hping wiki

Differences for page Getting started with hping3

Current version compared with version Thu Oct 07 00:16:43 GMT 2004

...
  This document is a quick introduction to [hping3]. [hping3] is mostly command line compatible with [hping2]
  so the command line interface is not documented in this document. Instead this is an introduction to the
- hping Tcl scripting capabilities, and how to use they interactively and in standalone scripts.
+ hping Tcl scripting capabilities, and how to use them interactively and in standalone scripts.
  
+ 
+ {Important Note:} to get the best of hping3 you should learn some basic Tcl programming. To make the
+ task more simple I'm writing a book about Tcl programming, the first nine chapters (all you need
+ to start with Tcl IMHO) are *online for free* here: [link http://www.invece.org/tclwise/].  
+ 
  ===First steps===
  
+ 
  First of all you need a working [hping3] installation. Go to the [download] page, and download the latest
  hping3 tar.gz available. Install it, and log in as the *root* user (you need this to send and receive raw packets).
  
...
  *+*, *-*, and so on.
  
  
- As first try, you can type some simple command and see the result:
+ As first try, you can type a simple command and see the result:
  
   hping3.0.0-alpha-1> hping resolve www.google.com
   66.102.9.104
...
  
  
  The *hping* command should be called with a subcommand as a first argument (*resolve* in the example)
- and additional arguments accordingly to the particular subcommand.
- The [hping resolve] command is used to convert an hostname in an [IP address].
+ and additional arguments according to the particular subcommand.
+ The [hping resolve] command is used to convert a hostname to an [IP address].
  
  
  Ok, that's the basic usage. Now we can start to try more advanced commands (you can find
...
  
  
  This command means "send an ICMP echo request packet to 192.168.1.8". Many details of
- the packet can be omitted. For example we didn't specified our source address (that will
+ the packet can be omitted. For example we didn't specify our source address (that will
  default to the real source address of the sender, the one of the outgoing interface),
- nor the IP or ICMP checksum. hping will care to compute they for us.
+ nor the IP or ICMP checksum. hping will compute them for us.
  
  
  Let's check what tcpdump running at 192.168.1.8 detected:
...
  Our ICMP packet reached the destination, that kindly replied with an ICMP echo reply
  packet.
  
- It's better to recall for a second the previuos command, to analyze it better:
+ It's better to recall for a second the previous command, to analyze it better:
  
  hping3.0.0-alpha-1> {hping send \{ip(daddr=192.168.1.8)+icmp(type=8,code=0)\}}
  
...
- As you can see, there are \{ and \} surrounding the packet description. This are required by
+ As you can see, there are \{ and \} surrounding the packet description. This is required by
  [Tcl] in order to quote the string so that special characters will not be interpreted.
- To quote with \{\} in Tcl is just like to quote with "" in most other languages, with the
+ Quoting with \{\} in Tcl is just like to quote with "" in most other languages, with the
  difference that no escapes are recognized inside \{\} quoting.
  
  The second thing to note is the format we used to describe the packet. That's called
...
  is a simple way to figure how to generate a given packet, because hping3 use this
  format to send packets, but also to receive packets as we will see in a moment.
  
- 
  ===Tcl inside===
  
  Before to show how it's possible to receive packets, I want to stress the fact that we are
...
  text editor, and then run it using hping:
  
   # hping exec foo.htcl
+ - Cut&paste it into the hping interactive shell also works well.
  
- But note that to just cut&paste it into the hping interactive shell also works well.
- It's important to note that this time we used "" quoting for the packet
- description, because we are using *$i* in order to have the *i* variable
- expanded as ttl value for every *foreach* iteration.
+ Note that because this example uses a variable *i* to increment the ttl value on every iteration 
+ of the *foreach*, we used "" rather than \{\} quoting so that *$i* would be expanded to the value of *i*.
  
  
  I think it's clear now that in order to make a good use of [hping3] you need to learn the Tcl
...
  
  ===Packet reception===
  
- Another very imporant subcommand of hping is [hping recv], that is used to
+ Another very important subcommand of hping is [hping recv], that is used to
  capture packets from the specified interface. The simplest usage is the following:
  
  
...
  `Because the received packet description is too long I added newlines quoted with \\, but actually hping will read the packet as a unique string.`
  
  
- [hping recv] returns a Tcl list, where every element is a packet (but for default
+ [hping recv] returns a Tcl list, where every element is a packet (but by default
  it will be just one-element list).
  
  
...
  At every call, {hping recv eth0} will return the packet(s) in queue. If there is no packet to receive
- the command will block until one is not available.
+ the command will block until one is available.
  
  
- If you don't want that [hping recv] will block forever, you can specify an additional
+ If you don't want [hping recv] to block forever, you can specify an additional
  argument. One more argument will tell hping the max number of packets to return in
- a single call. To know the details please check the [hping recv] page in this wiki
+ a single call. To learn the details please check the [hping recv] page in this wiki.
  
  
  Note that the command always returns a Tcl list of packets, even when just one packet
...
   }
  
  
- The first like is just a *while* loop that will repeat forever the script provided as second argument.
- the second line, {set p \[lindex \[hping recv eth0\] 0\]} gets the next packet, the *lindex* command
- is used to extract the packet form the Tcl list (and the 0 argument tells lindex to get the first packet).
+ The first line is just a *while* loop that will repeat the script provided as second argument forever.
+ The second line, {set p \[lindex \[hping recv eth0\] 0\]} gets the next packet, the *lindex* command
+ is used to extract the packet from the Tcl list (and the 0 argument tells lindex to get the first packet).
  
  
- The second line of code, {puts "..."}, print on the scrint the source IP address and the TTL value of the
+ The second line of code, {puts "..."}, print on the screen the source IP address and the TTL value of the
  packet. To extract fiels from packets there is the command [hping getfield] (see the specific page for
  more information as usually).
  
...
  ===A more complex example===
  
  
- The following is a more real-world example, an hping script used to analyzer the Initial Sequence Number
+ The following is a more real-world example, an hping script used to analyze the Initial Sequence Number
  of a TCP/IP stack implementation. This example uses [Tk] in order to be able to display a spectrogram
  of the ISN increments in graphic. Note that the script is quite "rude" in order to make it
  as simple as possible (otherwise it will hardly be good in order to learn hping3 by examples).
...
  [img http://www.hping.org/hping3/linux.jpg]
  
  
- 
  While that's what I get with Windows 2000:
  
  [img http://www.hping.org/hping3/win.jpg]
...
  
+ 
  `To appreaciate the real difference about the two OSes note the scale indication in the pictures.`
  
  
...
  library, but both this program and the lib itself are under the */lib* directory
  of the hping3 distribution, so don't bother to retype it from this page.
  
- 
  That's how to use the script against a Linux box.
  
   cd /your/path/hping3/lib
...

The following is the old page content