| View previous topic :: View next topic |
| Author |
Message |
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2253
Location: $TERM
|
 Posted: Sat Apr 09, 2011 4:14 am Post subject: hping -- am I doing it right? |
 |
|
I'm trying to send fragmented IP packets to a test machine in a virtualized environment. These are my hping parameters (assuming I'm sending a 72 byte datagram in chunks of 24 bytes) -
hping3 --count 1 -i u1 -V --id 62219 --ipproto 6 --morefrag -g 0 --destport 80 -S -d 24 $DEST
hping3 --count 1 -i u1 -V --id 62219 --ipproto 6 --morefrag -g 3 --destport 80 -S -d 24 $DEST
hping3 --count 1 -i u1 -V --id 62219 --ipproto 6 -g 6 --destport 80 -S -d 24 $DEST
I'm testing my understanding here so am I doing it right?.. will the packet be reassembled in the Destination?
_________________
My blog |
|
| Back to top |
|
 |
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2253
Location: $TERM
|
| Posted: Sat Apr 09, 2011 6:02 am Post subject: |
|
|
The actual question is, which I'm really ambiguous about -- what should be the value of the protocol in this case. TCP is ok?
_________________
My blog |
|
| Back to top |
|
|
Yuu
Apprentice
Joined: 23 Dec 2008
Posts: 223
Location: France
|
| Posted: Sat Apr 09, 2011 9:06 am Post subject: |
|
|
Hi,
I'm not a network expert and I don't know hping well, but I'll try to answer to the things that I know : - if you're sending a 72 byte datagram, it should be UDP (User Datagram Protocol), not TCP
- also, I think that the destination machine will try to reassemble your packets
Surprisingly, I thought that hping can only send pings (it would be ICMP only), but it seems that I was wrong 
Also, you could use a network analyser (wireshark, tcpdump, etc) to check if your data is well sended/received.
Note for network experts : as I said, I could be wrong on some things that I said, correct me if that is the case.
_________________
Main laptop : T8300 cpu | 200 GB hard drive | 2 GB of ram | 8600M GT | Gentoo x86_64
Server : Celeron 220 cpu | 250 GB hard drive | 2 GB of ram | SiS 662 VGA | Gentoo x86_64 |
|
| Back to top |
|
|
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2253
Location: $TERM
|
| Posted: Sat Apr 09, 2011 10:05 am Post subject: |
|
|
Ok, I'll also try and set the proto to UDP. Apparently I did find a flaw. Hping was adding tcp headers also in the above listed commands, the following will not -
hping3 --ttl 1200 --rawip --count 2 -i u1 -V --id 62219 --ipproto 6 --morefrag -g 0 -d 1400 -q --interface vboxnet0 $DEST
hping3 --ttl 1200 --rawip --count 2 -i u1 -V --id 62219 --ipproto 6 -g 174 -d 2 -q --interface vboxnet0 $DEST
Also I've changed the data size here... 1400 bytes which is reasonable.
According to RFC specifications, the ipproto should be UDP if the encapsulated protocol is UDP. I've set it to TCP (6) cause I want the destination to assume it to be TCP (with some data bytes).
_________________
My blog |
|
| Back to top |
|
|
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2253
Location: $TERM
|
| Posted: Sun Apr 10, 2011 1:20 am Post subject: |
|
|
Basically I want the receiving host to tell me if the fragmented packets are ok or not... a sort of packet checker.
_________________
My blog |
|
| Back to top |
|
|
|
Networking & Security
