Hping3 (Demo)

00:00

like,

00:00

Hey, everyone, welcome back to the course in this video. We're just gonna go over a brief introduction to a tool called H Ping three. So h being three allows us to do discovery alongside like we would use and mom. So the first thing we're gonna do is just take a look at the help file of H. Being three, you notice you're a number of different flags and options that we can use

00:19

to do various scans

00:21

with this tool.

00:22

Now, we're not gonna cover all of these in this particular video. We'll just introduce you to a couple of different commands so you can get a feel for what the results might look like. We're gonna start off using an ICMP ping command, so we'll specify the dash one flag, and this is going to send that icmp echo reply to our target.

00:41

And basically, this just tells us

00:43

that Hey, this target is up. It's live. And so I'm gonna have to just cancel that scan. That particular host is not actually live.

00:52

So we're gonna target that same host, though. And this time we're gonna use a flag dash, lower case C, and that allows us to specify the number of packets that will actually go. And you notice here we specified four packets, and so it was a little quicker to get the results. The previous attempt of scan and sent 68 packets and have we just let it go? Would have sent thousands of packets,

01:11

uh,

01:12

and basically would've had the same result that, hey, this host is not live.

01:17

So next, we're gonna go ahead and run. Ah, scan of sin scan. Um, with H paying three. So we specify scan mode by using the dash eight flag, and we also specify the sin scan that we want to do by the dash Capital s again. The since can is just setting that first part of the TCP three way handshake. We set our port range,

01:36

so we're gonna be scanning a range of ports from 20 to 100 to see what ports are actually opened on this target.

01:41

And then the dash V is just for most. It gives us is much information as possible about those ports, and you see here that only one port was returned and throughout the rest of this video will use the same I p address for a lot of the scans and we'll see that it's poor 53. Um, in use.

02:00

We could also specify specific ports to scan so we could just list out all the ports we want. Maybe we just wanna go after some of the most popular ports that we're looking for. And we could just specify those individually versus doing an entire range and waiting for that skin to complete. So we use the same commands here. We just specify the ports versus doing a port range,

02:20

and you'll see in this example for this particular host we get the exact same results because we already know that poor 53 is the only one open.

02:29

We could also do, ah scan to try to identify the time stamp. So here we're just, uh, setting our flag to do the scan. The since can we're setting it for specific port, and then we're running time stamp and specifying the number of packets we're gonna actually send to it and what the timestamp can do

02:49

with that. What we could do with that information is if there's a long system

02:53

up time, it could indicate to us that. Hey, that system hasn't had security patches in a while, and so that might be a good system to actually go ahead and attack.