当前位置: 首页 > 工具软件 > fping > 使用案例 >

hping 详解_hping&fping安装、使用详解介绍

陆沈浪
2023-12-01

一 、在CentOS上安装hping

安装过程可能出现一些问题,具体请参考

# yum -y install gcc libpcap-devel   tcl-devel

# ln -s /usr/include/pcap.h  /usr/include/net/bpf.h

#wget http://www.hping.org/hping3-20051105.tar.gz

#tar -zxvf hping3-20051105.tar.gz

# cd hping3-20051105

#./configure

#make

#make install

检测安装是否成功

#hping -v

二、hping的主要功能

防火墙测试

实用的端口扫描

网络检测,可以用不同的协议、服务类型(TOS)、IP分片

手工探测MTU(最大传输单元)路径

先进的路由跟踪,支持所有的协议

远程操作系统探测

远程的运行时间探测

TCP/IP堆栈审计

三.hping的命令参数说明

3.1默认模式 TCP模式

-0 --rawip RAW IP 模式

-1 --icmp ICMP 模式

-2 --udp UDP 模式

-8 --scan 扫描模式,端口扫描. 例: hping --scan 1-30,70-90 -S www.target.host

-9 --listen 监听模式

默认是tcp模式

1.通过tcp模式给www.baidu.com发送数据包

hping -p 80 -S www.baidu.com -d 0 -c 10 -i 2

【向www.baidu.com的80端口发送10次SYN数据包,每次大小为0,每次间隔2秒】

返回结果如下

HPING www.baidu.com (eno16777736 220.181.111.188): S set, 40 headers + 0 data bytes

len=46 ip=220.181.111.188 ttl=51 id=34698 sport=80 flags=SA seq=0 win=512 rtt=8.7 ms

len=46 ip=220.181.111.188 ttl=50 id=7358 sport=80 flags=SA seq=1 win=512 rtt=8.4 ms

len=46 ip=220.181.111.188 ttl=50 id=63055 sport=80 flags=SA seq=2 win=512 rtt=8.7 ms

len=46 ip=220.181.111.188 ttl=51 id=29977 sport=80 flags=SA seq=3 win=512 rtt=9.3 ms

len=46 ip=220.181.111.188 ttl=51 id=41178 sport=80 flags=SA seq=4 win=512 rtt=10.4 ms

len=46 ip=220.181.111.188 ttl=51 id=1361 sport=80 flags=SA seq=5 win=512 rtt=8.1 ms

len=46 ip=220.181.111.188 ttl=50 id=16185 sport=80 flags=SA seq=6 win=512 rtt=8.2 ms

len=46 ip=220.181.111.188 ttl=50 id=7610 sport=80 flags=SA seq=7 win=512 rtt=8.4 ms

len=46 ip=220.181.111.188 ttl=51 id=14328 sport=80 flags=SA seq=8 win=512 rtt=8.6 ms

len=46 ip=220.181.111.188 ttl=51 id=48664 sport=80 flags=SA seq=9 win=512 rtt=8.2 ms

--- www.baidu.com hping statistic ---

10 packets tramitted, 10 packets received, 0% packet loss

round-trip min/avg/max = 8.1/8.7/10.4 ms

2.通过tcp/udp模式,向114.114.114.114(联通DNS服务器)主机端口53发送数据包

hping -i 1 -p 53 -S 114.114.114.114 -d 0 -c 10

hping --udp -i 1 -p 53 -S 114.114.114.114 -d 0 -c 10

3.使用端口扫描模式,端口扫描(注意,不能扫描当前主机的端口)

hping --scan 100-9000 -S 192.168.1.101

返回结果

Scanning 192.168.1.101 (192.168.1.101), port 100-9000

8901 ports to scan, use -V to see all the replies

+----+-----------+---------+---+-----+-----+-----+

|port| serv name | flags |ttl| id | win | len |

+----+-----------+---------+---+-----+-----+-----+

135 epmap : .S..A... 64 31580 8192 46

139 netbios-ssn: .S..A... 64 31836 8192 46

445 microsoft-d: .S..A... 64 32348 8192 46

1540 rds : .S..A... 64 32860 8192 46

2869 icslap : .S..A... 64 7936 8192 46

3389 ms-wbt-serv: .S..A... 64 36444 8192 46

四.伪造ip,SYN攻击

通过正常的访问方式访问192.168.1.211

#hping -c 5 -d 0 -p 22 -S 192.168.1.211

HPING 192.168.1.211 (eno16777736 192.168.1.211): S set, 40 headers + 0 data bytes

len=46 ip=192.168.1.211 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=29200 rtt=4.2 ms

len=46 ip=192.168.1.211 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=29200 rtt=1.7 ms

len=46 ip=192.168.1.211 ttl=64 DF id=0 sport=22 flags=SA seq=2 win=29200 rtt=1.3 ms

len=46 ip=192.168.1.211 ttl=64 DF id=0 sport=22 flags=SA seq=3 win=29200 rtt=1.3 ms

len=46 ip=192.168.1.211 ttl=64 DF id=0 sport=22 flags=SA seq=4 win=29200 rtt=1.5 ms

从192.168.1.211主机监听到数据

#tcpdump -np src host 192.168.1.110 -i eno16777736

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eno16777736, link-type EN10MB (Ethernet), capture size 65535 bytes

11:50:37.098958 ARP, Request who-has 192.168.1.211 tell 192.168.1.110, length 46

11:50:37.099685 IP 192.168.1.110.ctcd > 192.168.1.211.ssh: Flags [S], seq 1360768716, win 512, length 0

11:50:37.100992 IP 192.168.1.110.ctcd > 192.168.1.211.ssh: Flags [R], seq 1360768717, win 0, length 0

11:50:38.108685 IP 192.168.1.110.virtual-time > 192.168.1.211.ssh: Flags [S], seq 1703180393, win 512, length 0

11:50:38.109386 IP 192.168.1.110.virtual-time > 192.168.1.211.ssh: Flags [R], seq 1703180394, win 0, length 0

11:50:39.117572 IP 192.168.1.110.vids-avtp > 192.168.1.211.ssh: Flags [S], seq 1096998526, win 512, length 0

11:50:39.118296 IP 192.168.1.110.vids-avtp > 192.168.1.211.ssh: Flags [R], seq 1096998527, win 0, length 0

11:50:40.123381 IP 192.168.1.110.buddy-draw > 192.168.1.211.ssh: Flags [S], seq 949943391, win 512, length 0

11:50:40.123840 IP 192.168.1.110.buddy-draw > 192.168.1.211.ssh: Flags [R], seq 949943392, win 0, length 0

11:50:41.133482 IP 192.168.1.110.fiorano-rtrsvc > 192.168.1.211.ssh: Flags [S], seq 405064648, win 512, length 0

11:50:41.136117 IP 192.168.1.110.fiorano-rtrsvc > 192.168.1.211.ssh: Flags [R], seq 405064649, win 0, length 0

然后,我们伪造源ip

#hping -c 5 -d 0 -p 22 -S 192.168.1.211 -a 10.1.193.250

在192.168.1.211上,我们监测不到192.168.1.101

# tcpdump -np src host 192.168.1.110 -i eno16777736

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eno16777736, link-type EN10MB (Ethernet), capture size 65535 bytes

在192.168.1.211上,我们监测到10.1.193.250

# tcpdump -np src host 10.1.193.250 -i eno16777736

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eno16777736, link-type EN10MB (Ethernet), capture size 65535 bytes

12:00:02.786159 IP 10.1.193.250.de-cache-query > 192.168.1.211.ssh: Flags [S], seq 931641178, win 512, length 0

12:00:03.799725 IP 10.1.193.250.de-server > 192.168.1.211.ssh: Flags [S], seq 971637372, win 512, length 0

12:00:04.814282 IP 10.1.193.250.shockwave2 > 192.168.1.211.ssh: Flags [S], seq 1059418599, win 512, length 0

12:00:05.818149 IP 10.1.193.250.opennl > 192.168.1.211.ssh: Flags [S], seq 1718833632, win 512, length 0

12:00:06.820567 IP 10.1.193.250.opennl-voice > 192.168.1.211.ssh: Flags [S], seq 2136128168, win 512, length 0

五.fping的安装和使用

#wget --limit-rate 500k -c http://www.fping.org/dist/fping-3.8.tar.gz

#tar zxvf fping-3.8.tar.gz && cd fping-3.8

#./configure && make && make install

1. 可以一次ping多个主机

2. 可以从主机列表文件ping

3. 结果清晰 便于脚本处理

4. 速度快

显示所有可用主机

fping -a -g 192.168.1.1 192.168.1.210

或者如下方式

fping -a -g 192.168.1.1/24

fping -a -f ./ip_list.txt

 类似资料: