Time
6 minutes
Difficulty
Intermediate

Video Transcription

00:04
Hello, everyone. Welcome back to breaking stuff with Joe. I as always I'm your host, Joe Perry. And today we're gonna be talking about a tool called HP HP in three, as it is currently known with its version of age thing is a command line TCP over i p scanning tool that is very similar to the traditional paying utility,
00:23
but with a lot of additional functionality built on top of it,
00:25
it can construct packets and UDP TCP raw stock information. It can send these packets all sorts of different locations that are different channel styles and different communication methodologies. And it could be used even to enable denial of service attacks by sending sinful. It's against Your target is a very useful packet crafting tool for used across
00:45
Cyrus security spectrum.
00:47
So it's a really interesting tool. It's gonna be a fun video. We're going to see a couple of different ways you can craft packets with this thing and how we can use it to enable our cyber security scanning process. So stay tuned again. You're watching breaking stuff, Joe here on Cyberia, on demand.
01:03
All right, so here we are in our handy dandy Callie bm as usual, and the tool we're looking at here again is each ping or H Ping three, as it is currently known with its current version. And this tool, like I said, is a packet construction tool
01:17
that's built to be very similar to the ping utility. So if you're not already familiar with pain,
01:23
we can see here, Ping. If we paying, for example, Google,
01:26
this is what we get out of it. It's gonna give us our I. P M ICMP sequence is going to give us our times to let our time to live, and it's going to say where it's reaching. It's gonna give us the I P address of whatever. That final target is pretty straightforward, pretty simple. Now,
01:42
if we want to see a little bit more in depth information, let's say we want to do something a little bit more complex. That's when we're going to start using the HP.
01:48
So, for example, we might use H. Ping first. We'll use help
01:52
age being free.
01:55
We'll see the help, and we're going to see just the first thing we want to look at is the different modes that weaken send traffic in the different protocols we can use. You can see those air up here. So we've got bite default. We're going to be sending TCP traffic. We have the option to send raw I p traffic
02:09
ICMP traffic or you d be traffic. We can also perform scans in the same way they might use,
02:15
for example, an end map tool to scan a target domain.
02:20
And so to use those different modes, we just go ahead and give it the argument. Let's find our argument here.
02:29
There you.
02:30
So we've got just tack and then the number. And, of course, by default, Lady said. It's TCP,
02:36
so let's go ahead and run. H Ping three,
02:38
Tax zero Protect one for ICMP
02:43
and then we're going to go ahead and give it another useful piece of information, which is a trace route. So this argument basically just tells H paying three to behave like a tracer out tool. It's going to set
02:55
a time to live of zero, and it's going to increment that time to live as it tries to get access to the domain that it's targeting. So here will go ahead. We'll do www dot cyber very hot tea,
03:07
see what we can get out of it.
03:08
All right, so pretty quickly you can see that were built, were performing or tracer out process. We've got our initial gateway, and then we're kind of hopping through these different IP addresses until we find our target. It's taking a little bit longer with each one as packets getting dropped or it's losing traffic and is trying to replace its trying to rerun it. Make sure we get useful data
03:29
and it may have frozen on. It's actually let's see,
03:34
so we have 84% packet loss. That means that one of the hops on this process is not allowing us to connect all the way to Sigh Berry, which isn't entirely shocking. That's that's got more and more common that trace routes and pings are allowed from external networks.
03:52
There are a lot of reasons for that be. Some are good, some are bad.
03:54
But still, what's useful for us here is were quickly able to identify the first set, the first several hops in this series, and we're able to see OK, this is the path we're going to take, and then somewhere after this machine, the machine right after this one
04:06
is where we're getting dropped now weaken rerun H paying a few times. And because of dynamic routing and the way sort of the modern construction of the Internet,
04:15
it's very likely that we'll end up going through different gateway that might actually allow us to get access to. But we don't need to sit here and run this all day. We've got a good sense of how to use that command. So let's say we wanted to do something a little bit different. Let's say, for example, wanted to do H. Ping
04:29
and we want to descend an actual TCP connection, and we just want to type
04:34
google dot com.
04:36
So when we run this, you can see right away what's being set We have. The flag is set, as are a which is reset at, which is, ah,
04:45
not basically a flag that's going to get you any communication, any connection. Usually it's just gonna be dropped by your target, but you're able to see the I P address that you're getting responses from the time to live, values all the different values of this TCP packet, and so is performing utility very similar ping,
05:00
but using multiple different protocols. And as I said before, one of the great things about this tool
05:05
and it's something you should definitely explore is just how granular you're able to get with these packets you're constructing. You're able to communicate very, very specific information in a very tailored way by using this tool.
05:18
Now, as always, with breaking stuff with Joe, the goal here is to give you enough information to be dangerous and show you a tool that you can then spend a little bit more time on your own and some of our cyber ery labs playing around with. So it's gonna be all we do today. That's gonna be the end of this H Ping video, hopefully enjoy. Hopefully, you can find some really useful
05:36
utility for this particular tool
05:39
performing, you know, initial simple scans or even doing more robust packet construction.
05:43
It's a really cool tool. I'm always a fan of any, gives you that level of granular control and, of course, being a bolo. For example, perform trace route. Using TCP back it's instead of ICMP allows you to behave in ways that a lot of ideas is an I p s is probably wouldn't suspect or even detect. So that's all there is for today's video. Thank you so much for watching
06:02
this has been breaking stuff, Joe on Cyber eri on demand.

How to Use hping3 (BSWJ)

This tutorial covers Ping, one of the oldest utilities in computing history. Nearly as old as the internet itself, the ability to send a data packet to a given server as part of a discovery, troubleshooting, or reconnaissance process is a fundamental aspect of security work.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor