Hping3: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 17: | Zeile 17: | ||
=gespoofte IP= | =gespoofte IP= | ||
*hping3 192.168.244.52 -S -p 80 -a 192.168.244.156 | *hping3 192.168.244.52 -S -p 80 -a 192.168.244.156 | ||
| + | =Pakete in Verbindung schicken= | ||
| + | kann man in verbindung mit ARP Spoofing benutzen | ||
| + | =Versuchsaufbau= | ||
| + | *server: tac | ||
| + | ;starten eines tcp server auf port 2020 | ||
| + | root@tac:~# nc -lp 2020 | ||
| + | *client: cardassia | ||
| + | drei fenster | ||
| + | ==fenster eins== | ||
| + | ;tcpdump | ||
| + | cardassia ~ # tcpdump -ni lan -S port 2020 | ||
| + | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
| + | listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes | ||
| + | ==fenster zwei== | ||
| + | ;client | ||
| + | thomas.will@cardassia ~ $ nc 192.168.244.52 2020 | ||
| + | ==fenster eins== | ||
| + | cardassia ~ # tcpdump -ni lan -S port 2020 | ||
| + | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
| + | listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes | ||
| + | 15:26:44.663526 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [S], seq 1758983238, win 29200, options [mss 1460,sackOK,TS val 2268763 ecr 0,nop,wscale 7], length 0 | ||
| + | 15:26:44.663980 IP 192.168.244.52.2020 > 192.168.244.1.58257: Flags [S.], seq 963043879, ack 1758983239, win 28960, options [mss 1460,sackOK,TS val 193210349 ecr 2268763,nop,wscale 7], length 0 | ||
| + | 15:26:44.664035 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [.], ack 963043880, win 229, options [nop,nop,TS val 2268763 ecr 193210349], length 0 | ||
=Links= | =Links= | ||
*http://www.eggdrop.ch/texts/hping/#2_1 | *http://www.eggdrop.ch/texts/hping/#2_1 | ||
*http://www.rationallyparanoid.com/articles/hping.html | *http://www.rationallyparanoid.com/articles/hping.html | ||
Version vom 14. Oktober 2015, 13:29 Uhr
PING auf port 0
- hping3 192.168.244.52
SYN Ping
- hping3 192.168.244.52 -S -p 80 -w 2000 -d 1500
SYN tcp flag: -S Port 80: -p 80 TCP Window: -w 2000 Data Size: -d 1500
SYN PUSH Ping
- hping3 192.168.244.52 -S -P -p 80
Push Flag: -P
ACK Ping
- hping3 192.168.244.52 -A -p 80
ACK Flag: -A
gespoofte IP
- hping3 192.168.244.52 -S -p 80 -a 192.168.244.156
Pakete in Verbindung schicken
kann man in verbindung mit ARP Spoofing benutzen
Versuchsaufbau
- server: tac
- starten eines tcp server auf port 2020
root@tac:~# nc -lp 2020
- client: cardassia
drei fenster
fenster eins
- tcpdump
cardassia ~ # tcpdump -ni lan -S port 2020 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes
fenster zwei
- client
thomas.will@cardassia ~ $ nc 192.168.244.52 2020
fenster eins
cardassia ~ # tcpdump -ni lan -S port 2020 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes 15:26:44.663526 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [S], seq 1758983238, win 29200, options [mss 1460,sackOK,TS val 2268763 ecr 0,nop,wscale 7], length 0 15:26:44.663980 IP 192.168.244.52.2020 > 192.168.244.1.58257: Flags [S.], seq 963043879, ack 1758983239, win 28960, options [mss 1460,sackOK,TS val 193210349 ecr 2268763,nop,wscale 7], length 0 15:26:44.664035 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [.], ack 963043880, win 229, options [nop,nop,TS val 2268763 ecr 193210349], length 0