PING auf port 0

• hping3 192.168.244.52

SYN Ping

• hping3 192.168.244.52 -S -p 80 -w 2000 -d 1500

SYN tcp flag: -S
Port 80: -p 80 
TCP Window: -w 2000 
Data Size: -d 1500

SYN PUSH Ping

• hping3 192.168.244.52 -S -P -p 80

Push Flag: -P

ACK Ping

• hping3 192.168.244.52 -A -p 80

ACK Flag: -A 

gespoofte IP

• hping3 192.168.244.52 -S -p 80 -a 192.168.244.156

Pakete in Verbindung schicken

kann man in verbindung mit ARP Spoofing benutzen

Versuchsaufbau

• server: tac
• client: cardassia

fenster server=

starten eines tcp server auf port 2020

root@tac:~# nc -lp 2020

fenster client eins

tcpdump

cardassia ~ # tcpdump -ni lan  -S port 2020
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes

fenster client zwei

client

thomas.will@cardassia ~ $ nc 192.168.244.52  2020

fenster client eins

cardassia ~ # tcpdump -ni lan  -S port 2020
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes
15:26:44.663526 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [S], seq 1758983238, win 29200, options [mss 1460,sackOK,TS val 2268763 ecr 0,nop,wscale 7], length 0
15:26:44.663980 IP 192.168.244.52.2020 > 192.168.244.1.58257: Flags [S.], seq 963043879, ack 1758983239, win 28960, options [mss 1460,sackOK,TS val 193210349 ecr 2268763,nop,wscale 7], length 0
15:26:44.664035 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [.], ack 963043880, win 229, options [nop,nop,TS val 2268763 ecr 193210349], length 0

fenster client drei

datei erstellen 11 bytes mit Umbruch

• cardassia ~ # echo "hallo tux" > data.dat

Links

• http://www.eggdrop.ch/texts/hping/#2_1
• http://www.rationallyparanoid.com/articles/hping.html