2022年5月23日 星期一

[研究] hping - TCP/IP 封包產生和分析工具 安裝與測試 (Ubuntu 22.04 LTS)

[研究] hping - TCP/IP 封包產生和分析工具 安裝 (Ubuntu 22.04 LTS)

2022-05-23

Hping - Active Network Security Tool
http://www.hping.org/

下載
http://www.hping.org/download.html

hping 可以偽造來源 IP 位址發送封包,

*********************************************************************************

安裝

sudo apt install -y hping3  

版本

john@Ubuntu2204:~$ hping3 -v hping3 version 3.0.0-alpha-2 ($Id: release.h,v 1.4 2004/04/09 23:38:56 antirez Exp $) This binary is TCL scripting capable john@Ubuntu2204:~$

版本

john@Ubuntu2204:~$ sudo apt-cache policy hping N: Unable to locate package hping john@Ubuntu2204:~$ sudo apt-cache policy hping2 N: Unable to locate package hping2 john@Ubuntu2204:~$ sudo apt-cache policy hping3 hping3: Installed: 3.a2.ds2-10 Candidate: 3.a2.ds2-10 Version table: *** 3.a2.ds2-10 500 500 http://tw.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages 100 /var/lib/dpkg/status john@Ubuntu2204:~$

說明

john@Ubuntu2204:~$ hping3 -h
usage: hping3 host [options]
  -h  --help      show this help
  -v  --version   show version
  -c  --count     packet count
  -i  --interval  wait (uX for X microseconds, for example -i u1000)
      --fast      alias for -i u10000 (10 packets for second)
      --faster    alias for -i u1000 (100 packets for second)
      --flood	   sent packets as fast as possible. Don't show replies.
  -n  --numeric   numeric output
  -q  --quiet     quiet
  -I  --interface interface name (otherwise default routing interface)
  -V  --verbose   verbose mode
  -D  --debug     debugging info
  -z  --bind      bind ctrl+z to ttl           (default to dst port)
  -Z  --unbind    unbind ctrl+z
      --beep      beep for every matching packet received
Mode
  default mode     TCP
  -0  --rawip      RAW IP mode
  -1  --icmp       ICMP mode
  -2  --udp        UDP mode
  -8  --scan       SCAN mode.
                   Example: hping --scan 1-30,70-90 -S www.target.host
  -9  --listen     listen mode
IP
  -a  --spoof      spoof source address
  --rand-dest      random destionation address mode. see the man.
  --rand-source    random source address mode. see the man.
  -t  --ttl        ttl (default 64)
  -N  --id         id (default random)
  -W  --winid      use win* id byte ordering
  -r  --rel        relativize id field          (to estimate host traffic)
  -f  --frag       split packets in more frag.  (may pass weak acl)
  -x  --morefrag   set more fragments flag
  -y  --dontfrag   set don't fragment flag
  -g  --fragoff    set the fragment offset
  -m  --mtu        set virtual mtu, implies --frag if packet size > mtu
  -o  --tos        type of service (default 0x00), try --tos help
  -G  --rroute     includes RECORD_ROUTE option and display the route buffer
  --lsrr           loose source routing and record route
  --ssrr           strict source routing and record route
  -H  --ipproto    set the IP protocol field, only in RAW IP mode
ICMP
  -C  --icmptype   icmp type (default echo request)
  -K  --icmpcode   icmp code (default 0)
      --force-icmp send all icmp types (default send only supported types)
      --icmp-gw    set gateway address for ICMP redirect (default 0.0.0.0)
      --icmp-ts    Alias for --icmp --icmptype 13 (ICMP timestamp)
      --icmp-addr  Alias for --icmp --icmptype 17 (ICMP address subnet mask)
      --icmp-help  display help for others icmp options
UDP/TCP
  -s  --baseport   base source port             (default random)
  -p  --destport   [+][+]<port> destination port(default 0) ctrl+z inc/dec
  -k  --keep       keep still source port
  -w  --win        winsize (default 64)
  -O  --tcpoff     set fake tcp data offset     (instead of tcphdrlen / 4)
  -Q  --seqnum     shows only tcp sequence number
  -b  --badcksum   (try to) send packets with a bad IP checksum
                   many systems will fix the IP checksum sending the packet
                   so you'll get bad UDP/TCP checksum instead.
  -M  --setseq     set TCP sequence number
  -L  --setack     set TCP ack
  -F  --fin        set FIN flag
  -S  --syn        set SYN flag
  -R  --rst        set RST flag
  -P  --push       set PUSH flag
  -A  --ack        set ACK flag
  -U  --urg        set URG flag
  -X  --xmas       set X unused flag (0x40)
  -Y  --ymas       set Y unused flag (0x80)
  --tcpexitcode    use last tcp->th_flags as exit code
  --tcp-mss        enable the TCP MSS option with the given value
  --tcp-timestamp  enable the TCP timestamp option to guess the HZ/uptime
Common
  -d  --data       data size                    (default is 0)
  -E  --file       data from file
  -e  --sign       add 'signature'
  -j  --dump       dump packets in hex
  -J  --print      dump printable characters
  -B  --safe       enable 'safe' protocol
  -u  --end        tell you when --file reached EOF and prevent rewind
  -T  --traceroute traceroute mode              (implies --bind and --ttl 1)
  --tr-stop        Exit when receive the first not ICMP in traceroute mode
  --tr-keep-ttl    Keep the source TTL fixed, useful to monitor just one hop
  --tr-no-rtt	    Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
  --apd-send       Send the packet described with APD (see docs/APD.txt)
john@Ubuntu2204:~$

測試

john@Ubuntu2204:~$ sudo hping3 -S -p 80 -c 3 -n  www.hinet.net
HPING www.hinet.net (ens33 202.39.67.2): S set, 40 headers + 0 data bytes
len=46 ip=202.39.67.2 ttl=128 id=21819 sport=80 flags=SA seq=0 win=64240 rtt=7.8 ms
len=46 ip=202.39.67.2 ttl=128 id=21820 sport=80 flags=SA seq=1 win=64240 rtt=2.7 ms
len=46 ip=202.39.67.2 ttl=128 id=21821 sport=80 flags=SA seq=2 win=64240 rtt=10.1 ms

--- www.hinet.net hping statistic ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 2.7/6.9/10.1 ms

john@Ubuntu2204:~$ sudo hping3 -S -p 443 -c 3 -n  www.hinet.net
HPING www.hinet.net (ens33 211.20.148.226): S set, 40 headers + 0 data bytes
len=46 ip=211.20.148.226 ttl=128 id=21823 sport=443 flags=SA seq=0 win=64240 rtt=7.9 ms
len=46 ip=211.20.148.226 ttl=128 id=21824 sport=443 flags=SA seq=1 win=64240 rtt=6.7 ms
len=46 ip=211.20.148.226 ttl=128 id=21825 sport=443 flags=SA seq=2 win=64240 rtt=6.6 ms

--- www.hinet.net hping statistic ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 6.6/7.0/7.9 ms
john@Ubuntu2204:~$ 

flags=SA 有開 port

**********

特殊測試,最好拿自己的另一台電腦當目標測試 (ex : 192.168.128.129) ,免得被別人當成疑似攻擊行為。

下面範例偽造來源 IP 為 1.2.3.4,目標 192.168.128.129, 每秒送出 10 個封包。

john@Ubuntu2204:~$ sudo  hping3 192.168.128.129 -i u10000 -c 10000 -S -a 1.2.3.4
...(略)
len=40 ip=192.168.128.129 ttl=64 DF id=0 sport=0 flags=RA seq=994 win=0 rtt=4.0 ms len=40 ip=192.168.128.129 ttl=64 DF id=0 sport=0 flags=RA seq=995 win=0 rtt=1.5 ms --- 192.168.128.129 hping statistic --- 1000 packets transmitted, 996 packets received, 1% packet loss round-trip min/avg/max = 0.1/10.3/1011.8 ms john@Ubuntu2204:~$


(完)

相關

[研究] hping - TCP/IP 封包產生和分析工具 安裝與測試 (Ubuntu 22.04 LTS)
https://shaurong.blogspot.com/2022/05/hping-tcpip-ubuntu-2204-lts.html

[研究] hping - TCP/IP 封包產生和分析工具 (Windows 7, CentOS 7)
http://shaurong.blogspot.com/2018/01/hping-tcpip.html

沒有留言:

張貼留言