[研究] hping - TCP/IP 封包產生和分析工具 安裝 (Ubuntu 22.04 LTS)
2022-05-23
Hping - Active Network Security Tool
http://www.hping.org/
下載
http://www.hping.org/download.html
hping 可以偽造來源 IP 位址發送封包,
*********************************************************************************
*********************************************************************************
安裝
sudo apt install -y hping3
|
版本
john@Ubuntu2204:~$ hping3 -v hping3 version 3.0.0-alpha-2 ($Id: release.h,v 1.4 2004/04/09 23:38:56 antirez Exp $) This binary is TCL scripting capable john@Ubuntu2204:~$ |
版本
john@Ubuntu2204:~$ sudo apt-cache policy hping N: Unable to locate package hping john@Ubuntu2204:~$ sudo apt-cache policy hping2 N: Unable to locate package hping2 john@Ubuntu2204:~$ sudo apt-cache policy hping3 hping3: Installed: 3.a2.ds2-10 Candidate: 3.a2.ds2-10 Version table: *** 3.a2.ds2-10 500 500 http://tw.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages 100 /var/lib/dpkg/status john@Ubuntu2204:~$ |
說明
john@Ubuntu2204:~$ hping3 -h usage: hping3 host [options] -h --help show this help -v --version show version -c --count packet count -i --interval wait (uX for X microseconds, for example -i u1000) --fast alias for -i u10000 (10 packets for second) --faster alias for -i u1000 (100 packets for second) --flood sent packets as fast as possible. Don't show replies. -n --numeric numeric output -q --quiet quiet -I --interface interface name (otherwise default routing interface) -V --verbose verbose mode -D --debug debugging info -z --bind bind ctrl+z to ttl (default to dst port) -Z --unbind unbind ctrl+z --beep beep for every matching packet received Mode default mode TCP -0 --rawip RAW IP mode -1 --icmp ICMP mode -2 --udp UDP mode -8 --scan SCAN mode. Example: hping --scan 1-30,70-90 -S www.target.host -9 --listen listen mode IP -a --spoof spoof source address --rand-dest random destionation address mode. see the man. --rand-source random source address mode. see the man. -t --ttl ttl (default 64) -N --id id (default random) -W --winid use win* id byte ordering -r --rel relativize id field (to estimate host traffic) -f --frag split packets in more frag. (may pass weak acl) -x --morefrag set more fragments flag -y --dontfrag set don't fragment flag -g --fragoff set the fragment offset -m --mtu set virtual mtu, implies --frag if packet size > mtu -o --tos type of service (default 0x00), try --tos help -G --rroute includes RECORD_ROUTE option and display the route buffer --lsrr loose source routing and record route --ssrr strict source routing and record route -H --ipproto set the IP protocol field, only in RAW IP mode ICMP -C --icmptype icmp type (default echo request) -K --icmpcode icmp code (default 0) --force-icmp send all icmp types (default send only supported types) --icmp-gw set gateway address for ICMP redirect (default 0.0.0.0) --icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp) --icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask) --icmp-help display help for others icmp options UDP/TCP -s --baseport base source port (default random) -p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec -k --keep keep still source port -w --win winsize (default 64) -O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4) -Q --seqnum shows only tcp sequence number -b --badcksum (try to) send packets with a bad IP checksum many systems will fix the IP checksum sending the packet so you'll get bad UDP/TCP checksum instead. -M --setseq set TCP sequence number -L --setack set TCP ack -F --fin set FIN flag -S --syn set SYN flag -R --rst set RST flag -P --push set PUSH flag -A --ack set ACK flag -U --urg set URG flag -X --xmas set X unused flag (0x40) -Y --ymas set Y unused flag (0x80) --tcpexitcode use last tcp->th_flags as exit code --tcp-mss enable the TCP MSS option with the given value --tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime Common -d --data data size (default is 0) -E --file data from file -e --sign add 'signature' -j --dump dump packets in hex -J --print dump printable characters -B --safe enable 'safe' protocol -u --end tell you when --file reached EOF and prevent rewind -T --traceroute traceroute mode (implies --bind and --ttl 1) --tr-stop Exit when receive the first not ICMP in traceroute mode --tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop --tr-no-rtt Don't calculate/show RTT information in traceroute mode ARS packet description (new, unstable) --apd-send Send the packet described with APD (see docs/APD.txt) john@Ubuntu2204:~$ |
測試
john@Ubuntu2204:~$ sudo hping3 -S -p 80 -c 3 -n www.hinet.net HPING www.hinet.net (ens33 202.39.67.2): S set, 40 headers + 0 data bytes len=46 ip=202.39.67.2 ttl=128 id=21819 sport=80 flags=SA seq=0 win=64240 rtt=7.8 ms len=46 ip=202.39.67.2 ttl=128 id=21820 sport=80 flags=SA seq=1 win=64240 rtt=2.7 ms len=46 ip=202.39.67.2 ttl=128 id=21821 sport=80 flags=SA seq=2 win=64240 rtt=10.1 ms --- www.hinet.net hping statistic --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 2.7/6.9/10.1 ms john@Ubuntu2204:~$ sudo hping3 -S -p 443 -c 3 -n www.hinet.net HPING www.hinet.net (ens33 211.20.148.226): S set, 40 headers + 0 data bytes len=46 ip=211.20.148.226 ttl=128 id=21823 sport=443 flags=SA seq=0 win=64240 rtt=7.9 ms len=46 ip=211.20.148.226 ttl=128 id=21824 sport=443 flags=SA seq=1 win=64240 rtt=6.7 ms len=46 ip=211.20.148.226 ttl=128 id=21825 sport=443 flags=SA seq=2 win=64240 rtt=6.6 ms --- www.hinet.net hping statistic --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 6.6/7.0/7.9 ms john@Ubuntu2204:~$ |
flags=SA 有開 port
**********
特殊測試,最好拿自己的另一台電腦當目標測試 (ex : 192.168.128.129) ,免得被別人當成疑似攻擊行為。
下面範例偽造來源 IP 為 1.2.3.4,目標 192.168.128.129, 每秒送出 10 個封包。
|
(完)
相關
[研究] hping - TCP/IP 封包產生和分析工具 安裝與測試 (Ubuntu 22.04 LTS)
https://shaurong.blogspot.com/2022/05/hping-tcpip-ubuntu-2204-lts.html
[研究] hping - TCP/IP 封包產生和分析工具 (Windows 7, CentOS 7)
http://shaurong.blogspot.com/2018/01/hping-tcpip.html
沒有留言:
張貼留言