hping3 usage - HackMD

# hping3 usage ###### tags: `ping` `linux` `network` Some example of hping3 on ubuntu 12.10 ``` [1]. Send "SYN" packet with particular port number root@tom-vm-lab:/home/tom# ping www.microsoft.com -c 5 PING lb1.www.ms.akadns.net (65.55.57.27) 56(84) bytes of data. --- lb1.www.ms.akadns.net ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 3998ms root@tom-vm-lab:/home/tom# root@tom-vm-lab:/home/tom# hping3 -S www.microsoft.com -p 80 HPING www.microsoft.com (eth0 65.55.57.27): S set, 40 headers + 0 data bytes len=46 ip=65.55.57.27 ttl=245 DF id=9580 sport=80 flags=SA seq=0 win=8190 rtt=197.3 ms len=46 ip=65.55.57.27 ttl=245 DF id=41832 sport=80 flags=SA seq=1 win=8190 rtt=194.4 ms len=46 ip=65.55.57.27 ttl=244 DF id=64096 sport=80 flags=SA seq=2 win=8190 rtt=198.0 ms len=46 ip=65.55.57.27 ttl=244 DF id=57392 sport=80 flags=SA seq=3 win=8190 rtt=195.6 ms len=46 ip=65.55.57.27 ttl=244 DF id=22763 sport=80 flags=SA seq=4 win=8190 rtt=191.6 ms len=46 ip=65.55.57.27 ttl=244 DF id=15177 sport=80 flags=SA seq=5 win=8190 rtt=193.7 ms len=46 ip=65.55.57.27 ttl=244 DF id=50767 sport=80 flags=SA seq=6 win=8190 rtt=202.1 ms len=46 ip=65.55.57.27 ttl=245 DF id=42590 sport=80 flags=SA seq=7 win=8190 rtt=202.9 ms ^C --- www.microsoft.com hping statistic --- 8 packets transmitted, 8 packets received, 0% packet loss round-trip min/avg/max = 191.6/197.0/202.9 ms root@tom-vm-lab:/home/tom# [2]. Trace hops root@tom-vm-lab:/home/tom# hping3 -S www.microsoft.com -p 80 -T HPING www.microsoft.com (eth0 65.55.57.27): S set, 40 headers + 0 data bytes hop=1 TTL 0 during transit from ip=168.95.98.254 name=h254.s98.ts.hinet.net hop=1 hoprtt=22.9 ms hop=2 TTL 0 during transit from ip=168.95.144.2 name=tchn-3301.hinet.net hop=2 hoprtt=42.1 ms hop=3 TTL 0 during transit from ip=220.128.16.194 name=tchn-3011.hinet.net hop=3 hoprtt=35.2 ms hop=4 TTL 0 during transit from ip=220.128.16.6 name=TPDT-3011.hinet.net hop=4 hoprtt=63.4 ms hop=5 TTL 0 during transit from ip=220.128.11.149 name=r4102-s2.tp.hinet.net hop=5 hoprtt=30.3 ms hop=6 TTL 0 during transit from ip=220.128.7.13 name=r4002-s2.tp.hinet.net hop=6 hoprtt=46.3 ms hop=7 TTL 0 during transit from ip=211.72.108.237 name=r12-pa.us.hinet.net hop=7 hoprtt=206.8 ms hop=8 TTL 0 during transit from ip=202.39.82.93 name=202-39-82-93.HINET-IP.hinet.net hop=8 hoprtt=193.8 ms hop=9 TTL 0 during transit from ip=207.46.40.50 name=xe-7-0-1-0.by2-96c-1b.ntwk.msn.net hop=9 hoprtt=244.8 ms hop=10 TTL 0 during transit from ip=207.46.40.48 name=ge-0-3-0-0.co1-64c-1a.ntwk.msn.net hop=10 hoprtt=201.3 ms hop=11 TTL 0 during transit from ip=10.22.8.6 name=UNKNOWN hop=11 hoprtt=277.6 ms hop=12 TTL 0 during transit from ip=10.22.8.2 name=UNKNOWN hop=12 hoprtt=218.6 ms len=46 ip=65.55.57.27 ttl=244 DF id=695 sport=80 flags=SA seq=12 win=8190 rtt=215.1 ms len=46 ip=65.55.57.27 ttl=245 DF id=23255 sport=80 flags=SA seq=13 win=8190 rtt=208.8 ms len=46 ip=65.55.57.27 ttl=245 DF id=53940 sport=80 flags=SA seq=14 win=8190 rtt=197.1 ms len=46 ip=65.55.57.27 ttl=245 DF id=6998 sport=80 flags=SA seq=15 win=8190 rtt=209.5 ms len=46 ip=65.55.57.27 ttl=245 DF id=65497 sport=80 flags=SA seq=16 win=8190 rtt=221.0 ms ^C --- www.microsoft.com hping statistic --- 17 packets transmitted, 17 packets received, 0% packet loss round-trip min/avg/max = 22.9/155.0/277.6 ms root@tom-vm-lab:/home/tom# [3]. Scanning ports root@tom-vm-lab:/home/tom# hping3 --scan 1-1024 -S -t 16 192.168.1.114 Scanning 192.168.1.114 (192.168.1.114), port 1-1024 1024 ports to scan, use -V to see all the replies +----+-----------+---------+---+-----+-----+-----+ |port| serv name | flags |ttl| id | win | len | +----+-----------+---------+---+-----+-----+-----+ 80 http : .S..A... 64 0 5840 46 443 https : .S..A... 64 0 5840 46 554 rtsp : .S..A... 64 0 5840 46 All replies received. Done. Not responding ports: root@tom-vm-lab:/home/tom# root@tom-vm-lab:/home/tom# hping3 --scan known 192.168.1.114 Scanning 192.168.1.114 (192.168.1.114), port known 337 ports to scan, use -V to see all the replies +----+-----------+---------+---+-----+-----+-----+ |port| serv name | flags |ttl| id | win | len | +----+-----------+---------+---+-----+-----+-----+ All replies received. Done. Not responding ports: (80 http) (443 https) (554 rtsp) root@tom-vm-lab:/home/tom# [4]. Send ICMP packet with spoofed IP source Command : hping3 <target-IP> -i <u1000 | u1000000 | ... > --icmp -a <spoofed-IP> root@tom-vm-lab:/home/tom# hping3 192.168.1.1 -i u1000 --icmp HPING 192.168.1.1 (eth0 192.168.1.1): icmp mode set, 28 headers + 0 data bytes len=46 ip=192.168.1.1 ttl=64 id=1073 icmp_seq=0 rtt=1.1 ms len=46 ip=192.168.1.1 ttl=64 id=1074 icmp_seq=1 rtt=0.9 ms len=46 ip=192.168.1.1 ttl=64 id=1075 icmp_seq=2 rtt=0.8 ms len=46 ip=192.168.1.1 ttl=64 id=1076 icmp_seq=3 rtt=0.8 ms len=46 ip=192.168.1.1 ttl=64 id=1077 icmp_seq=4 rtt=0.9 ms ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN len=46 ip=192.168.1.1 ttl=64 id=1084 icmp_seq=147 rtt=2.2 ms len=46 ip=192.168.1.1 ttl=64 id=1085 icmp_seq=287 rtt=0.8 ms len=46 ip=192.168.1.1 ttl=64 id=1086 icmp_seq=431 rtt=0.6 ms len=46 ip=192.168.1.1 ttl=64 id=1087 icmp_seq=572 rtt=0.7 ms len=46 ip=192.168.1.1 ttl=64 id=1088 icmp_seq=713 rtt=0.7 ms ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN len=46 ip=192.168.1.1 ttl=64 id=1090 icmp_seq=854 rtt=0.8 ms len=46 ip=192.168.1.1 ttl=64 id=1091 icmp_seq=993 rtt=0.7 ms len=46 ip=192.168.1.1 ttl=64 id=1092 icmp_seq=1130 rtt=0.6 ms len=46 ip=192.168.1.1 ttl=64 id=1093 icmp_seq=1267 rtt=0.9 ms len=46 ip=192.168.1.1 ttl=64 id=1094 icmp_seq=1405 rtt=0.8 ms ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN len=46 ip=192.168.1.1 ttl=64 id=1096 icmp_seq=1544 rtt=0.6 ms len=46 ip=192.168.1.1 ttl=64 id=1097 icmp_seq=1684 rtt=0.6 ms ^C --- 192.168.1.1 hping statistic --- 1819 packets transmitted, 25 packets received, 99% packet loss round-trip min/avg/max = 0.6/0.9/2.2 ms root@tom-vm-lab:/home/tom# hping3 192.168.1.1 -i u1000 --icmp -a 192.168.1.114 HPING 192.168.1.1 (eth0 192.168.1.1): icmp mode set, 28 headers + 0 data bytes ^C --- 192.168.1.1 hping statistic --- 32237 packets transmitted, 0 packets received, 100% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms root@tom-vm-lab:/home/tom# root@tom-vm-lab:/home/tom# hping3 192.168.1.114 --flood --icmp -a 192.168.1.102 HPING 192.168.1.114 (eth0 192.168.1.114): icmp mode set, 28 headers + 0 data bytes hping in flood mode, no replies will be shown ^C --- 192.168.1.114 hping statistic --- 565355 packets transmitted, 0 packets received, 100% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms ```