first draft
This commit is contained in:
Alex
181
NEWS
Normal file
181
NEWS
Normal file
@ -0,0 +1,181 @@
|
||||
This short document is for users of hping-beta54 or prior versions
|
||||
and helps to exploit all the new features of this hping6 release in a
|
||||
short time. You may want to read the new man page anyway but the
|
||||
following will help for sure:
|
||||
|
||||
=== release candidate 3 news
|
||||
|
||||
In this release a nasty bug with the checksum code was fixed.
|
||||
If you experimented strange problems like some kind of packet
|
||||
generated with a wrong checksum try this version.
|
||||
|
||||
Try the --scan option in the command line to see the port-scanner features.
|
||||
|
||||
Example of the --scan option usage:
|
||||
|
||||
# hping3 --scan known 1.2.3.4
|
||||
|
||||
Scanning 1.2.3.4 (1.2.3.4), port known
|
||||
245 ports to scan, use -V to see all the replies
|
||||
+----+-----------+---------+---+-----+-----+-----+
|
||||
|port| serv name | flags |ttl| id | win | len |
|
||||
+----+-----------+---------+---+-----+-----+-----+
|
||||
9 discard : .S..A... 64 0 32767 44
|
||||
13 daytime : .S..A... 64 0 32767 44
|
||||
21 ftp : .S..A... 64 0 32767 44
|
||||
22 ssh : .S..A... 64 0 32767 44
|
||||
25 smtp : .S..A... 64 0 32767 44
|
||||
37 time : .S..A... 64 0 32767 44
|
||||
80 www : .S..A... 64 0 32767 44
|
||||
111 sunrpc : .S..A... 64 0 32767 44
|
||||
113 auth : .S..A... 64 0 32767 44
|
||||
631 ipp : .S..A... 64 0 32767 44
|
||||
3306 mysql : .S..A... 64 0 32767 44
|
||||
6000 x11 : .S..A... 64 0 32767 44
|
||||
6667 ircd : .S..A... 64 0 3072 44
|
||||
All replies received. Done.
|
||||
Not responding ports:
|
||||
|
||||
Check the man page for more information on the scan mode.
|
||||
|
||||
=== release candidate 2 news
|
||||
|
||||
. Now hping is able to send/parse source routed IP headers.
|
||||
See the manpage for more info.
|
||||
|
||||
. Hping was almost rewrote, at least all the most important parts.
|
||||
You should experiment a more readable, compact, fast to compile
|
||||
code.
|
||||
|
||||
. The new option parsing code allows you to specify abbreviated
|
||||
options. you can now use for example --tcp-ti instead of --tcp-timestamp
|
||||
and so on.
|
||||
|
||||
. The new feature rand-dest allows to send the packet to random
|
||||
IP addresses. This is very useful to do some Internet survey
|
||||
or large subnet random scanning.
|
||||
|
||||
For example the follow command line will send TCP packets with the
|
||||
SYN flag on to the port 80 of the 192.168.0.0/16 address space:
|
||||
|
||||
hping 192.168.x.x --rand-dest -p 80 -S
|
||||
|
||||
Every occurrence of 'x' is substituted with a random number
|
||||
in the 0-255 range.
|
||||
|
||||
. The new feature rand-source allows to send packets with random
|
||||
source addresses. Useful to test some DoS condition against firewalls
|
||||
or TCP/IP stacks that implements some per-IP basis information
|
||||
recording.
|
||||
|
||||
. The output was enhanced and fixed a bit.
|
||||
|
||||
. The "force incremental dest port" option (++<port>) now works with UDP
|
||||
packets and works better with TCP, since it is more selective
|
||||
with the incoming responses.
|
||||
|
||||
. Now you should be really able to set the sequence and acknowledge
|
||||
number of the TCP packets. The rc1 code was broken because
|
||||
atoi() was used to get a long unsigned value.
|
||||
|
||||
. The documentation (and the french translation) was updated
|
||||
to reflect the changes.
|
||||
|
||||
=== release candidate 1 news
|
||||
|
||||
. Now hping works better on BSD, and works on Solaris. It should
|
||||
be many times simplest to port it to an unsupported platform.
|
||||
Problems with systems that uses 32bit pids are now fixed.
|
||||
|
||||
. The output is different to be more parseable and compact, example:
|
||||
|
||||
len=46 ip=192.168.1.1 flags=RA DF seq=0 ttl=255 id=0 win=0 rtt=0.5 ms
|
||||
|
||||
now the presence of the Don't fragment IP flag is signaled with 'DF'.
|
||||
all the fields with a value are in the form 'field=value'.
|
||||
|
||||
. To specify the outgoing interface with -I is no longer needed,
|
||||
hping will try to detect the right interface according to the
|
||||
system routing table. Of course you can override it using -I.
|
||||
|
||||
. Instead to specify -i u10000 to get a speed of ten packets for second
|
||||
you can just use --fast.
|
||||
|
||||
. Now --traceroute (-T) implies --ttl 1. You can override this using --ttl.
|
||||
|
||||
. Using hping as traceroute you have now RTT informations about the
|
||||
hops.
|
||||
|
||||
. You can monitor a specific hop in traceroute mode, using the following
|
||||
syntax:
|
||||
|
||||
hping6 -T www.yahoo.com --tr-keep-ttl --ttl 5
|
||||
|
||||
see the output:
|
||||
|
||||
HPING www.yahoo.com (ippp0 64.58.76.177): NO FLAGS are set, 40 headers + 0 dat
|
||||
a bytes
|
||||
5->TTL 0 during transit from 144.232.234.57 (sl-gw18-nyc-2-2.sprintlink.net)
|
||||
5->RTT was: 136.9 ms
|
||||
5->TTL 0 during transit from 144.232.234.57 (sl-gw18-nyc-2-2.sprintlink.net)
|
||||
5->RTT was: 136.8 ms
|
||||
5->TTL 0 during transit from 144.232.234.57 (sl-gw18-nyc-2-2.sprintlink.net)
|
||||
5->RTT was: 136.9 ms
|
||||
5->TTL 0 during transit from 144.232.234.57 (sl-gw18-nyc-2-2.sprintlink.net)
|
||||
5->RTT was: 136.7 ms
|
||||
|
||||
--- www.yahoo.com hping statistic ---
|
||||
4 packets tramitted, 0 packets received, 100% packet loss
|
||||
round-trip min/avg/max = 136.7/136.8/136.9 ms
|
||||
|
||||
you get only information about the 5 hop, after Ctrl+C the round-trip
|
||||
min/avg/max is calculated using the rtt of this hop.
|
||||
|
||||
. Using the option --tr-stop you can obtain that hping will exit
|
||||
when the first matching packet that isn't an ICMP time exceeded
|
||||
in transit is received, like the original traceroute. Without
|
||||
this hping continue to send packets to the target host forever.
|
||||
|
||||
. You can use --tr-no-rtt to suppress the rtt information in traceroute
|
||||
mode.
|
||||
|
||||
. With the --tcp-timestamp feature you can guess the uptime of some
|
||||
remote systems. Example:
|
||||
|
||||
HPING www.hping.org (ippp0 192.70.106.166): S set, 40 headers + 0 data bytes
|
||||
56 bytes from 192.70.106.166: flags=SA seq=0 ttl=49 id=28881 win=16080 rtt=105.0 ms
|
||||
TCP timestamp: 258597761
|
||||
|
||||
56 bytes from 192.70.106.166: flags=SA seq=1 ttl=49 id=28882 win=16080 rtt=105.4 ms
|
||||
TCP timestamp: 258597860
|
||||
HZ seems 100
|
||||
System uptime seems: 29 days, 22 hours, 19 minutes, 38 seconds
|
||||
|
||||
56 bytes from 192.70.106.166: flags=SA seq=2 ttl=49 id=28883 win=16080 rtt=105.1 ms
|
||||
TCP timestamp: 258597960
|
||||
HZ seems 100
|
||||
System uptime seems: 29 days, 22 hours, 19 minutes, 39 seconds
|
||||
|
||||
|
||||
--- www.hping.org hping statistic ---
|
||||
3 packets tramitted, 3 packets received, 0% packet loss
|
||||
round-trip min/avg/max = 105.0/105.2/105.4 ms
|
||||
|
||||
As you can see the first reply does not contain any uptime information
|
||||
since at least two packets are needed to estimate the increment frequency
|
||||
of the timestamp timer (that is HZ in the output).
|
||||
|
||||
. You can now use ICMP timestamp and address subnet mask requests.
|
||||
Two shortcut are provided to use they: --icmp-ts and --icmp-addr.
|
||||
|
||||
. Now the sequence number handling is revisited to allow hping to
|
||||
show the right rtt info even if the sequence number overflows.
|
||||
|
||||
. Now hping should never (hopefully) SIGBUS on sparc.
|
||||
|
||||
I hope you will find hping better to use and more powerful, these enhancements
|
||||
were implemented thanks to many people that helped a lot with code and
|
||||
new ideas, see the CHANGES file for more information and credits.
|
||||
|
||||
have fun,
|
||||
antirez
|
||||
Reference in New Issue
Block a user