hping3 exercise

TCP 3-way Handshake

This exercise demonstrates the Transmission Control Protocol 3-way handshake.

Getting hping3

Fedora/CentOS

$ dnf install hping3

Available on github, https://github.com/antirez/hping

Description

hping3 – send (almost) arbitrary TCP/IP packets to network hosts

hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols.

Using hping3 you are able to perform at least the following:

  • Test firewall rules
  • Advanced port scanning
  • Test net performance using different protocols, packet size, TOS (type of service) and fragmentation.
  • Path MTU discovery
  • Transferring files between even really fascist firewall rules.
  • Traceroute-like under different protocols.
  • Firewalk-like usage.
  • Remote OS fingerprinting.
  • TCP/IP stack auditing.
  • Lots more.

Exercise

Start a listener on port 80 using netcat.

$ nc -l 127.0.0.1 80

From a different terminal run the following command.

$ sudo hping3 -I lo -c 3 -S 127.0.0.1 -p 80

Next steps.. your turn.

Note: stop the netcat listener after each question and restart using the appropriate port.

1. Explain what the hping3 command above is doing.

2. What hping3 options would you use to send three ACK packets to port 80?

  • run the command and note the responses.

3. What hping3 options would you use to send four SYN-ACK packets to port 443?

  • run the command and note the responses.

4. What hping3 options would you use to send two RST packets to port 22?

  • run the command and note the responses.

5. Why do we receive the various responses above, i.e., what does each type of response mean?