My Cybersecurity Journal: Packet Manipulation Using Nmap, Scapy and hping3

Network scanning is commonly conducted as part of reconnaissance activities to determine what systems, devices, and services exist on a network. Scanning is also part of the day-to-day security operations for many organizations, where it is used to test systems before they are placed into production and to verify that their configuration has not changed on a recurring basis.

Many security tools integrate a network scanning function, but the most commonly used network scanning tool is nmap, the network mapper. Nmap is a command-line utility that provides port scanning, operating system and service identification, as well as general network mapping. It provides features intended to allow it to scan through firewalls and other common network security
devices, and it provides many different scanning and analysis features.

I tried using different tools in my lab to manipulate IP packets. These tools can craft specific packets in order to test firewall rules, perform port scanning, OS fingerprinting, TCP/IP stack auditing, etc.

Nmap Idle Scan

root@kali:~# nmap --help

Nmap 7.70 ( https://nmap.org )

Usage: nmap [Scan Type(s)] [Options] {target specification}

TARGET SPECIFICATION:

Can pass hostnames, IP addresses, networks, etc.

Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254

-iL <inputfilename>: Input from list of hosts/networks

-iR <num hosts>: Choose random targets

--exclude <host1[,host2][,host3],...>: Exclude hosts/networks

--excludefile <exclude_file>: Exclude list from file

HOST DISCOVERY:

-sL: List Scan - simply list targets to scan

-sn: Ping Scan - disable port scan

-Pn: Treat all hosts as online -- skip host discovery

-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports

-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes

-PO[protocol list]: IP Protocol Ping

-n/-R: Never do DNS resolution/Always resolve [default: sometimes]

--dns-servers <serv1[,serv2],...>: Specify custom DNS servers

--system-dns: Use OS's DNS resolver

--traceroute: Trace hop path to each host

SCAN TECHNIQUES:

-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans

-sU: UDP Scan

-sN/sF/sX: TCP Null, FIN, and Xmas scans

--scanflags <flags>: Customize TCP scan flags

-sI <zombie host[:probeport]>: Idle scan

-sY/sZ: SCTP INIT/COOKIE-ECHO scans

-sO: IP protocol scan

-b <FTP relay host>: FTP bounce scan

PORT SPECIFICATION AND SCAN ORDER:

-p <port ranges>: Only scan specified ports

Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9

--exclude-ports <port ranges>: Exclude the specified ports from scanning

-F: Fast mode - Scan fewer ports than the default scan

-r: Scan ports consecutively - don't randomize

--top-ports <number>: Scan <number> most common ports

--port-ratio <ratio>: Scan ports more common than <ratio>

SERVICE/VERSION DETECTION:

-sV: Probe open ports to determine service/version info

--version-intensity <level>: Set from 0 (light) to 9 (try all probes)

--version-light: Limit to most likely probes (intensity 2)

--version-all: Try every single probe (intensity 9)

--version-trace: Show detailed version scan activity (for debugging)

SCRIPT SCAN:

-sC: equivalent to --script=default

--script=<Lua scripts>: <Lua scripts> is a comma separated list of

directories, script-files or script-categories

--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts

--script-args-file=filename: provide NSE script args in a file

--script-trace: Show all data sent and received

--script-updatedb: Update the script database.

--script-help=<Lua scripts>: Show help about scripts.

<Lua scripts> is a comma-separated list of script-files or

script-categories.

OS DETECTION:

-O: Enable OS detection

--osscan-limit: Limit OS detection to promising targets

--osscan-guess: Guess OS more aggressively

TIMING AND PERFORMANCE:

Options which take <time> are in seconds, or append 'ms' (milliseconds),

's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).

-T<0-5>: Set timing template (higher is faster)

--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes

--min-parallelism/max-parallelism <numprobes>: Probe parallelization

--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies

probe round trip time.

--max-retries <tries>: Caps number of port scan probe retransmissions.

--host-timeout <time>: Give up on target after this long

--scan-delay/--max-scan-delay <time>: Adjust delay between probes

--min-rate <number>: Send packets no slower than <number> per second

--max-rate <number>: Send packets no faster than <number> per second

FIREWALL/IDS EVASION AND SPOOFING:

-f; --mtu <val>: fragment packets (optionally w/given MTU)

-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys

-S <IP_Address>: Spoof source address

-e <iface>: Use specified interface

-g/--source-port <portnum>: Use given port number

--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies

--data <hex string>: Append a custom payload to sent packets

--data-string <string>: Append a custom ASCII string to sent packets

--data-length <num>: Append random data to sent packets

--ip-options <options>: Send packets with specified ip options

--ttl <val>: Set IP time-to-live field

--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address

--badsum: Send packets with a bogus TCP/UDP/SCTP checksum

OUTPUT:

-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,

and Grepable format, respectively, to the given filename.

-oA <basename>: Output in the three major formats at once

-v: Increase verbosity level (use -vv or more for greater effect)

-d: Increase debugging level (use -dd or more for greater effect)

--reason: Display the reason a port is in a particular state

--open: Only show open (or possibly open) ports

--packet-trace: Show all packets sent and received

--iflist: Print host interfaces and routes (for debugging)

--append-output: Append to rather than clobber specified output files

--resume <filename>: Resume an aborted scan

--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML

--webxml: Reference stylesheet from Nmap.Org for more portable XML

--no-stylesheet: Prevent associating of XSL stylesheet w/XML output

MISC:

-6: Enable IPv6 scanning

-A: Enable OS detection, version detection, script scanning, and traceroute

--datadir <dirname>: Specify custom Nmap data file location

--send-eth/--send-ip: Send using raw ethernet frames or IP packets

--privileged: Assume that the user is fully privileged

--unprivileged: Assume the user lacks raw socket privileges

-V: Print version number

-h: Print this help summary page.

EXAMPLES:

nmap -v -A scanme.nmap.org

nmap -v -sn 192.168.0.0/16 10.0.0.0/8

nmap -v -iR 10000 -Pn -p 80

SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLE

root@kali:~# nmap 192.168.1.0/24

Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-28 21:49 EDT

Nmap scan report for 192.168.1.1 <<< CISCO ASA FIREWALL

Host is up (0.00030s latency).

Not shown: 998 closed ports

PORT STATE SERVICE

22/tcp open ssh

443/tcp open https

MAC Address: 00:78:88:4B:BF:65 (Cisco Systems)

Nmap scan report for 192.168.1.2 <<< ASA FIREPOWER MODULE

Host is up (0.0061s latency).

Not shown: 998 filtered ports

PORT STATE SERVICE

22/tcp open ssh

443/tcp open https

MAC Address: 00:78:88:4B:BF:61 (Cisco Systems)

Nmap scan report for 192.168.1.100 <<< WINDOWS 10

Host is up (0.00011s latency).

Not shown: 994 closed ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

903/tcp open iss-console-mgr

7070/tcp open realserver

MAC Address: C0:3F:D5:6B:62:41 (Elitegroup Computer Systems)

Nmap scan report for 192.168.1.120 <<< METASPLOIT2 LINUX

Host is up (0.00017s latency).

Not shown: 977 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

25/tcp open smtp

53/tcp open domain

80/tcp open http

111/tcp open rpcbind

139/tcp open netbios-ssn

445/tcp open microsoft-ds

512/tcp open exec

513/tcp open login

514/tcp open shell

1099/tcp open rmiregistry

1524/tcp open ingreslock

2049/tcp open nfs

2121/tcp open ccproxy-ftp

3306/tcp open mysql

5432/tcp open postgresql

5900/tcp open vnc

6000/tcp open X11

6667/tcp open irc

8009/tcp open ajp13

8180/tcp open unknown

MAC Address: 00:0C:29:FA:DD:2A (VMware)

Nmap scan report for 192.168.1.130 <<< WINDOWS 7

Host is up (0.00019s latency).

Not shown: 991 closed ports

PORT STATE SERVICE

80/tcp open http

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

49152/tcp open unknown

49153/tcp open unknown

49154/tcp open unknown

49155/tcp open unknown

49159/tcp open unknown

MAC Address: 00:0C:29:6B:99:7A (VMware)

Nmap scan report for 192.168.1.110 <<< KALI LINUX

Host is up (0.0000080s latency).

Not shown: 999 closed ports

PORT STATE SERVICE

22/tcp open ssh

Nmap done: 256 IP addresses (6 hosts up) scanned in 5.81 seconds

root@kali:~# nmap -Pn -sI 192.168.1.130 192.168.1.120

Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-28 21:56 EDT

Idle scan using zombie 192.168.1.130 (192.168.1.130:80); Class: Incremental

Nmap scan report for 192.168.1.120

Host is up (0.051s latency).

Not shown: 977 closed|filtered ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

25/tcp open smtp

53/tcp open domain

80/tcp open http

111/tcp open rpcbind

139/tcp open netbios-ssn

445/tcp open microsoft-ds

512/tcp open exec

513/tcp open login

514/tcp open shell

1099/tcp open rmiregistry

1524/tcp open ingreslock

2049/tcp open nfs

2121/tcp open ccproxy-ftp

3306/tcp open mysql

5432/tcp open postgresql

5900/tcp open vnc

6000/tcp open X11

6667/tcp open irc

8009/tcp open ajp13

8180/tcp open unknown

MAC Address: 00:0C:29:FA:DD:2A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 19.23 seconds

root@kali:~# nmap -Pn -sI 192.168.1.130 -p10-50 --packet-trace 192.168.1.120

Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-28 22:01 EDT

SENT (0.0995s) ARP who-has 192.168.1.120 tell 192.168.1.110

RCVD (0.0997s) ARP reply 192.168.1.120 is-at 00:0C:29:FA:DD:2A

NSOCK INFO [0.1390s] nsock_iod_new2(): nsock_iod_new (IOD #1)

NSOCK INFO [0.1390s] nsock_connect_udp(): UDP connection requested to 8.8.8.8:53 (IOD #1) EID 8

NSOCK INFO [0.1390s] nsock_read(): Read request from IOD #1 [8.8.8.8:53] (timeout: -1ms) EID 18

NSOCK INFO [0.1390s] nsock_write(): Write request for 44 bytes to IOD #1 EID 27 [8.8.8.8:53]

NSOCK INFO [0.1390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [8.8.8.8:53]

NSOCK INFO [0.1390s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [8.8.8.8:53]

NSOCK INFO [0.1440s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [8.8.8.8:53] (44 bytes): /............120.1.168.192.in-addr.arpa.....

NSOCK INFO [0.1440s] nsock_read(): Read request from IOD #1 [8.8.8.8:53] (timeout: -1ms) EID 34

NSOCK INFO [0.1440s] nsock_iod_delete(): nsock_iod_delete (IOD #1)

NSOCK INFO [0.1440s] nevent_delete(): nevent_delete on event #34 (type READ)

SENT (0.1917s) TCP 192.168.1.110:52244 > 192.168.1.130:80 SA ttl=52 id=60511 iplen=44 seq=1408279603 win=1024 <mss 1460>

RCVD (0.1921s) TCP 192.168.1.130:80 > 192.168.1.110:52244 R ttl=128 id=16911 iplen=40 seq=2214526932 win=0

SENT (0.2232s) TCP 192.168.1.110:52245 > 192.168.1.130:80 SA ttl=59 id=23239 iplen=44 seq=1408279604 win=1024 <mss 1460>

RCVD (0.2234s) TCP 192.168.1.130:80 > 192.168.1.110:52245 R ttl=128 id=16912 iplen=40 seq=2214526932 win=0

SENT (0.2542s) TCP 192.168.1.110:52246 > 192.168.1.130:80 SA ttl=56 id=35701 iplen=44 seq=1408279605 win=1024 <mss 1460>

RCVD (0.2544s) TCP 192.168.1.130:80 > 192.168.1.110:52246 R ttl=128 id=16913 iplen=40 seq=2214526932 win=0

SENT (0.2857s) TCP 192.168.1.110:52247 > 192.168.1.130:80 SA ttl=40 id=45205 iplen=44 seq=1408279606 win=1024 <mss 1460>

RCVD (0.2857s) TCP 192.168.1.130:80 > 192.168.1.110:52247 R ttl=128 id=16914 iplen=40 seq=2214526932 win=0

SENT (0.3168s) TCP 192.168.1.110:52248 > 192.168.1.130:80 SA ttl=47 id=29617 iplen=44 seq=1408279607 win=1024 <mss 1460>

RCVD (0.3170s) TCP 192.168.1.130:80 > 192.168.1.110:52248 R ttl=128 id=16915 iplen=40 seq=2214526932 win=0

SENT (0.3483s) TCP 192.168.1.110:52249 > 192.168.1.130:80 SA ttl=47 id=29673 iplen=44 seq=1408279608 win=1024 <mss 1460>

RCVD (0.3485s) TCP 192.168.1.130:80 > 192.168.1.110:52249 R ttl=128 id=16916 iplen=40 seq=2214526932 win=0

Idle scan using zombie 192.168.1.130 (192.168.1.130:80); Class: Incremental

SENT (0.3486s) TCP 192.168.1.120:52243 > 192.168.1.130:80 SA ttl=50 id=53601 iplen=44 seq=1408279603 win=1024 <mss 1460>

SENT (0.3995s) TCP 192.168.1.120:52243 > 192.168.1.130:80 SA ttl=47 id=57795 iplen=44 seq=1408279604 win=1024 <mss 1460>

SENT (0.4505s) TCP 192.168.1.120:52243 > 192.168.1.130:80 SA ttl=51 id=44723 iplen=44 seq=1408279605 win=1024 <mss 1460>

SENT (0.5016s) TCP 192.168.1.120:52243 > 192.168.1.130:80 SA ttl=49 id=50373 iplen=44 seq=1408279606 win=1024 <mss 1460>

SENT (0.8030s) TCP 192.168.1.110:52317 > 192.168.1.130:80 SA ttl=44 id=463 iplen=44 seq=623008735 win=1024 <mss 1460>

RCVD (0.8032s) TCP 192.168.1.130:80 > 192.168.1.110:52317 R ttl=128 id=16921 iplen=40 seq=2097768738 win=0

SENT (0.8033s) TCP 192.168.1.130:80 > 192.168.1.120:23 S ttl=54 id=26793 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8034s) TCP 192.168.1.130:80 > 192.168.1.120:22 S ttl=52 id=58934 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8035s) TCP 192.168.1.130:80 > 192.168.1.120:21 S ttl=42 id=63342 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8035s) TCP 192.168.1.130:80 > 192.168.1.120:25 S ttl=50 id=3770 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8036s) TCP 192.168.1.130:80 > 192.168.1.120:20 S ttl=54 id=58700 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8037s) TCP 192.168.1.130:80 > 192.168.1.120:14 S ttl=49 id=64315 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8037s) TCP 192.168.1.130:80 > 192.168.1.120:15 S ttl=56 id=8141 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8039s) TCP 192.168.1.130:80 > 192.168.1.120:33 S ttl=46 id=39502 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8041s) TCP 192.168.1.130:80 > 192.168.1.120:19 S ttl=37 id=39130 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8042s) TCP 192.168.1.130:80 > 192.168.1.120:34 S ttl=40 id=63433 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8044s) TCP 192.168.1.130:80 > 192.168.1.120:47 S ttl=41 id=5124 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8045s) TCP 192.168.1.130:80 > 192.168.1.120:12 S ttl=53 id=61021 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8046s) TCP 192.168.1.130:80 > 192.168.1.120:50 S ttl=56 id=24801 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8047s) TCP 192.168.1.130:80 > 192.168.1.120:27 S ttl=46 id=27009 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8048s) TCP 192.168.1.130:80 > 192.168.1.120:13 S ttl=47 id=46122 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8050s) TCP 192.168.1.130:80 > 192.168.1.120:45 S ttl=59 id=3285 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8051s) TCP 192.168.1.130:80 > 192.168.1.120:18 S ttl=47 id=44739 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8052s) TCP 192.168.1.130:80 > 192.168.1.120:41 S ttl=56 id=14849 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8053s) TCP 192.168.1.130:80 > 192.168.1.120:42 S ttl=40 id=23253 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8054s) TCP 192.168.1.130:80 > 192.168.1.120:39 S ttl=39 id=59088 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8054s) TCP 192.168.1.130:80 > 192.168.1.120:46 S ttl=55 id=32811 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8540s) TCP 192.168.1.110:52357 > 192.168.1.130:80 SA ttl=46 id=8777 iplen=44 seq=623009235 win=1024 <mss 1460>

RCVD (0.8542s) TCP 192.168.1.130:80 > 192.168.1.110:52357 R ttl=128 id=16926 iplen=40 seq=2097768738 win=0

SENT (0.8811s) TCP 192.168.1.110:52314 > 192.168.1.130:80 SA ttl=56 id=40151 iplen=44 seq=623009735 win=1024 <mss 1460>

RCVD (0.8814s) TCP 192.168.1.130:80 > 192.168.1.110:52314 R ttl=128 id=16927 iplen=40 seq=2097768738 win=0

SENT (0.8822s) TCP 192.168.1.130:80 > 192.168.1.120:23 S ttl=58 id=37296 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8831s) TCP 192.168.1.130:80 > 192.168.1.120:22 S ttl=44 id=14659 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8835s) TCP 192.168.1.130:80 > 192.168.1.120:21 S ttl=49 id=11167 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8835s) TCP 192.168.1.130:80 > 192.168.1.120:25 S ttl=59 id=58865 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8843s) TCP 192.168.1.130:80 > 192.168.1.120:20 S ttl=51 id=14161 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8844s) TCP 192.168.1.130:80 > 192.168.1.120:14 S ttl=56 id=19955 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8847s) TCP 192.168.1.130:80 > 192.168.1.120:15 S ttl=46 id=24920 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8853s) TCP 192.168.1.130:80 > 192.168.1.120:33 S ttl=55 id=46365 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8854s) TCP 192.168.1.130:80 > 192.168.1.120:19 S ttl=55 id=47478 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8858s) TCP 192.168.1.130:80 > 192.168.1.120:34 S ttl=55 id=10061 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.8859s) TCP 192.168.1.130:80 > 192.168.1.120:47 S ttl=48 id=16619 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.9323s) TCP 192.168.1.110:52432 > 192.168.1.130:80 SA ttl=37 id=24071 iplen=44 seq=623010235 win=1024 <mss 1460>

RCVD (0.9326s) TCP 192.168.1.130:80 > 192.168.1.110:52432 R ttl=128 id=16932 iplen=40 seq=2097768738 win=0

SENT (0.9327s) TCP 192.168.1.110:52296 > 192.168.1.130:80 SA ttl=39 id=51889 iplen=44 seq=623010735 win=1024 <mss 1460>

RCVD (0.9331s) TCP 192.168.1.130:80 > 192.168.1.110:52296 R ttl=128 id=16933 iplen=40 seq=2097768738 win=0

SENT (0.9336s) TCP 192.168.1.130:80 > 192.168.1.120:23 S ttl=56 id=62185 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.9337s) TCP 192.168.1.130:80 > 192.168.1.120:22 S ttl=38 id=8911 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.9338s) TCP 192.168.1.130:80 > 192.168.1.120:21 S ttl=49 id=3386 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.9338s) TCP 192.168.1.130:80 > 192.168.1.120:25 S ttl=59 id=21102 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.9339s) TCP 192.168.1.130:80 > 192.168.1.120:20 S ttl=55 id=44729 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.9339s) TCP 192.168.1.130:80 > 192.168.1.120:14 S ttl=53 id=17713 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (0.9842s) TCP 192.168.1.110:52496 > 192.168.1.130:80 SA ttl=57 id=46606 iplen=44 seq=623011235 win=1024 <mss 1460>

RCVD (0.9845s) TCP 192.168.1.130:80 > 192.168.1.110:52496 R ttl=128 id=16938 iplen=40 seq=2097768738 win=0

SENT (1.0103s) TCP 192.168.1.110:52445 > 192.168.1.130:80 SA ttl=49 id=63216 iplen=44 seq=623011735 win=1024 <mss 1460>

RCVD (1.0105s) TCP 192.168.1.130:80 > 192.168.1.110:52445 R ttl=128 id=16939 iplen=40 seq=2097768738 win=0

SENT (1.0107s) TCP 192.168.1.130:80 > 192.168.1.120:23 S ttl=58 id=22911 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.0109s) TCP 192.168.1.130:80 > 192.168.1.120:22 S ttl=47 id=58133 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.0110s) TCP 192.168.1.130:80 > 192.168.1.120:21 S ttl=48 id=17123 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.0613s) TCP 192.168.1.110:52284 > 192.168.1.130:80 SA ttl=51 id=54019 iplen=44 seq=623012235 win=1024 <mss 1460>

RCVD (1.0615s) TCP 192.168.1.130:80 > 192.168.1.110:52284 R ttl=128 id=16943 iplen=40 seq=2097768738 win=0

SENT (1.0863s) TCP 192.168.1.110:52343 > 192.168.1.130:80 SA ttl=38 id=23769 iplen=44 seq=623012735 win=1024 <mss 1460>

RCVD (1.0865s) TCP 192.168.1.130:80 > 192.168.1.110:52343 R ttl=128 id=16944 iplen=40 seq=2097768738 win=0

SENT (1.0872s) TCP 192.168.1.130:80 > 192.168.1.120:23 S ttl=44 id=13639 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.0873s) TCP 192.168.1.130:80 > 192.168.1.120:22 S ttl=42 id=63600 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.1374s) TCP 192.168.1.110:52283 > 192.168.1.130:80 SA ttl=53 id=26065 iplen=44 seq=623013235 win=1024 <mss 1460>

RCVD (1.1376s) TCP 192.168.1.130:80 > 192.168.1.110:52283 R ttl=128 id=16947 iplen=40 seq=2097768738 win=0

SENT (1.1377s) TCP 192.168.1.130:80 > 192.168.1.120:23 S ttl=52 id=12829 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.1886s) TCP 192.168.1.110:52342 > 192.168.1.130:80 SA ttl=59 id=62410 iplen=44 seq=623013735 win=1024 <mss 1460>

RCVD (1.1888s) TCP 192.168.1.130:80 > 192.168.1.110:52342 R ttl=128 id=16949 iplen=40 seq=2097768738 win=0

SENT (1.1889s) TCP 192.168.1.130:80 > 192.168.1.120:22 S ttl=52 id=16050 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.2396s) TCP 192.168.1.110:52353 > 192.168.1.130:80 SA ttl=41 id=30988 iplen=44 seq=623014235 win=1024 <mss 1460>

RCVD (1.2399s) TCP 192.168.1.130:80 > 192.168.1.110:52353 R ttl=128 id=16951 iplen=40 seq=2097768738 win=0

SENT (1.2400s) TCP 192.168.1.130:80 > 192.168.1.120:21 S ttl=44 id=4125 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.2906s) TCP 192.168.1.110:52473 > 192.168.1.130:80 SA ttl=40 id=33118 iplen=44 seq=623014735 win=1024 <mss 1460>

RCVD (1.2908s) TCP 192.168.1.130:80 > 192.168.1.110:52473 R ttl=128 id=16953 iplen=40 seq=2097768738 win=0

SENT (1.2910s) TCP 192.168.1.130:80 > 192.168.1.120:25 S ttl=44 id=31673 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.2914s) TCP 192.168.1.130:80 > 192.168.1.120:20 S ttl=57 id=27566 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.2916s) TCP 192.168.1.130:80 > 192.168.1.120:14 S ttl=48 id=63660 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.3417s) TCP 192.168.1.110:52379 > 192.168.1.130:80 SA ttl=43 id=49023 iplen=44 seq=623015235 win=1024 <mss 1460>

RCVD (1.3419s) TCP 192.168.1.130:80 > 192.168.1.110:52379 R ttl=128 id=16955 iplen=40 seq=2097768738 win=0

SENT (1.4499s) TCP 192.168.1.110:52434 > 192.168.1.130:80 SA ttl=41 id=11354 iplen=44 seq=623015735 win=1024 <mss 1460>

RCVD (1.4500s) TCP 192.168.1.130:80 > 192.168.1.110:52434 R ttl=128 id=16956 iplen=40 seq=2097768738 win=0

SENT (1.4504s) TCP 192.168.1.130:80 > 192.168.1.120:25 S ttl=56 id=49461 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.4505s) TCP 192.168.1.130:80 > 192.168.1.120:20 S ttl=38 id=65219 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.5009s) TCP 192.168.1.110:52311 > 192.168.1.130:80 SA ttl=48 id=36787 iplen=44 seq=623016235 win=1024 <mss 1460>

RCVD (1.5011s) TCP 192.168.1.130:80 > 192.168.1.110:52311 R ttl=128 id=16958 iplen=40 seq=2097768738 win=0

SENT (1.5260s) TCP 192.168.1.110:52425 > 192.168.1.130:80 SA ttl=44 id=40610 iplen=44 seq=623016735 win=1024 <mss 1460>

RCVD (1.5262s) TCP 192.168.1.130:80 > 192.168.1.110:52425 R ttl=128 id=16959 iplen=40 seq=2097768738 win=0

SENT (1.5265s) TCP 192.168.1.130:80 > 192.168.1.120:25 S ttl=49 id=30552 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.5771s) TCP 192.168.1.110:52442 > 192.168.1.130:80 SA ttl=59 id=2210 iplen=44 seq=623017235 win=1024 <mss 1460>

RCVD (1.5776s) TCP 192.168.1.130:80 > 192.168.1.110:52442 R ttl=128 id=16961 iplen=40 seq=2097768738 win=0

SENT (1.5778s) TCP 192.168.1.130:80 > 192.168.1.120:20 S ttl=59 id=3396 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.6281s) TCP 192.168.1.110:52398 > 192.168.1.130:80 SA ttl=43 id=12263 iplen=44 seq=623017735 win=1024 <mss 1460>

RCVD (1.6285s) TCP 192.168.1.130:80 > 192.168.1.110:52398 R ttl=128 id=16962 iplen=40 seq=2097768738 win=0

SENT (1.6542s) TCP 192.168.1.110:52329 > 192.168.1.130:80 SA ttl=56 id=34646 iplen=44 seq=623018235 win=1024 <mss 1460>

RCVD (1.6544s) TCP 192.168.1.130:80 > 192.168.1.110:52329 R ttl=128 id=16963 iplen=40 seq=2097768738 win=0

SENT (1.6557s) TCP 192.168.1.130:80 > 192.168.1.120:14 S ttl=59 id=56199 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.7052s) TCP 192.168.1.110:52321 > 192.168.1.130:80 SA ttl=54 id=63732 iplen=44 seq=623018735 win=1024 <mss 1460>

RCVD (1.7055s) TCP 192.168.1.130:80 > 192.168.1.110:52321 R ttl=128 id=16964 iplen=40 seq=2097768738 win=0

SENT (1.7353s) TCP 192.168.1.110:52276 > 192.168.1.130:80 SA ttl=53 id=38913 iplen=44 seq=623019235 win=1024 <mss 1460>

RCVD (1.7355s) TCP 192.168.1.130:80 > 192.168.1.110:52276 R ttl=128 id=16965 iplen=40 seq=2097768738 win=0

SENT (1.7356s) TCP 192.168.1.130:80 > 192.168.1.120:15 S ttl=43 id=23538 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.7360s) TCP 192.168.1.130:80 > 192.168.1.120:33 S ttl=53 id=10243 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.7364s) TCP 192.168.1.130:80 > 192.168.1.120:19 S ttl=47 id=45086 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.7367s) TCP 192.168.1.130:80 > 192.168.1.120:34 S ttl=58 id=26533 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.7368s) TCP 192.168.1.130:80 > 192.168.1.120:47 S ttl=46 id=18103 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.7863s) TCP 192.168.1.110:52381 > 192.168.1.130:80 SA ttl=56 id=27224 iplen=44 seq=623019735 win=1024 <mss 1460>

RCVD (1.7866s) TCP 192.168.1.130:80 > 192.168.1.110:52381 R ttl=128 id=16966 iplen=40 seq=2097768738 win=0

SENT (1.9045s) TCP 192.168.1.110:52362 > 192.168.1.130:80 SA ttl=44 id=12072 iplen=44 seq=623020235 win=1024 <mss 1460>

RCVD (1.9047s) TCP 192.168.1.130:80 > 192.168.1.110:52362 R ttl=128 id=16967 iplen=40 seq=2097768738 win=0

SENT (1.9049s) TCP 192.168.1.130:80 > 192.168.1.120:12 S ttl=45 id=15312 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9049s) TCP 192.168.1.130:80 > 192.168.1.120:50 S ttl=41 id=3099 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9049s) TCP 192.168.1.130:80 > 192.168.1.120:27 S ttl=52 id=24193 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9049s) TCP 192.168.1.130:80 > 192.168.1.120:13 S ttl=58 id=21571 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9054s) TCP 192.168.1.130:80 > 192.168.1.120:45 S ttl=47 id=10223 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9055s) TCP 192.168.1.130:80 > 192.168.1.120:18 S ttl=50 id=42640 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9058s) TCP 192.168.1.130:80 > 192.168.1.120:41 S ttl=38 id=18569 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9059s) TCP 192.168.1.130:80 > 192.168.1.120:42 S ttl=49 id=40522 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9059s) TCP 192.168.1.130:80 > 192.168.1.120:39 S ttl=45 id=54878 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9060s) TCP 192.168.1.130:80 > 192.168.1.120:46 S ttl=43 id=21879 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (1.9558s) TCP 192.168.1.110:52309 > 192.168.1.130:80 SA ttl=55 id=6487 iplen=44 seq=623020735 win=1024 <mss 1460>

RCVD (1.9560s) TCP 192.168.1.130:80 > 192.168.1.110:52309 R ttl=128 id=16968 iplen=40 seq=2097768738 win=0

SENT (2.0016s) TCP 192.168.1.110:52434 > 192.168.1.130:80 SA ttl=53 id=6789 iplen=44 seq=623021235 win=1024 <mss 1460>

RCVD (2.0019s) TCP 192.168.1.130:80 > 192.168.1.110:52434 R ttl=128 id=16969 iplen=40 seq=2097768738 win=0

SENT (2.0019s) TCP 192.168.1.130:80 > 192.168.1.120:36 S ttl=40 id=61213 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0020s) TCP 192.168.1.130:80 > 192.168.1.120:30 S ttl=45 id=64143 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0025s) TCP 192.168.1.130:80 > 192.168.1.120:38 S ttl=52 id=48738 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0026s) TCP 192.168.1.130:80 > 192.168.1.120:16 S ttl=59 id=55078 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0031s) TCP 192.168.1.130:80 > 192.168.1.120:10 S ttl=59 id=16363 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0032s) TCP 192.168.1.130:80 > 192.168.1.120:32 S ttl=52 id=34560 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0036s) TCP 192.168.1.130:80 > 192.168.1.120:28 S ttl=39 id=17164 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0037s) TCP 192.168.1.130:80 > 192.168.1.120:48 S ttl=39 id=54428 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0038s) TCP 192.168.1.130:80 > 192.168.1.120:40 S ttl=39 id=46471 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0040s) TCP 192.168.1.130:80 > 192.168.1.120:17 S ttl=51 id=28692 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0040s) TCP 192.168.1.130:80 > 192.168.1.120:37 S ttl=50 id=49996 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0045s) TCP 192.168.1.130:80 > 192.168.1.120:26 S ttl=57 id=2072 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0050s) TCP 192.168.1.130:80 > 192.168.1.120:31 S ttl=55 id=1966 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0051s) TCP 192.168.1.130:80 > 192.168.1.120:43 S ttl=55 id=19846 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0055s) TCP 192.168.1.130:80 > 192.168.1.120:24 S ttl=53 id=42870 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0059s) TCP 192.168.1.130:80 > 192.168.1.120:35 S ttl=37 id=62712 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0060s) TCP 192.168.1.130:80 > 192.168.1.120:49 S ttl=52 id=4671 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0060s) TCP 192.168.1.130:80 > 192.168.1.120:44 S ttl=39 id=56236 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0067s) TCP 192.168.1.130:80 > 192.168.1.120:29 S ttl=38 id=54127 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0068s) TCP 192.168.1.130:80 > 192.168.1.120:11 S ttl=45 id=5494 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.0527s) TCP 192.168.1.110:52339 > 192.168.1.130:80 SA ttl=38 id=5231 iplen=44 seq=623021735 win=1024 <mss 1460>

RCVD (2.0529s) TCP 192.168.1.130:80 > 192.168.1.110:52339 R ttl=128 id=16970 iplen=40 seq=2097768738 win=0

SENT (2.1048s) TCP 192.168.1.110:52449 > 192.168.1.130:80 SA ttl=53 id=49205 iplen=44 seq=623022235 win=1024 <mss 1460>

RCVD (2.1051s) TCP 192.168.1.130:80 > 192.168.1.110:52449 R ttl=128 id=16971 iplen=40 seq=2097768738 win=0

SENT (2.1052s) TCP 192.168.1.130:80 > 192.168.1.120:36 S ttl=58 id=46150 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1054s) TCP 192.168.1.130:80 > 192.168.1.120:30 S ttl=45 id=2394 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1055s) TCP 192.168.1.130:80 > 192.168.1.120:38 S ttl=50 id=1128 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1055s) TCP 192.168.1.130:80 > 192.168.1.120:16 S ttl=43 id=168 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1055s) TCP 192.168.1.130:80 > 192.168.1.120:10 S ttl=56 id=35913 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1055s) TCP 192.168.1.130:80 > 192.168.1.120:32 S ttl=43 id=47915 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1056s) TCP 192.168.1.130:80 > 192.168.1.120:28 S ttl=53 id=18369 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1056s) TCP 192.168.1.130:80 > 192.168.1.120:48 S ttl=47 id=31454 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1065s) TCP 192.168.1.130:80 > 192.168.1.120:40 S ttl=41 id=30585 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1066s) TCP 192.168.1.130:80 > 192.168.1.120:17 S ttl=50 id=60716 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1071s) TCP 192.168.1.130:80 > 192.168.1.120:37 S ttl=49 id=3576 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1072s) TCP 192.168.1.130:80 > 192.168.1.120:26 S ttl=43 id=38336 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1075s) TCP 192.168.1.130:80 > 192.168.1.120:31 S ttl=42 id=64771 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1077s) TCP 192.168.1.130:80 > 192.168.1.120:43 S ttl=55 id=11907 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1079s) TCP 192.168.1.130:80 > 192.168.1.120:24 S ttl=49 id=6377 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1083s) TCP 192.168.1.130:80 > 192.168.1.120:35 S ttl=51 id=25928 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1084s) TCP 192.168.1.130:80 > 192.168.1.120:49 S ttl=42 id=11552 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1085s) TCP 192.168.1.130:80 > 192.168.1.120:44 S ttl=56 id=61298 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1085s) TCP 192.168.1.130:80 > 192.168.1.120:29 S ttl=42 id=39296 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1089s) TCP 192.168.1.130:80 > 192.168.1.120:11 S ttl=55 id=34818 iplen=44 seq=249098905 win=1024 <mss 1460>

SENT (2.1559s) TCP 192.168.1.110:52249 > 192.168.1.130:80 SA ttl=56 id=60687 iplen=44 seq=623022735 win=1024 <mss 1460>

RCVD (2.1561s) TCP 192.168.1.130:80 > 192.168.1.110:52249 R ttl=128 id=16972 iplen=40 seq=2097768738 win=0

SENT (2.2079s) TCP 192.168.1.110:52265 > 192.168.1.130:80 SA ttl=56 id=20515 iplen=44 seq=623023235 win=1024 <mss 1460>

RCVD (2.2081s) TCP 192.168.1.130:80 > 192.168.1.110:52265 R ttl=128 id=16973 iplen=40 seq=2097768738 win=0

Nmap scan report for 192.168.1.120

Host is up (0.040s latency).

Not shown: 37 closed|filtered ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

25/tcp open smtp

MAC Address: 00:0C:29:FA:DD:2A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 2.23 seconds

Scapy

Scapy is a powerful interactive packet manipulation program. It comes with the Kali Linux distribution software.To launch Scapy, open a Terminal and type scapy.

root@kali:~# scapy

WARNING: No route found for IPv6 destination :: (no default route?)

aSPY//YASa

apyyyyCY//////////YCa |

sY//////YSpcs scpCY//Pp | Welcome to Scapy

ayp ayyyyyyySCP//Pp syY//C | Version 2.4.0

AYAsAYYYYYYYY///Ps cY//S |

pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy

SPPPP///a pP///AC//Y |

A//A cyP////C | Have fun!

p///Ac sC///a |

P////YCpc A//A | Craft me if you can.

scccccp///pSP///p p//Y | -- IPv6 layer

sY/////////y caa S//P |

cayCyayP//Ya pY/Ya

sY/PsY////YCc aC//Yp

sc sccaCY//PCypaapyCP//YSs

spCPY//////YPSps

ccaacs

using IPython 5.5.0

>>> send (IP(src="192.168.1.99",dst="192.168.1.120")/ICMP()/"SCAPYTEST")

Sent 1 packets.

Open a Terminal > type wireshark (to open the application) > select eth0 (to start packet capture)

Type ip.dst == 192.168.1.120 and press Enter (or click the right arrow) to apply the filter string. Notice the ICMP data has the SCAPYTEST string.

Hping3

Hping also comes with the Kali Linux distribution software and it can support TCP UDP, ICMP and RAW-IP protocols or flags.

root@kali:~# hping3 -8 1-100 -S 192.168.1.120 // -8 SCAN; -S > TCP SYN

Scanning 192.168.1.120 (192.168.1.120), port 1-100

100 ports to scan, use -V to see all the replies

+----+-----------+---------+---+-----+-----+-----+

|port| serv name | flags |ttl| id | win | len |

+----+-----------+---------+---+-----+-----+-----+

21 ftp : .S..A... 64 0 5840 46

22 ssh : .S..A... 64 0 5840 46

23 telnet : .S..A... 64 0 5840 46

25 smtp : .S..A... 64 0 5840 46

53 domain : .S..A... 64 0 5840 46

80 http : .S..A... 64 0 5840 46

All replies received. Done.

Not responding ports:

root@kali:~# hping3 -S 192.168.1.130 -p 80 -c 1 // -S > TCP SYN; -c 1 > 1 COUNT

HPING 192.168.1.130 (eth0 192.168.1.130): S set, 40 headers + 0 data bytes

len=46 ip=192.168.1.130 ttl=128 DF id=17200 sport=80 flags=SA seq=0 win=8192 rtt=7.8 ms

--- 192.168.1.130 hping statistic ---

1 packets transmitted, 1 packets received, 0% packet loss

round-trip min/avg/max = 7.8/7.8/7.8 ms

root@kali:~# hping3 -2 192.168.1.120 -p 123 -c 1 // -2 > UDP; UDP PORT 123 IS NTP

HPING 192.168.1.120 (eth0 192.168.1.120): udp mode set, 28 headers + 0 data bytes

ICMP Port Unreachable from ip=192.168.1.120 name=UNKNOWN

status=0 port=2392 seq=0

--- 192.168.1.120 hping statistic ---

1 packets transmitted, 1 packets received, 0% packet loss

round-trip min/avg/max = 16.7/16.7/16.7 ms

root@kali:~# hping3 -1 192.168.1.x --rand-dest -I eth0 // -1 < ICMP; rand-dest > RANDOM DESTINATION IP; -I > INTERFACE

HPING 192.168.1.x (eth0 192.168.1.x): icmp mode set, 28 headers + 0 data bytes

len=46 ip=192.168.1.2 ttl=64 id=30752 icmp_seq=13 rtt=7.0 ms

len=46 ip=192.168.1.100 ttl=128 id=15252 icmp_seq=47 rtt=5.0 ms

len=46 ip=192.168.1.100 ttl=128 id=15259 icmp_seq=56 rtt=6.0 ms

len=46 ip=192.168.1.1 ttl=255 id=20598 icmp_seq=99 rtt=3.0 ms

len=46 ip=192.168.1.120 ttl=64 id=55763 icmp_seq=141 rtt=8.0 ms

len=46 ip=192.168.1.1 ttl=255 id=28715 icmp_seq=163 rtt=2.0 ms

len=46 ip=192.168.1.120 ttl=64 id=55764 icmp_seq=165 rtt=1.0 ms

--- 192.168.1.x hping statistic ---

181 packets transmitted, 7 packets received, 97% packet loss

round-trip min/avg/max = 1.0/4.6/8.0 ms

root@kali:~# hping3 -F -P -U 192.168.1.120 -c 1 // -F > FIN; -P > PUSH; -U > URGENT (XMAS SCAN)

HPING 192.168.1.120 (eth0 192.168.1.120): FPU set, 40 headers + 0 data bytes

len=46 ip=192.168.1.120 ttl=64 DF id=0 sport=0 flags=RA seq=0 win=0 rtt=7.8 ms

--- 192.168.1.120 hping statistic ---

1 packets transmitted, 1 packets received, 0% packet loss

round-trip min/avg/max = 7.8/7.8/7.8 ms

root@kali:~# hping3 192.168.1.120 -Q -p 80 -S // -Q > INITIAL SEQUENCE NUMBER (ISN); METASPLOITABLE2 LINUX

HPING 192.168.1.120 (eth0 192.168.1.120): S set, 40 headers + 0 data bytes

2862265307 +2862265307

2870565684 +8300377

2893700747 +23135063

2902069792 +8369045

2927881307 +25811515

2943736294 +15854987

2958757439 +15021145

2966493671 +7736232

2981764849 +15271178

2992977987 +11213138

--- 192.168.1.120 hping statistic ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max = 3.0/5.5/8.0 ms

root@kali:~# hping3 192.168.1.130 -Q -p 80 -S // WINDOWS 7; HAVE LONGER ISN

HPING 192.168.1.130 (eth0 192.168.1.130): S set, 40 headers + 0 data bytes

734509437 +734509437

1604985376 +870475939

4161697691 +2556712315

1961853703 +2095123307

4041896104 +2080042401

1734317129 +1987388320

2372919402 +638602273

1750120080 +3672167973

117502941 +2662350156

4292276133 +4174773192

681532730 +684223892

--- 192.168.1.130 hping statistic ---

11 packets transmitted, 11 packets received, 0% packet loss

round-trip min/avg/max = 3.0/5.4/7.9 ms

root@kali:~# hping3 -S 192.168.1.130 -a 192.168.1.99 -p 80 --flood // -S > SYN; -a > ADRESS/SPOOFED SOURCE ADDRESS; SYN FLOOD ATTACK ON TCP PORT 80

HPING 192.168.1.130 (eth0 192.168.1.130): S set, 40 headers + 0 data bytes

hping in flood mode, no replies will be shown

--- 192.168.1.130 hping statistic ---

5057981 packets transmitted, 0 packets received, 100% packet loss

round-trip min/avg/max = 0.0/0.0/0.0 ms

Notice the CPU immediately went up to 40% due to TCP SYN flood attack.

My Cybersecurity Journal

Thursday, November 1, 2018

Packet Manipulation Using Nmap, Scapy and hping3

No comments:

Post a Comment