Diferencias

Muestra las diferencias entre dos versiones de la página.

--- enlaces:utilidades_de_red [2018/11/22 16:34] – [MSN Dump] cayu
+++ enlaces:utilidades_de_red [2019/01/22 15:34] (actual) – [Parser y formateador de salida NMap] cayu
@@ Línea 348: / Línea 348: @@
 http://es.wikipedia.org/wiki/Tipos_de_Sniffer
-==== Network Grep - ngrep ====
-Muestra y busca paquetes. Ngrep se esfuerza por proveer de la mayoría de características comunes del "grep" de GNU, aplicándolas a la capa de network ({"network layer"} del modelo de referencia OSI). ngrep es consciente de la presencia de pcap y permite usar expresiones regulares que concuerden con el "payload" ( o sea la carga, el cuerpo, y _no_ los encabezados) de los paquetes. Actualmente reconoce TCP, UDP, e ICMP sobre Ethernet, PPP, SLIP e interfaces nulas {"null interfaces"}, y comprende la lógica de un filtro "bpf" de la misma manera que herramientas más comunes de sniffing como tcpdump y snoop.
-Usage examples:
-<code>
-ngrep '' udp (print all UDP packets)
-ngrep '' icmp (print all ICMP packets)
-ngrep '' port 53 (print TCP or UDP port 53 packets)
-ngrep '' tcp port 23 (print TCP port 23 packets)
-ngrep 'LILWORD' port 138 (print Microsoft browsing traffic for NT domain LILWORLD)
-ngrep -iq 'rcpt to|mail from' tcp port 25 (monitor current delivery and print sender and recipients)
-ngrep 'user' port 110 (monitor POP3)
-ngrep -q 'abcd' icmp (Microsoft operating systems fill the ICMP payload with the alphabet; is the "pinging" host running a
-Microsoft operating system?)
-ngrep -iq 'user-agent' tcp port 80 (determine client application that client host is running)
-ngrep '220' port 21 (determine version of FTP server)
-ngrep 'SSH' port 22 (investigate Secure Shell)
-ngrep -v '' port 23 (see all traffic but telnet)
-ngrep -d le0 '' (listen to le0)
-</code>
-Useful flags:
-<code>
--A n (prints out "n" packets after the match)
--l (pipe the output of ngrep to another program for more processing)
--v (print all lines not matching the expression)
--d (specify the device you want to monitor)
-</code>
-http://ngrep.sourceforge.net/
-Un posteo interesante en un blog : http://seguridadyredes.nireblog.com/post/2010/02/24/esas-pequenas-utilidades-ngrep
@@ Línea 557: / Línea 501: @@
 }
 </code>
+==== hping3 ====
+**hping3** is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de-facto tools for security auditing and testing of firewalls and networks, and was used to exploit the Idle Scan scanning technique now implemented in the Nmap port scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in a very short time.
+Like most tools used in computer security, hping3 is useful to security experts.
+hping3 should be used to… *Traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. *Perform the idle scan (now implemented in nmap with an easy user interface). *Test firewalling rules. *Test IDSes. *Perform DDOS attack *Exploit known vulnerabilties of TCP/IP stacks. *Networking research. *Learn TCP/IP (hping was used in networking courses). *Write real applications related to TCP/IP testing and security. *Automated firewalling tests. *Proof of concept exploits. *Networking and security research when there is the need to emulate complex TCP/IP behaviour. *Prototype IDS systems.
+== Few commands ==
+Finding Hping3
+<code>
+hping3 –h
+</code>
+hping3 Default
+<code>
+hping3 -S 192.168.1.105 -p 80
+</code>
+Fragment Packets with hping3
+<code>
+hping3 -f 192.168.1.105 -p 80
+</code>
+Sending Data with hping3
+<code>
+hping3 -f 192.168.1.105 -p 80 -d 10 -E malware
+</code>
+Traceroute with hping3
+<code>
+hping3 -z -t 1 -S google.com -p 80
+</code>
+Predicting Sequence Numbers with hping3
+<code>
+hping3 -Q -S google.com -p 80
+</code>
+hping3 for Uptime
+<code>
+hping3 --tcp-timestamp -S google.com -p 80
+</code>
+Ref.: @cyberhawksecurity