptime is x (default=1)

11	-a x           continue scan afterwards for x seconds (default=3)

12	-d dest        destination (IP or IP/MASK)

13	-i interface   the eth0 stuff

14	-W             don't scan, just print the protocol list

If you just use the -W option, Protos will spit out a list of all the protocols it can detect: (the output is truncated)

view source

print?

01	root@666:~# protos -W

02	0       HOPOPT       IPv6 Hop-by-Hop Option [RFC1883]

03	1       ICMP         Internet Control Message [RFC792]

04	2       IGMP         Internet Group Management [RFC1112]

05	3       GGP          Gateway-to-Gateway [RFC823]

06	4       IPenc        IP in IP (encapsulation) [RFC2003]

07	5       ST           Stream [RFC1190,IEN119]

08	6       TCP          Transmission Control [RFC793]

09	7       CBT          CBT [Ballardie]

10	8       EGP          Exterior Gateway Protocol [RFC888,DLM1]

11	9       IGP          any private interior gateway [IANA]

12	10      BBN-RCC-MON  BBN RCC Monitoring [SGC]

13	11      NVP-II       Network Voice Protocol [RFC741,SC3]

14	12      PUP          PUP [PUP,XEROX]

15	13      ARGUS        ARGUS [RWS4]

16	14      EMCON        EMCON [BN7]

17	15      XNET         Cross Net Debugger [IEN158,JFH2]

18	16      CHAOS        Chaos [NC3]

19	17      UDP          User Datagram [RFC768,JBP]

20	18      MUX          Multiplexing [IEN90,JBP]

21	19      DCN-MEAS     DCN Measurement Subsystems [DLM1]

22	20      HMP          Host Monitoring [RFC869,RH6]

23	21      PRM          Packet Radio Measurement [ZSU]

24	22      XNS-IDP      XEROX NS IDP [ETHERNET,XEROX]

25	23      TRUNK-1      Trunk-1 [BWB6]

26	24      TRUNK-2      Trunk-2 [BWB6]

Lets try a run at a real IP:

001	root@666:~# protos -i eth0 -d 72.47.202.218 -v -L

002	72.47.202.218 is alive

003	TARGET  72.47.202.218

004	Running in verbose mode

005	Afterscan delay is 3

006	running in fast scan - pause every 1 probes

007	continuing scan afterwards for 3 secs

008	supported protocols will be reported

009	you supplied the target(s) 72.47.202.218

010	Scanning 72.47.202.218

011	>>>>>>>>> RESULTS >>>>>>>>>>

012

013	72.47.202.218 may be running (did not negate):

014	HOPOPT          IPv6 Hop-by-Hop Option [RFC1883]

015	ICMP            Internet Control Message [RFC792]

016	IGMP            Internet Group Management [RFC1112]

017	TCP             Transmission Control [RFC793]

018	EGP             Exterior Gateway Protocol [RFC888,DLM1]

019	BBN-RCC-MON     BBN RCC Monitoring [SGC]

020	PUP             PUP [PUP,XEROX]

021	EMCON           EMCON [BN7]

022	CHAOS           Chaos [NC3]

023	UDP             User Datagram [RFC768,JBP]

024	HMP             Host Monitoring [RFC869,RH6]

025	TRUNK-1         Trunk-1 [BWB6]

026	LEAF-1          Leaf-1 [BWB6]

027	RDP             Reliable Data Protocol [RFC908,RH6]

028	ISO-TP4         ISO Transport Protocol Class 4 [RFC905,RC77]

029	MFE-NSP         MFE Network Services Protocol [MFENET,BCH2]

030	SEP             Sequential Exchange Protocol [JC120]

031	IDPR            Inter-Domain Policy Routing Protocol [MXS1]

032	DDP             Datagram Delivery Protocol [WXC]

033	TP++            TP++ Transport Protocol [DXF]

034	IPv6            Ipv6 [Deering]

035	IPv6-Route      Routing Header for IPv6 [Deering]

036	IDRP            Inter-Domain Routing Protocol [Sue Hares]

037	GRE             General Routing Encapsulation [Tony Li]

038	BNA             BNA [Gary Salamon]

039	AH              Authentication Header for IPv6 [RFC1826]

040	SWIPE           IP with Encryption [JI6]

041	MOBILE          IP Mobility [Perkins]

042	SKIP            SKIP [Markson]

043	IPv6-ICMP       ICMP for IPv6 [RFC1883]

044	61              any host internal protocol [IANA]

045	63              any local network [IANA]

046	KRYPTOLAN       Kryptolan [PXL1]

047	IPPC            Internet Pluribus Packet Core [SHB]

048	SAT-MON         SATNET Monitoring [SHB]

049	IPCV            Internet Packet Core Utility [SHB]

050	CPHB            Computer Protocol Heart Beat [DXM2]

051	PVP             Packet Video Protocol [SC3]

052	SUN-ND          SUN ND PROTOCOL-Temporary [WM3]

053	WB-EXPAK        WIDEBAND EXPAK [SHB]

054	VMTP            VMTP [DRC3]

055	VINES           VINES [BXH]

056	NSFNET-IGP      NSFNET-IGP [HWB]

057	TCF             TCF [GAL5]

058	OSPFIGP         OSPFIGP [RFC1583,JTM4]

059	LARP            Locus Address Resolution Protocol [BXH]

060	AX.25           AX.25 Frames [BK29]

061	MICP            Mobile Internetworking Control Pro. [JI6]

062	ETHERIP         Ethernet-within-IP Encapsulation [RDH1]

063	99PrivEncr      any private encryption scheme [IANA]

064	IFMP            Ipsilon Flow Management Protocol [Hinden]

065	PIM             Protocol Independent Multicast [Farinacci]

066	SCPS            SCPS [Durst]

067	A/N             Active Networks [Braden]

068	SNP             Sitara Networks Protocol [Sridhar]

069	IPX-in-IP       IPX in IP [Lee]

070	IATP            Interactive Agent Transfer Protocol [Murphy]

071	SRP             SpectraLink Radio Protocol [Hamilton]

072	SMP             Simple Message Protocol [Ekblad]

073	PTP             Performance Transparency Protocol [Welzl]

074	FIRE            [Partridge]

075	CRUDP           Combat Radio User Datagram [Sautter]

076	IPLT            [Hollbach]

077	PIPE            Private IP Encapsulation within IP [Petri]

078	FC              Fibre Channel [Rajagopal]

079	135             [IANA]

080	137             [IANA]

081	139             [IANA]

082	141             [IANA]

083	143             [IANA]

084	145             [IANA]

085	147             [IANA]

086	149             [IANA]

087	151             [IANA]

088	153             [IANA]

089	155             [IANA]

090	157             [IANA]

091	159             [IANA]

092	161             [IANA]

093	163             [IANA]

094	165             [IANA]

095	167             [IANA]

096	169             [IANA]

097	171             [IANA]

098	173             [IANA]

099	175             [IANA]

100	177             [IANA]

101	179             [IANA]

102	181             [IANA]

103	183             [IANA]

104	185             [IANA]

105	187             [IANA]

106	189             [IANA]

107	191             [IANA]

108	193             [IANA]

109	195             [IANA]

110	197             [IANA]

111	199             [IANA]

112	201             [IANA]

113	203             [IANA]

114	205             [IANA]

115	208             [IANA]

116	209             [IANA]

117	212             [IANA]

118	214             [IANA]

119	216             [IANA]

120	218             [IANA]

121	220             [IANA]

122	222             [IANA]

123	224             [IANA]

124	226             [IANA]

125	228             [IANA]

126	230             [IANA]

127	232             [IANA]

128	234             [IANA]

129	236             [IANA]

130	238             [IANA]

131	240             [IANA]

132	242             [IANA]

133	244             [IANA]

134	246             [IANA]

135	248             [IANA]

136	250             [IANA]

137	252             [IANA]

138	254             [IANA]

Thats really all the output it gives. I will be honest I do not see much use for this tool however since we are reviewing every tool and I had to do this one.