Hping Hping is a software to do TCP/IP stack auditing, to uncover firewall
policy, to scan TCP port in a lot of different modes, to transfer files across a
firewall and many other stuff. Using hping you are able to do even a lot of not
security-regarding stuff i.e.
- Test firewall rules
- Advanced port scanning
- Test net performance using different protocols, packet size, TOS (type
of service) and fragmentation.
- Path MTU discovery
- Transferring files between hosts where stringent firewall rules are
being applied.
- Traceroute-like under different protocols.
- Firewalk-like usage.
- Remote OS fingerprinting.
- TCP/IP stack auditing.
Installation ./configure make make install
or use the rpm :) It is
best to install the latest libpcap package. Execution root@FC4]# hping3 192.168.0.1 HPING
192.168.0.1 (eth0 192.168.0.1): NO FLAGS are set, 40 headers + 0 data bytes mslen=46 ip=192.168.0.1
ttl=128 id=2258 sport=0 flags=RA seq=0 win=0 rtt=0.7
mslen=46 ip=192.168.0.1
ttl=128 id=2259 sport=0 flags=RA seq=1 win=0 rtt=0.8
mslen=46 ip=192.168.0.1
ttl=128 id=2260 sport=0 flags=RA seq=2 win=0 rtt=0.7
mslen=46 ip=192.168.0.1
ttl=128 id=2261 sport=0 flags=RA seq=3 win=0 rtt=0.3
mslen=46 ip=192.168.0.1
ttl=128 id=2262 sport=0 flags=RA seq=4 win=0 rtt=0.8
mslen=46 ip=192.168.0.1
ttl=128 id=2263 sport=0 flags=RA seq=5 win=0 rtt=0.2
mslen=46 ip=192.168.0.1
ttl=128 id=2264 sport=0 flags=RA seq=6 win=0 rtt=0.7
mslen=46 ip=192.168.0.1
ttl=128 id=2265 sport=0 flags=RA seq=7 win=0 rtt=0.3 ms ---
192.168.0.1 hping statistic --- 8 packets
tramitted, 8 packets received, 0% packet loss
(ms)len
is the size, in bytes, of the data captured from the data link layer excluding
the data link header size. This may not match the IP datagram size due to low
level transport layer padding.
ip
is the source ip address.
id
is the IP ID field.
flags
are the TCP flags,
R for RESET,
S for
SYN,
A for
ACK,
F for
FIN,
P for PUSH,
U for
URGENT
seq
is the sequence number of the
packet, obtained using the source port for TCP/UDP packets, the sequence field
for ICMP packets.
win
is the window size.
rtt
is the round trip time. i.e. time taken to return from the initial ping.
Should you receive a window size on the reply from this tool and are having trouble working out the OS of the host you are dealing with, a quick Google search should hopefully give you a few pointers in the right direction.
|