Scribd
Upload
43 views4 pages

Hping3 Lab Exercis

The document outlines practical hping3 lab exercises aligned with CEH v13, focusing on testing and understanding network vulnerabilities, firewalls, and IDS/IPS. Key exercises include SYN port scanning, flood attack simulations, and source IP spoofing, among others. These labs are designed to enhance skills in scanning, packet crafting, and evasion techniques in a controlled environment.

Uploaded by

Ilangovan Jambulingam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views4 pages

Hping3 Lab Exercis

The document outlines practical hping3 lab exercises aligned with CEH v13, focusing on testing and understanding network vulnerabilities, firewalls, and IDS/IPS. Key exercises include SYN port scanning, flood attack simulations, and source IP spoofing, among others. These labs are designed to enhance skills in scanning, packet crafting, and evasion techniques in a controlled environment.

Uploaded by

Ilangovan Jambulingam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Here are practical hping3 lab exercises that are directly aligned with CEH v13, focusing on testing,

scanning, and understanding firewall, IDS/IPS, and network vulnerabilities.

Essential hping3 Lab Exercises for CEH v13

1. SYN Port Scanning

Craft TCP SYN packets to determine if ports are open or closed:

hping3 -S -p 80 -c 1 <target-ip>

A SYN-ACK indicates an open port; RST-ACK indicates closed.

2. Firewall Resilience (Flood Attack Simulation)

Simulate SYN flood attacks to test if the firewall can withstand traffic spikes:

hping3 -S --flood -p 22 <target-ip>

Observe if the target or firewall becomes unresponsive.

3. Stateful vs. Stateless Firewall Check

Send consecutive SYN packets and analyze response patterns:

hping3 -S -p 80 --fast <target-ip>

Varying responses show stateful behavior; consistent, stateless.

4. Packet Fragmentation/Evasion
Send fragmented packets to test firewall's ability to reassemble and block such traffic:

hping3 -S -p 80 -f <target-ip>

Access to service despite rules may imply misconfiguration.

5. Source IP Spoofing

Test source-based filtering by spoofing the IP address:

hping3 -S -a <spoofed-ip> -p 80 <target-ip>

If responses are received, firewall allows spoofed packets.

6. Random Source & Flood for IDS/IPS

Evaluate Intrusion Detection System effectiveness by flooding from random IPs:

hping3 -S --rand-source --flood -p 80 <target-ip>

Check for alerts or blocks by IDS/IPS.

7. Traceroute Using TCP

Map out the network path where ICMP is blocked:

hping3 --traceroute -V -S -p 80 <destination>


Reveals hops in environments where usual traceroutes fail.

8. Idle Zombie Scan (Advanced)

Spoof a "zombie" host to detect open ports with minimal signature:

hping3 -S -p 80 -s 0 --spoof <zombie-ip> <target-ip>

Helps evade some firewall/IDS signatures.

9. Banner Grabbing

Connect with specific flags to fetch service banners for further reconnaissance:

hping3 -S -p 21 -c 1 <target-ip>

Used for identifying services like FTP, HTTP, SSH etc..

Observing and Interpreting Results

No response: Packet dropped by firewall or no host

SYN-ACK: Port open

RST-ACK: Port closed

ICMP ‘port unreachable’: UDP port is closed


These labs test practical aspects of scanning, packet crafting, evasion, and resilience that are expected
on the CEH v13 exam and in real-world engagements. Always perform such activities in a controlled,
authorized environment.

You might also like