hping send ?-nocompile? packet
This command is used to send TCP/IP packets. It is able to send
packets specified in the same format the command hping recv returns
packets, this basically means that you can experiment with
'hping recv' in order to understand how to send a given packet.
Also note that a common pattern with hping3 is to receive
packets with hping recv, modify these packets in some way
and resend with hping send. This makes the creation of scripts
to do NAT and all the sort of TCP/IP flow manipulation very easy.
In order to send a TCP packet with the SYN flag set to the
host www.hping.org one can write:
hping3> set target www.hping.org
www.hping.org
hping3> set myaddr [hping outifa $target]
192.168.1.6
hping3> hping send "ip(saddr=$myaddr,daddr=$target,ttl=255)+tcp(sport=123,dport=80,flags=s)"
Note that the first two commands are used to get the outgoing interface
address. From the example it should be clear that in the hping3 world
packets are strings representing different layers of the packet.
When a given layer is not specified by the user, hping tries to set
it to a reasonable value. For instance the user doesn't need to
specify IP and TCP checksums for normal packets because hping will
compute them automatically. Of course to create broken packets it can
be useful to specify a checksum field.
Working with packets as strings, it is handy to create a packet
starting with an empty string, adding a layer at a time: this makes
the code very simple to read. For example the previous code to
send a packet can be written this way:
set target www.hping.org
set myaddr [hping outifa $target]
set syn {}
append syn "ip(saddr=$myaddr,daddr=$target,ttl=255)"
append syn "+tcp(sport=123,dport=80,flags=2)"
hping send $syn
You can cut and paste the code in a file called 'example.htcl', then
run it using:
hping3 exec example.htcl
Note that you can use all the features of Tcl, for example
in order to send the same SYN packet with 10 different TTL values
it is possible to modify the previous script to obtain this:
set target www.hping.org
set myaddr [hping outifa $target]
for {set ttl 0} {$ttl < 10} {incr ttl} {
set syn {}
append syn "ip(saddr=$myaddr,daddr=$target,ttl=$ttl)"
append syn "+tcp(sport=123,dport=80,flags=2)"
hping send $syn
}
The -nocompile optional switch is used to tell hping to not
compile the packet (packet compilation calculate stuff like
checksums, tot length, and so on), it is useful in order to
send broken packets.
|