免费视频淫片aa毛片_日韩高清在线亚洲专区vr_日韩大片免费观看视频播放_亚洲欧美国产精品完整版

HPING 參數(shù)

-h --help 顯示幫助

-v --version 版本信息

-c N --count 指定發(fā)送N個(gè)數(shù)據(jù)包

-i --interval 包發(fā)送間隔時(shí)間(單位是毫秒) 缺省時(shí)間是1秒,此功能在增加傳輸率上很重要,在idle/spoofing掃描時(shí)此

功能也會(huì)被用到,你可以參考hping-howto獲得更多信息

--fast 每秒發(fā)10個(gè)數(shù)據(jù)包,(似乎可用作dos攻擊,沒測(cè)試過,不忍拿同學(xué)開刀)

--faster Alias for -i u1

--flood This is ways faster than to specify the -i u0 option

-n -nmeric 數(shù)字輸出,象征性輸出主機(jī)地址(用處不大)

-q -quiet 退出 (什么都不會(huì)輸出,除了開始結(jié)訴時(shí)間)

-I --interface interface name 指定網(wǎng)絡(luò)接口, 多網(wǎng)卡的時(shí)候用.

-V --verbose 顯示很多信息,TCP回應(yīng)一般如下:

len=46 ip=192.168.1.1 flags=RADF seq=0 ttl=255 id=0 win=0 rtt=0.4ms tos=0 iplen=40 seq=0 ack=1380893504 sum=2010 urp=0

-D --debug 進(jìn)入debug模式 當(dāng)你遇到麻煩時(shí),比如用hping遇到一些不合你習(xí)慣的時(shí)候,你可以用此模式修改

hping,(INTERFACE DETECTION,DATA LINK LAYER ACCESS,INTERFACE SETTINGS,.......)

-z --BIND 快捷鍵的使用 (按自己個(gè)人喜好設(shè)定吧)

-Z --unbind 消除快捷鍵

協(xié)議選擇項(xiàng)

-0 --rawip RAW Ip模式,在此模式下,HPING會(huì)發(fā)送帶數(shù)據(jù)的IP 頭,....原文:

RAW IP mode, in this mode hping3 will send IP header with data appended with --signature

and/or --file, see also --ipproto that allows you to set the ip protocol field.

-1 --icmp ICMP模式, 此模式下HPING會(huì)發(fā)送IGMP應(yīng)答報(bào)文,你可以用--icmptype –icmpcode 選項(xiàng)發(fā)送其

他類型/模式的ICMP 報(bào)文

-2 --udp UDP 模式,缺省下,HPING會(huì)發(fā)送UDP報(bào)文到主機(jī)的0端口你可以用--baseport --destport --keep

選項(xiàng)指定其模式

-8 --scan Scan 模式

-9 --listen str hping的listen模式,用此模式,HPING會(huì)接收指定的數(shù)據(jù)

比如:hping --listen TEST 接收數(shù)據(jù)如下時(shí):234-09 sdflkjs45-TESThello_world 會(huì)顯示 hello_word

IP 選項(xiàng)

-a --spoof IP 偽造IP攻擊,防火墻就不會(huì)記錄你的真實(shí)IP了,當(dāng)然,回應(yīng)的包你也接收不到.

hping3 -1 -a 8.8.8.8 58.30.34.18 -c 1 發(fā)送的是icmp 8 0 數(shù)據(jù)包, 但源地址是8.8.8.8

--rand-source用隨機(jī)的原地址 hping3 -1 --rand-source 58.30.34.18

--rand-dest 使用目的隨機(jī)目的地址如 hping3 -I eth0 -1 58.30.34.x --rand-dest -c 10

-t --ttl num 選項(xiàng)可以指定發(fā)出包的TTL值

hping3 -1 -t 2 58.30.34.18 -c 1 將發(fā)送生存時(shí)間為2的icmp 8 0 數(shù)據(jù)包請(qǐng)求

這選項(xiàng)一般和--traceroute 或--bind 一齊用,比如:hping 1.1.1.1 -t 1 --traceroute

-N --id 設(shè)置IP頭部的16位標(biāo)識(shí)(分片用), 設(shè)置時(shí)為10進(jìn)制數(shù).

-H --ipproto Set the ip protocol in RAW IP mode

-W --winid UNIX ,WINDIWS的id回應(yīng)不同, 這選項(xiàng)可以讓你的ID回應(yīng)和WINDOWS 一樣

-r --rel 更改ID,可以讓ID曾遞減輸出,詳見HPING-HOWTO

-f --frag 更改包的FRAG ,這可以測(cè)試對(duì)方對(duì)于包碎片的處理能力,缺省的'virtual mtu'是16字節(jié),

-x --morefrag 此功能可以發(fā)送碎片使主機(jī)忙于恢復(fù)碎片而造成主機(jī)的拒絕服務(wù)

-y -dontfrag 發(fā)送不可恢復(fù)的IP碎片,這可以讓你了解更多的MTU PATH DISCOVERY

-o --tos hex_tos TOS=TYPE OF SERVICE （0x00 默認(rèn)， 0 x02 費(fèi)用， 0 x04 可靠， 0 x08 吞吐，0 x10延遲）

-G --rroute 記錄路由, 可以看到詳悉的數(shù)據(jù), 最多可以經(jīng)過9個(gè)路由, 即使主機(jī)屏蔽了ICMP報(bào)文路由只涉及IP, 所

以任可以記錄, 在TCP UDP下也可以記錄路由的.

-g --fragoff fragment offset value set the fragment offset

-m --mtu mtu value 用此項(xiàng)后 ID數(shù)值變得很大 50000沒指定此項(xiàng)時(shí)3000-20000左右

ICMP 選項(xiàng)

-C --icmptype 指定ICMP類型,缺省是ICMP ECHO REQUEST

-K --icmpcode 指定ICMP代號(hào),缺省0

--icmp-ipver 把IP版本也插入IP 頭,

--icmp-iphlen 設(shè)置IP頭的長(zhǎng)度,缺省為5 (32字節(jié))

--icmp-iplen 設(shè)置IP包長(zhǎng)度

--icmp-ipid 設(shè)置ICMP報(bào)文IP頭的ID,缺省是RANDOM

--icmp-ipproto 設(shè)置協(xié)議的,缺省是TCP

--icmp-cksum 設(shè)置校驗(yàn)和的

--icmp-ts Alias for --icmptype 13 (to send ICMP timestamp requests)

--icmp-addr Alias for --icmptype 17 (to send ICMP address mask requests)

TCP/UDP 選項(xiàng)

-s --baseport sPort hping用源端口猜測(cè)回應(yīng)的包,它從一個(gè)基本端口計(jì)數(shù),每收一個(gè)包,端口也加1,

這規(guī)則你可以自己定義,如用-k --keep可以使端口不會(huì)增加,每次的基本端口是隨機(jī)的

-p --deskport [+][+]desk port 設(shè)置目標(biāo)端口缺省為0,一個(gè)加號(hào)為:每發(fā)送一個(gè)請(qǐng)求包到達(dá)后,

端口加1兩個(gè)加號(hào)為:每發(fā)一個(gè)包,端口數(shù)加1

--keep keep still source port, see --baseport for more information.

-w --win Set TCP window size. Default is 64.

-O --tcpoff Set fake tcp data offset. Normal data offset is tcphdrlen / 4.

-M --tcpseq 設(shè)置TCP序列數(shù),

-L --tcpck 設(shè)置TCP ack 的

-Q --seqnum 搜集序列號(hào), 這對(duì)于你分析TCP序列號(hào)有很大作用,例如:

#hping2 win98 --seqnum -p 139 -S -i u1 -I eth0

HPING uaz (eth0 192.168.4.41): S set, 40 headers + 0 data bytes

2361294848 +2361294848

2411626496 +50331648

2545844224 +134217728

2713616384 +167772160

2881388544 +167772160

3049160704 +167772160

3216932864 +167772160

3384705024 +167772160

3552477184 +167772160

3720249344 +167772160

3888021504 +167772160

4055793664 +167772160

4223565824 +167772160

第一排是序列號(hào),第2排是應(yīng)答的序列號(hào),所以你可以預(yù)見主機(jī)的序列號(hào)

(三次握手后,數(shù)值基本不再變,定在167772160了)

-b --badcksum 發(fā)出一個(gè)錯(cuò)誤校驗(yàn)和的UDP/TCP 包

--tcp-mss Enable the TCP MSS option and set it to the given value.

--tcp-timestamp Enable the TCP timestamp option, and try to guess the timestamp update frequency and

the remote system uptime.

-F -fin Set FIN tcp flag

-S --syn Set SYN tcp flag.

-R --rst Set RST tcp flag.

-P --push Set PUSH tcp flag.

-A --ack Set ACK tcp flag.

-U --urg Set URG tcp flag.

-X --xmas Set Xmas tcp flag.

-Y --ymas Set Ymas tcp flag.

其他:

-d --data data size 設(shè)置包大小,注意:指定DATA 為40時(shí),輸出如下:

HPING www.yahoo.com (ppp0 204.71.200.67): NO FLAGS are set, 40 headers + 40 data bytes

-E --file filename 指定包內(nèi)容如FILENAME里的一樣

-j --dump Dump received packets in hex.

-J --print Dump received packets's printable characters. -B --safe

-B --safe 確保數(shù)據(jù)完整發(fā)出 例如:要發(fā)送A 的/etc/passwd給B

[host_a]# hping2 host_b --udp -p 53 -d 100 --sign signature --safe --file /etc/passwd

[host_b]# hping2 host_a --listen signature --safe --icmp

-u --end 如果你用了--FILE 項(xiàng),當(dāng)EOF到達(dá)后,此項(xiàng)可以幫助你自動(dòng)停止接收無(wú)用的數(shù)據(jù),

-T --traceroute 路由模式

--tr -keep-ttl 一個(gè)和路由有關(guān)的項(xiàng),

Keep the TTL fixed in traceroute mode, so you can monitor just one hop in the route.

For example, to monitor how the 5th hop changes or how its RTT changes you can try

hping3 host --traceroute --ttl 5 --tr-keep-ttl.

--tr-stop 當(dāng)ICMP一旦不可到達(dá)時(shí),自動(dòng)停止發(fā)送

--tr-no-rrt 在路由模式里不顯示RTT 信息,

--tcpexitcode 在某些規(guī)則下可探知主機(jī)是否存活

-e --sign signat ure 指定包頭的內(nèi)容

Fill first signature length bytes of data with signature. If the signature length is bigger than data size an error message

will be displayed. If you don't specify the data size hping will use the signature size as data size. This option can be used

safely with --file filename option, remainder data space will be filled using filename.

TCP OUTPUT FORWAT

The standard TCP output format is the following:

len=46 ip=192.168.1.1 flags=RA DF seq=0 ttl=255 id=0 win=0 rtt=0.4 ms

len is the size, in bytes, of the data captured from the data link layer excluding the

data link header size. This may not match the IP datagram size due to low level transport

layer padding.

ip is the source ip address.

flags are the TCP flags, R for RESET, S for SYN, A for ACK, F for FIN, P for PUSH, U for

URGENT, X for not standard 0x40, Y for not standard 0x80.

If the reply contains DF the IP header has the don't fragment bit set.

seq is the sequence number of the packet, obtained using the source port for TCP/UDP

packets, the sequence field for ICMP packets.

id is the IP ID field.

win is the TCP window size.

rtt is the round trip time in milliseconds.

If you run hping using the V

command line switch it will display additional information

about the packet, example:

len=46 ip=192.168.1.1 flags=RA DF seq=0 ttl=255 id=0 win=0 rtt=0.4 ms tos=0 iplen=40 seq=0

ack=1223672061 sum=e61d urp=0

tos is the type of service field of the IP header.

iplen is the IP total len field.

seq and ack are the sequence and acknowledge 32bit numbers in the TCP header.

sum is the TCP header checksum value.

urp is the TCP urgent pointer value.

UDP OUTPUT FORMAT

The standard output format is:

len=46 ip=192.168.1.1 seq=0 ttl=64 id=0 rtt=6.0 ms

The field meaning is just the same as the TCP output meaning of the same fields.

ICMP OUTPUT FORMAT

An example of ICMP output is:

ICMP Port Unreachable from ip=192.168.1.1 name=nano.marmoc.net

It is very simple to understand. It starts with the string "ICMP" followed by the

description of the ICMP error, Port Unreachable in the example. The ip field is the IP source

address of the IP datagram containing the ICMP error, the name field is just the numerical

address resolved to a name (a dns PTR request) or UNKNOWN if the resolution failed.

The ICMP Time exceeded during transit or reassembly format is a bit different:

TTL 0 during transit from ip=192.168.1.1 name=nano.marmoc.net

TTL 0 during reassembly from ip=192.70.106.25 name=UNKNOWN

The only difference is the description of the error, it starts with TTL 0.