hping 是一個封包分析工具,它類似於 ping ,但比它強很多
支援 ICMP, TCP, UDP, RAW-IP, traceroute mode
也可以作以下測試用
- Firewall testing
- Advanced port scanning
- Network testing, using different protocols, TOS, fragmentation
- Manual path MTU discovery
- Advanced traceroute, under all the supported protocols
- Remote OS fingerprinting
- Remote uptime guessing
- TCP/IP stacks auditing
- hping can also be useful to students that are learning TCP/IP.
到 http://www.hping.org/download.php 下載 hping3-20051105 source code.
安裝
wget http://www.hping.org/hping3-20051105.tar.gz tar zxvf hping3-20051105.tar.gz cd hping3-20051105 ; ./configure;make;make strip;make install
問題一 :
會在 make 時遇到找不到 net/bpf.h 這個檔
只要
ln -s /usr/include/pcap-bpf.h /usr/include/net/bpf.h
即可
問題二 :
也會在 make install 遇到
cp -f hping3 /usr/sbin/ chmod 755 /usr/sbin/hping3 ln -s /usr/sbin/hping3 /usr/sbin/hping ln -s /usr/sbin/hping3 /usr/sbin/hping2 @@@@@@ WARNING @@@@@@ Can't install the man page: //man/man8 does not exist
有一個warning,編輯 Makefile
# 將 INSTALL_MANPATH=//man # 改為 INSTALL_MANPATH=/usr/share/man/
還要
cd /usr/share/man/man8 mv hping3.8 hping.8 gzip hping.8
這樣子就可以 man hping 了
hping 指令平常用法:
1. 對目的端 使用icmp 丟三個封包
(-1 數字1 等於是icmp,-c 就是多少個封包)
# hping 10.10.10.63 -1 -c 3 HPING 10.10.10.63 (eth0 10.10.10.63): icmp mode set, 28 headers + 0 data bytes len=46 ip=10.10.10.63 ttl=128 id=21910 icmp_seq=0 rtt=2.7 ms len=46 ip=10.10.10.63 ttl=128 id=21920 icmp_seq=1 rtt=0.5 ms len=46 ip=10.10.10.63 ttl=128 id=21922 icmp_seq=2 rtt=0.5 ms --- 10.10.10.63 hping statistic --- 3 packets tramitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.5/1.2/2.7 ms
2. 對目的端掃port
20-1000 代表 port number 從20到1000
-8 等於 –scan
-S 是 –syn = SYN tcp flag
# hping -8 20-1000 -S 1.1.1.1 Scanning 1.1.1.1, port 20-1000 981 ports to scan, use -V to see all the replies +----+-----------+---------+---+-----+-----+-----+ |port| serv name | flags |ttl| id | win | len | +----+-----------+---------+---+-----+-----+-----+ 80 http : .S..A... 244 7201 8190 46 All replies received. Done. Not responding ports: (68 bootpc) (220 imap3) (226 ) (234 ) (242 ) (243 ) (244 ) (245 link) (249 ) (250 ) (251 ) (253 ) (255 ) (258 ) (259 ) (260 ) (261 ) (264 ) (266 ) (267 ) (271 ) (275 ) (277 ) (284 ) (286 ) (288 ) (292 ) (293 ) (294 ) (295 ) (296 ) (347 fatserv) (353 ) (366 odmr) (367 ) (369 rpc2portmap) (371 ) (372 ulistproc) (375 ) (379 ) (383 ) (385 ) (387 ) (388 ) (389 ldap) (391 ) (392 ) (393 ) (394 ) (397 ) (398 ) (402 ) (408 ) (409 ) (410 ) (412 ) (417 ) (423 ) (425 ) (428 ) (433 ) (434 mobileip-ag) (435 mobilip-mn) (446 ) (447 ) (448 ) (449 ) (453 ) (457 ) (458 ) (464 kpasswd) (465 smtps) (468 photuris) (474 ) (475 ) (480 ) (481 ) (482 ) (483 ) (486 ) (491 ) (493 ) (494 ) (500 isakmp) (507 ) (511 ) (512 exec) (513 login) (520 efs) (521 ripng) (522 ) (525 timed) (527 ) (528 ) (529 ) (531 conference) (534 ) (535 iiop) (536 ) (537 ) (538 gdomap) (539 ) (540 uucp) (541 ) (542 ) (543 klogin) (544 kshell) (545 ) (551 ) (553 ) (556 remotefs) (558 ) (560 ) (562 ) (568 ) (573 ) (576 ) (577 ) (584 ) (585 ) (593 ) (607 ) (610 npmp-local) (622 ) (627 ) (629 ) (633 ) (645 ) (664 ) (665 ) (674 acap) (704 ) (768 ) (774 ) (776 ) (778 ) (780 ) (785 ) (788 ) (789 ) (792 ) (793 ) (800 ) (806 ) (809 ) (810 ) (811 ) (816 ) (821 ) (823 ) (824 ) (825 ) (829 ) (831 ) (832 ) (834 ) (839 ) (840 ) (844 ) (848 ) (855 ) (858 ) (859 ) (860 ) (868 ) (874 ) (878 ) (879 ) (881 ) (882 ) (883 ) (886 ) (888 ) (889 ) (891 ) (896 ) (903 ) (911 ) (912 ) (915 ) (917 ) (920 ) (921 ) (922 ) (946 ) (949 ) (950 ) (953 rndc) (958 ) (960 ) (963 ) (969 ) (970 ) (972 ) (980 ) (981 ) (983 ) (985 ) (988 ) (989 ) (991 ) (992 telnets) (995 pop3s) (996 ) (998 )
對 10.10.10.134 的 80 port 發每秒10個 SYN tcp 封包,並偽裝成 10.10.10.231
hping 10.10.10.134 -p 80 -i u10000 -S -a 10.10.10.231
留言