Font Awesome Icons
Logo                                                                                 

Alan's Blog

Welcome to my Blog, where u will find posts relating to IT security to programming

© 2019. All rights reserved.

Comparison of ICMP payloads

Sat, Jan 19, 2019

Payload of a Linux Ping(ICMP) VS Windows Ping

Linux Ping

In this capture I am filtering for traffic with the ubuntu server IP and for ICMP traffic. I am also filtering out SSH traffic as I remotely access all my Linux boxes via SSH and do not want to be bombarded with SSH packets in the TCPdump output.

alt text

As you can see the linux(Ubuntu Server) ping contains special characters and numbers. The payload is (!\”#\$%&\‘()*+,-./01234567)

alt text

Windows ping

In this capture I am filtering for traffic with the Windows VM’s IP and for ICMP traffic. As I mentioned before I am filtering out SSH traffic as I remotely access all my Linux VM via SSH and do not want to be bombarded with SSH packets in the TCPdump output.

alt text

The payload in the windows icmp message is the incomplete Latin alphabet (abcdefghijklmnopqrstuvwabcdefghi)

Comparison of the payloads

As you can see the payload is different in each OS, The payload in the windows ICMP packet is the incomplete Latin alphabet (abcdefghijklmnopqrstuvwabcdefghi)and the linux(Ubuntu Server) ICMP message sends special chars and numbers (!\”#\$%&\‘()*+,-./01234567)

You will also see the packet size is different 64 for the linux vs 40 for the windows.