Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hping2.

Published byDylan Stevenson Modified over 6 years ago

Similar presentations

Presentation on theme: "Hping2."— Presentation transcript:

1 Hping2

2 What is Hping? Command-line oriented TCP/IP packet generator.
can create IP packets containing TCP, UDP or ICMP payloads allows to manipulate header fields, flags. has a traceroute mode. can send files between a covert channel.

3 Functions of Hping2 Advanced Port scanning (via TCP scans, ICMP scan, UDP scan) Firewall Testing Test net performance using different protocols, packet size, TOS (type of service) and fragmentation Path MTU Discovery Advanced traceroute Remote OS fingerprinting

4 Hping as Packet Crafter
can generate customized packets for various protocol types- raw IP,TCP, ICMP, UDP. provide options to set header fields and flags.

5 Crafting TCP Packets Crafting TCP packets is the default behavior of hping. specify the TCP flags, a destination port and a target IP address. TCP Flags: -F, -S, -R, -P, -A, -U hping2 [–<flag>] <ipaddress/hostname of target> [-p <portno>]

6 Crafting TCP Packets- Example
-S (SYN) Packet An open port is indicated by a SA return packet, closed ports by RA packets. The attacker computer is and the target is hping2-rc3]# hping2 -S HPING (eth ): S set, 40 headers + 0 data bytes len=46 ip= ttl=128 id=18414 sport=0 flags=RA seq=0 win=0 rtt=149.9 ms len=46 ip= ttl=128 id=18416 sport=0 flags=RA seq=1 win=0 rtt=0.5 ms len=46 ip= ttl=128 id=18417 sport=0 flags=RA seq=2 win=0 rtt=0.4 ms len=46 ip= ttl=128 id=18418 sport=0 flags=RA seq=3 win=0 rtt=0.5 ms len=46 ip= ttl=128 id=18420 sport=0 flags=RA seq=4 win=0 rtt=1.6 ms hping statistic --- 5 packets tramitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0.4/30.6/149.9 ms hping2-rc3]#

7 SYN Scan (Port Scanning)
-S (SYN) Packet hping2-rc3]# hping2 -S p 135 HPING (eth ): S set, 40 headers + 0 data bytes len=46 ip= ttl=128 DF id=28733 sport=135 flags=SA seq=0 win=16616 rtt=122.8 ms len=46 ip= ttl=128 DF id=28734 sport=135 flags=SA seq=1 win=16616 rtt=11.7 ms len=46 ip= ttl=128 DF id=28737 sport=135 flags=SA seq=2 win=16616 rtt=1.4 ms len=46 ip= ttl=128 DF id=28738 sport=135 flags=SA seq=3 win=16616 rtt=1.5 ms hping statistic --- 4 packets tramitted, 4 packets received, 0% packet loss round-trip min/avg/max = 1.4/34.3/122.8 ms hping2-rc3]#

8 RST Scan(Port scanning)
-R (RST) Packet RST packets are used to probe for active host. If you send out a RST scan you would get: no response -indicates that the host is alive ICMP host unreachable message - indicate that the host does not exist. Some IDS systems will not log RST packets/scans.

9 RST Scan (Port Scanning)
hping2-rc3]# hping2 -R HPING (eth ): R set, 40 headers + 0 data bytes hping statistic --- 6 packets tramitted, 0 packets received, 100% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms hping2-rc3]#

10 FIN Scan -F (FIN) Packet
The FIN packet is used to close an established connection. It is also used to conduct a FIN Scan. When a closed port receives a FIN packet, it should respond with a RST packet while an open port should do nothing (ignore the packet).

11 FIN Scan (Port Scanning)
hping2-rc3]# hping2 -F HPING (eth ): F set, 40 headers + 0 data bytes len=46 ip= ttl=128 id=20173 sport=0 flags=RA seq=0 win=0 rtt=34.2 ms len=46 ip= ttl=128 id=20174 sport=0 flags=RA seq=1 win=0 rtt=0.8 ms len=46 ip= ttl=128 id=20175 sport=0 flags=RA seq=2 win=0 rtt=0.5 ms len=46 ip= ttl=128 id=20176 sport=0 flags=RA seq=3 win=0 rtt=0.5 ms hping statistic --- 4 packets tramitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.5/9.0/34.2 ms hping2-rc3]#

12 More in Port Scanning Spoofed Port Scanning: source IP address can be spoofed using –a option hping2 –a<spoofedIPaddress> [flags] <targetIPaddress/hostname> [-p<portno>] Incremental Port Scanning: incremental port scanning is done with + or ++ sign. hping2 –S tragethost –p + <portno> // destination port will be increased for each reply received. hping2 –S targethost –p++ <portno> // destination port will be increased for each packet sent.

13 Crafting ICMP Packets send ICMP packets using the -1 (one) mode.
hping2 -1 <IPADDRESS> hping2-rc3]# hping HPING (eth ): icmp mode set, 28 headers + 0 data bytes len=46 ip= ttl=128 id=27118 icmp_seq=0 rtt=14.9 ms len=46 ip= ttl=128 id=27119 icmp_seq=1 rtt=0.5 ms len=46 ip= ttl=128 id=27120 icmp_seq=2 rtt=0.5 ms len=46 ip= ttl=128 id=27121 icmp_seq=3 rtt=1.5 ms len=46 ip= ttl=128 id=27122 icmp_seq=4 rtt=0.9 ms hping statistic --- 5 packets tramitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0.5/3.7/14.9 ms hping2-rc3]#

14 Crafting UDP Packets send UDP packets using the -2 (two) mode.
hping2 -2 ipaddress An open port ignores UDP packet, closed ports respond by ICMP Port Unreachable packets. hping2-rc3]# hping HPING (eth ): udp mode set, 28 headers + 0 data bytes ICMP Port Unreachable from ip= name=UNKNOWN hping statistic --- 5 packets tramitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms hping2-rc3]# TCPDUMP OUTPUT:

Download ppt "Hping2."

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.

COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.

CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Port Scanning.

1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Penetration Testing-Wk5 Last Week nmap – scan hosts – footprint find open ports running services determine OS.

Penetration Testing-Wk5 Last Week nmap – scan hosts – footprint find open ports running services determine OS.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)

CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)
Tcpdump Traceroute Ping. A packet tracing tool  Works on various host platforms  Captures packets going through a certain network interface  Shows.

Tcpdump Traceroute Ping. A packet tracing tool  Works on various host platforms  Captures packets going through a certain network interface  Shows.
CPSC 441 Tutorial - Network Tools 1 Network Tools CPSC 441 – Computer Communications Tutorial.

CPSC 441 Tutorial - Network Tools 1 Network Tools CPSC 441 – Computer Communications Tutorial.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Internet Control Message Protocol (ICMP) Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Internet Control Message Protocol (ICMP) Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.
ECE-6612 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: Klaus 3362.

ECE Prof. John A. Copeland fax Office: Klaus 3362.
CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,

CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,
CPSC 441 TUTORIAL – MARCH 7, 2012 TA: MARYAM ELAHI NETWORK TOOLS.

CPSC 441 TUTORIAL – MARCH 7, 2012 TA: MARYAM ELAHI NETWORK TOOLS.
Linux Networking Commands

Linux Networking Commands

Similar presentations

Ads by Google