Send ICMP Nasty Garbage Packets to Network Hosts With sing Utility

Posted on in Categories Howto, Linux, Networking, Security, Tips, UNIX last updated January 29, 2008

Generally, I prefer to use nmap command for ICMP network scanning to probe all my network devices. By finding out unprotected devices you can improve network security and troubleshoot network problems. Recently, I discovered a cool utility called sing. It allows you to sends ICMP packets fully customized from command line. It allows you to do ICMP network scanning. Now you must be wondering, why perform ICMP network scanning? You can troubleshoot many network related problems without leaving your desk. For example,

  1. Find out using record route IP option to see the route that takes to
  2. Find out remote server / network device operating system
  3. Diagnosing data-dependent problems in a network
  4. Test firewall security for invalid and garbage ICMP packets
  5. ICMP message types that generate responses from target routers / firewalls / IDS and other hosts
  6. Try to spoof router address and see how overall network reacts and many other things

This tool is not for a new UNIX / Linux user. It requires some sort of understanding for Internet hosts – communication layers and ICMP router discovery messages etc.

sing utility

sing allows you to replace the ping command but adding certain enhancements. From the man page:
The main purpose is to replace the niceful ping command with certain enhancenments as the ability to send/read IP spoofed packets, send MAC spoofed packets, send in addition to the ECHO REQUEST type sent by default, many other ICMP types as Echo Reply, Address Mask Request, Timestamp, Information Request,Router Solicitation and Router Advertisement.

Install sing utility

Type the following command at a shell prompt:
$ sudo apt-get install sing
Note: Redhat (RHEL) / CentOS / Fedora Linux user, grab sing rpm here.

sing command examples

Let us see some real life examples. Please note that sing command requires root level privileged access.

Task: Send broadcast ICMP echo request messages

$ sudo sing -echo
#sing -echo

Task: Usual ping command

$ sing

Task: Using Record Route IP Option to see the route that takes to

# sing -R

Task: See if is running the Solaris OS

# sing -mask -O

Task: Send ICMP timestamp request messages

# sing -tstamp

Task: Test routing – Useful for diagnosing data-dependent problems in a network

Send echos with data pattern IsSiNg and fragments of 8 bytes to the host using loose source routing via and
# sing -p IsSiNg -F 8 [email protected]

Task: send ICMP address mask request messages (used to find out a host network mask)

# sing -mask
This tool offers tons of other options, I recommend reading man page for more information.

Recommended Readings:

1 comment

  1. Does not work anymore at least on 64 bit RH7

    [[email protected] ~]# ping -c 1
    PING ( 56(84) bytes of data.
    64 bytes from ( icmp_seq=1 ttl=55 time=15.4 ms ping statistics —
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 15.409/15.409/15.409/0.000 ms

    [[email protected] ~]# sing
    SING: Unable to select an interface to route throughout

Leave a Comment