Using hping for Security Auditing and Testing of Network Devices
Objective
Learn how to use hping, a command-line packet crafting tool, to test and audit network devices for vulnerabilities. This lab covers sending custom packets, performing network discovery, and testing firewall rules.
Prerequisites
- Linux Environment with hping Installed:
- Verify if
hping
is installed:hping3 --version
- Install it if necessary:
sudo apt update && sudo apt install hping3
- Verify if
- Basic Networking Knowledge:
- Familiarity with IP addresses, TCP/UDP, and ICMP protocols.
- Testing Environment:
- A target system or network device for testing.
- Ensure explicit permission to test any device or network.
Step 1: Understanding hping
- hping is a packet crafting tool that supports:
- TCP, UDP, and ICMP packets.
- Customizable headers for testing firewalls and routers.
- Network discovery and testing techniques like SYN flooding.
- View the help menu to explore options:
hping3 --help
Step 2: Sending Basic Ping Requests
- Send an ICMP echo request (like
ping
):hping3 -1 <target_ip>
- Replace
<target_ip>
with the target’s IP address. - Example:
hping3 -1 192.168.1.1
- Replace
- Observe the output:
- ICMP Reply: Indicates the target is reachable.
- No Response: May indicate the host is down or ICMP traffic is blocked.
Step 3: TCP SYN Scanning
- Perform a TCP SYN scan on a specific port:
hping3 -S -p <port> <target_ip>
- Replace
<port>
with the port number (e.g.,80
for HTTP). - Example:
hping3 -S -p 80 192.168.1.1
- Replace
- Interpret the response:
- SA: Indicates the port is open.
- RA: Indicates the port is closed.
- No Response: May indicate the port is filtered by a firewall.
- Scan a range of ports:
hping3 -S -p ++<start_port> <target_ip>
- Example:
hping3 -S -p ++22 192.168.1.1
- Example:
Step 4: UDP Scanning
- Send a UDP packet to a specific port:
hping3 --udp -p <port> <target_ip>
- Example:
hping3 --udp -p 53 192.168.1.1
- Example:
- Interpret the response:
- No Response: Indicates the port is open/filtered.
- ICMP Port Unreachable: Indicates the port is closed.
Step 5: Firewall Testing
- Test if a firewall blocks ICMP traffic:
hping3 -1 <target_ip>
- Check for blocked TCP packets:
hping3 -S -p <port> <target_ip>
- Bypass firewalls using fragmentation:
hping3 -S -p <port> --frag <target_ip>
- Fragmented packets may bypass poorly configured firewalls.
Step 6: SYN Flooding (Stress Testing)
- Launch a SYN flood attack:
sudo hping3 -S -p <port> --flood <target_ip>
--flood
: Sends packets as fast as possible without waiting for replies.- Example:
sudo hping3 -S -p 80 --flood 192.168.1.1
Caution: Perform stress testing only in controlled environments.
Step 7: Custom Packet Headers
- Set a custom source port:
hping3 -S -p <port> --baseport <source_port> <target_ip>
- Set a specific TCP window size:
hping3 -S -p <port> --win <size> <target_ip>
- Replace
<size>
with the desired TCP window size.
- Replace
- Spoof the source IP:
hping3 -S -p <port> --spoof <fake_ip> <target_ip>
Insight: Spoofing is used to test security measures like IP filtering.
Step 8: Monitoring and Logging
- Use verbose mode to see detailed packet information:
hping3 -V -1 <target_ip>
- Log the output to a file for analysis:
hping3 -S -p <port> <target_ip> > hping_log.txt
Step 9: Mitigation Techniques
- Rate Limiting:
- Configure firewalls to limit ICMP, TCP, and UDP traffic rates.
- Use Stateful Firewalls:
- Filter traffic based on connection states to prevent SYN flooding.
- Monitor Network Traffic:
- Use tools like Wireshark to detect anomalous packet patterns.
- Implement Intrusion Detection Systems (IDS):
- IDS tools can identify and block malicious traffic generated by tools like hping.
Additional Tips and Insights
- Ethical Use:
- Use hping only in environments where you have explicit permission to test.
- Combine Tools:
- Use hping alongside
tcpdump
or Wireshark to analyze packet flows in real-time.
- Use hping alongside
- Regular Testing:
- Periodically audit firewalls and network devices to ensure they are properly configured.
- Documentation:
- Document your findings and remediation steps to improve security practices.
Key Takeaways
- hping is a powerful tool for crafting and sending custom packets to test network security.
- Understanding its options enables you to perform effective network discovery and vulnerability assessments.
- Always follow ethical guidelines and use hping responsibly in authorized environments.