HPing: How to generate TCP traffic

Hping is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies. HPING can be used to create IP packets containing TCP, UDP or ICMP payloads. All header fields can be modified and controlled using the command line. If interface MTU less then Payload then packet will be fragmented but in case of SendIP, packet will be dropped by Linux Cllient.

How To Install

Download Tarbell package from here.

Steps to install:

1. Untar it in some folder. (tar -xzvf hping2.0.0-rc2.tar.gz)
2. Goto hping folder ( cd hping2-rc2/ )
3. ./configure
4. sudo make
5. make install
6. Now if you do 'hping2 --h' on Linux CLI, It should show all the options available.

How To Use

Basic Options:

• -c --count  //count Stop after sending (and receiving) count response packets
• -i --interval  //Wait the specified number of seconds or micro seconds between sending each packet. --interval X set wait to X seconds, --interval uX set wait to X micro seconds.
• -I --interface  //interface name
• -V --verbose  //Enable verbose output. TCP replies will be shown as follows: len=46 ip=192.168.1.1 flags=RA DF seq=0 ttl=255 id=0 win=0 rtt=0.4 ms tos=0 iplen=40 seq=0 ack=1380893504 sum=2010 urp=0

Protocol Selection:

• Default protocol is TCP, by default hping2 will send tcp headers to target host's port 0 with a winsize of 64 without any tcp flag on.
• -1 --icmp //ICMP mode, by default hping2 will send ICMP echo-request, you can set other ICMP type/code using --icmptype --icmpcode options.
• -2 --udp //UDP mode, by default hping2 will send udp to target host's port 0. UDP header tunable options are the following: --baseport, --destport, --keep.

Examples:

• TCP: hping -p 23 -c 1 -P -A -s 36617 -d 1170 5.5.5.6 //-s source port,-p dest port,-w Set TCP window size. Default is 64.,-M --tcpseq,-F --fin,-S --syn,-R --rst, -P --push,-A --ack,-U --urg,-X --xmas,-Y --ymas
• ICMP: hping -1 --icmptype 128 --icmpcode 0 5.5.5.6 // --icmptype --icmpcode, echo req - 8,0
• UDP: hping -2 --baseport 34444 --destport 34567 5.5.5.6 //--baseport, --destport, --keep.

Capture and read packets in Linux CLI using TCPDUMP

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.

In this post, i will try to show you how to use tcpdump command and capture required package.

• 'tcpdump' - capture the traffic passing through 'eth0' or management interface.
• 'tcpdump -i eth1' -  use minus (-) i option to capture packet passing through eth1
• 'tcpdump -e -i eth1' -  use minus (-) e option to capture packets passing through eth1 with ethernet header details.
• 'tcpdump -i eth1 tcp' - capture tcp packets only which are passing through eth1
• 'tcpdump -i eth1 tcp and src host 2.2.2.2' - capture tcp packets which is sent from 2.2.2.2
• 'tcpdump -i eth1 tcp or src host 2.2.2.2' - capture tcp packets or packets whose src ip is 2.2.2.2
• 'tcpdump -i eth1 tcp and greater 1000' - capture tcp packets whose length is greater then 1000B.
• tcpdump -n -i eth1 tcp : minus (-) n used to avoid DNS lookups. Don't convert host addresses to names.

Save tcpdump in a file- use minus (-) w option which can be read using WhireShark.

• 'tcpdump -i eth1 -w /dir/file.pcap tcp and host 10.102.174.42'

Read .pcap file using tcpdump

• 'tcpdump -e -r src9.pcap | grep http'

All available filters that you can apply to capture required packets -

• dst host 2.2.2.2  or dst host 9901::123 - destination host
• host 2.2.2.2  or host 9901::123 - has this IP
• ether src fa:38:3c:50:63:72
• ether dst, ether host
• src port 21
• dst port 80
• src portrange 10-90
• less 100
• vlan 5