Knowledge Search


×
 

[Macro/Script] How to dump the reply packet in hex format when sending packet with hping

  [KB22843] Show Article Properties


Summary:

This article provides information on how to dump the reply packet in the hex format, when sending the packet with hping.

Symptoms:
How to dump the reply packet in the hex format, when sending the packet with hping.
Cause:

Solution:
You can use the -j switch.

[root@f16-233 ~]# hping -p 22 -S 172.27.103.232 -c 1 -j
HPING 172.27.103.232 (em1 172.27.103.232): S set, 40 headers + 0 data bytes
len=46 ip=172.27.103.232 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=5840 rtt=0.2 ms
                4500 002c 0000 4000 4006 12c4 ac1b 67e8
                ac1b 67e9 0016 07cd 3fd4 4d39 52e0 b9bd
                6012 16d0 b7af 0000 0204 05b4 0000

--- 172.27.103.232 hping statistic ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.2/0.2 ms



Observation:

  • The packet, which is sent out, is not dumped; only the reply packet can be dumped.
  • Use the -D switch (debugging) to send the packet in hex; but the output is not really good:
    [root@f16-233 ~]# hping -S -p 6635 -c 1 172.27.103.232 -D    
    DEBUG: Output interface address: 0.0.0.0
    DEBUG: if lo: The address doesn't match
    DEBUG: if em1: OK
    using em1, addr: 172.27.103.233, MTU: 1500
    DEBUG: pcap_open_live(em1, 99999, 0, 1, 0x806a3a0)
    DEBUG: dltype is 1
    HPING 172.27.103.232 (em1 172.27.103.232): S set, 40 headers + 0 data bytes
    45 00 00 28 7C FD 00 00 40 06 00 00 AC 1B 67 E9 AC 1B 67 E8 05 EA 19 EB 74 5D E1 BE  
    7C 9E 70 50 50 02 02 00 22 FA 00 00 < this is the sending packet dump 
    DEBUG: under pcap_recv()
    DEBUG: under pcap_recv()
    DEBUG: under pcap_recv()
    DEBUG: under pcap_recv()
    DEBUG: under pcap_recv()
    DEBUG: under pcap_recv()
    DEBUG: under pcap_recv()
    DEBUG: under pcap_recv()
    len=46 ip=172.27.103.232 ttl=64 DF id=0 sport=6635 flags=SA seq=0 win=5840 rtt=2.1 ms
    
    --- 172.27.103.232 hping statistic ---
    1 packets transmitted, 1 packets received, 0% packet loss
    round-trip min/avg/max = 2.1/2.1/2.1 ms
    [root@f16-233 ~]#
    

  • If the source IP is forged (by -a switch), the reply packet can not be dumped as the reply will be sent to the forged IP address.
Related Links: