¿ù°£ Àα⠰Խù°

°Ô½Ã¹° 160°Ç
   
hping3 ¿É¼Ç
±Û¾´ÀÌ : ÃÖ°í°ü¸®ÀÚ ³¯Â¥ : 2010-03-12 (±Ý) 18:52 Á¶È¸ : 10045
±ÛÁÖ¼Ò :
                          

http://hping.org/
Á»´õ ÀÚ¼¼ÇÑ°Ç man ÆäÀÌÁö¸¦ ÅëÇؼ­....


BASE OPTIONS
       -h --help
              Show an help screen on standard output, so you can pipe to less.

       -v --version
              Show version information and API used to access to data link layer, linux sock packet or libpcap.

       -c --count count
              Stop after sending (and receiving) count response packets. After last packet was send hping2 wait COUNTREACHED_TIMEOUT seconds target host replies. You are able to tune COUNTREACHED_TIMEOUT editing hping2.h

       -i --interval
              Wait  the specified number of seconds or micro seconds between sending each packet.  --interval X set wait to X seconds, --interval uX set wait to X micro seconds.  The default is to wait one second between each packet. Using hping2 to
              transfer files tune this option is really important in order to increase transfer rate. Even using hping2 to perform idle/spoofing scanning you should tune this option, see HPING2-HOWTO for more information.

       --fast Alias for -i u10000. Hping will send 10 packets for second.

       --faster
              Alias for -i u1. Faster then --fast ;) (but not as fast as your computer can send packets due to the signal-driven design).

       --flood
              Sent packets as fast as possible, without taking care to show incoming replies.  This is ways faster than to specify the -i u0 option.

       -n --numeric
              Numeric output only, No attempt will be made to lookup symbolic names for host addresses.

       -q --quiet
              Quiet output. Nothing is displayed except the summary lines at startup time and when finished.

       -I --interface interface name
              By default on linux and BSD systems hping2 uses default routing interface.  In other systems or when there is no default route hping2 uses the first non-loopback interface.  However you are able to force hping2 to use the interface you
              need using this option. Note: you don't need to specify the whole name, for example -I et will match eth0 ethernet0 myet1 et cetera. If no interfaces match hping2 will try to use lo.

       -V --verbose
              Enable verbose output. TCP replies will be shown as follows:

              len=46 ip=192.168.1.1 flags=RA DF seq=0 ttl=255 id=0 win=0 rtt=0.4 ms tos=0 iplen=40 seq=0 ack=1380893504 sum=2010 urp=0

       -D --debug
              Enable  debug  mode,  it's useful when you experience some problem with hping2. When debug mode is enabled you will get more information about interface detection, data link layer access, interface settings, options parsing, fragmenta-
              tion, HCMP protocol and other stuff.

       -z --bind
              Bind CTRL+Z to time to live (TTL) so you will able to increment/decrement ttl of outgoing packets pressing CTRL+Z once or twice.

       -Z --unbind
              Unbind CTRL+Z so you will able to stop hping2.

       --beep Beep for every matching received packet (but not for ICMP errors).



PROTOCOL SELECTION
       Default protocol is TCP, by default hping2 will send tcp headers to target host's port 0 with a winsize of 64 without any tcp flag on. Often this is the best way to do an 'hide ping', useful when target is behind a firewall  that  drop  ICMP.
       Moreover a tcp null-flag to port 0 has a good probability of not being logged.

       -0 --rawip
              RAW IP mode, in this mode hping2 will send IP header with data appended with --signature and/or --file, see also --ipproto that allows you to set the ip protocol field.

       -1 --icmp
              ICMP mode, by default hping2 will send ICMP echo-request, you can set other ICMP type/code using --icmptype --icmpcode options.

       -2 --udp
              UDP mode, by default hping2 will send udp to target host's port 0.  UDP header tunable options are the following: --baseport, --destport, --keep.

       -8 --scan
              Scan  mode, the option expects an argument that describes groups of ports to scan. port groups are comma separated: a number describes just a single port, so 1,2,3 means port 1, 2 and 3. ranges are specified using a start-end notation,
              like 1-1000, that tell hping to scan ports between 1 and 1000 (included). the special word all is an alias for 0-65535, while the special word known includes all the ports listed in /etc/services.
              Groups can be combined, so the following command line will scan ports between 1 and 1000 AND port 8888 AND ports listed in /etc/services: hping --scan 1-1000,8888,known -S target.host.com
              Groups can be negated (subtracted) using a ! character as prefix, so the following command line will scan all the ports NOT listed in /etc/services in the range 1-1024: hping --scan '1-1024,!known' -S target.host.com
              Keep in mind that while hping seems much more like a port scanner in this mode, most of the hping switches are still honored, so for example to perform a SYN scan you need to specify the -S option, you can change the TCP windows  size,
              TTL, control the IP fragmentation as usually, and so on. The only real difference is that the standard hping behaviors are encapsulated into a scanning algorithm.
              Tech note: The scan mode uses a two-processes design, with shared memory for synchronization. The scanning algorithm is still not optimal, but already quite fast.
              Hint:  unlike  most  scanners,  hping shows some interesting info about received packets, the IP ID, TCP win, TTL, and so on, don't forget to look at this additional information when you perform a scan! Sometimes they shows interesting
              details.

       -9 --listen signature
              HPING2 listen mode, using this option hping2 waits for packet that contain signature and dump from signature end to packet's end. For example if hping2 --listen TEST reads a packet that contain 234-09sdflkjs45-TESThello_world  it  will
              display hello_world.


IP RELATED OPTIONS
       -a --spoof hostname
              Use  this  option in order to set a fake IP source address, this option ensures that target will not gain your real address. However replies will be sent to spoofed address, so you will can't see them. In order to see how it's possible
              to perform spoofed/idle scanning see the HPING2-HOWTO.

       --rand-source
              This option enables the random source mode.  hping will send packets with random source address. It is interesting to use this option to stress firewall state tables, and other per-ip basis dynamic tables inside the TCP/IP  stacks  and
              firewall software.

       --rand-dest
              This option enables the random destination mode.  hping will send the packets to random addresses obtained following the rule you specify as the target host. You need to specify a numerical IP address as target host like 10.0.0.x.  All
              the occurrences of x will be replaced with a random number in the range 0-255. So to obtain Internet IP addresses in the whole IPv4 space use something like hping x.x.x.x --rand-dest.  If you are not sure about what kind  of  addresses
              your rule is generating try to use the --debug switch to display every new destination address generated.  When this option is turned on, matching packets will be accept from all the destinations.
              Warning: when this option is enabled hping can't detect the right outgoing interface for the packets, so you should use the --interface option to select the desired outgoing interface.

       -t --ttl time to live
              Using this option you can set TTL (time to live) of outgoing packets, it's likely that you will use this with --traceroute or --bind options. If in doubt try 'hping2 some.host.com -t 1 --traceroute'.

       -N --id
              Set ip->id field. Default id is random but if fragmentation is turned on and id isn't specified it will be getpid() & 0xFF, to implement a better solution is in TODO list.

       -H --ipproto
              Set the ip protocol in RAW IP mode.

       -W --winid
              id from Windows* systems before Win2k has different byte ordering, if this option is enable hping2 will properly display id replies from those Windows.

       -r --rel
              Display id increments instead of id. See the HPING2-HOWTO for more information. Increments aren't computed as id[N]-id[N-1] but using packet loss compensation. See relid.c for more information.

       -f --frag
              Split  packets in more fragments, this may be useful in order to test IP stacks fragmentation performance and to test if some packet filter is so weak that can be passed using tiny fragments (anachronistic). Default 'virtual mtu' is 16
              bytes. see also --mtu option.

       -x --morefrag
              Set more fragments IP flag, use this option if you want that target host send an ICMP time-exceeded during reassembly.

       -y --dontfrag
              Set don't fragment IP flag, this can be used to perform MTU path discovery.

       -g --fragoff fragment offset value
              Set the fragment offset.

       -m --mtu mtu value
              Set different 'virtual mtu' than 16 when fragmentation is enabled. If packets size is greater that 'virtual mtu' fragmentation is automatically turned on.

       -o --tos hex_tos
              Set Type Of Service (TOS), for more information try --tos help.

       -G --rroute
              Record route. Includes the RECORD_ROUTE option in each packet sent and displays the route buffer of returned packets. Note that the IP header is only large enough for nine such routes. Many hosts ignore or  discard  this  option.  Also
              note that using hping you are able to use record route even if target host filter ICMP. Record route is an IP option, not an ICMP option, so you can use record route option even in TCP and UDP mode.



ÃÖ°í°ü¸®ÀÚ 2011-06-09 (¸ñ) 15:02
hping3 --flood --rand-source -d 64 -p 80 -S xxx.xxx.xxx.xxx
À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

 



 
»çÀÌÆ®¸í : ¸ðÁö¸®³× | ´ëÇ¥ : ÀÌ°æÇö | °³ÀÎÄ¿¹Â´ÏƼ : ·©Å°´åÄÄ ¿î¿µÃ¼Á¦(OS) | °æ±âµµ ¼º³²½Ã ºÐ´ç±¸ | ÀüÀÚ¿ìÆí : mojily°ñ¹ðÀÌchonnom.com Copyright ¨Ï www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.