我想用Hping来检测主机操作系统,但我找不到我该怎么做?
我可以像这样用Nmap做同样的工作:
nmap -O Host_IP/Name 失败。 在hping没有这样的function。
废话:
hpinging windows box没有使用–winid选项,你会看到增量是256倍,因为不同的id字节顺序。 这对于操作系统指纹识别可能非常有用:
#hping win95 -r HPING win95 (eth0 192.168.4.41): NO FLAGS are set, 40 headers + 0 data bytes 46 bytes from 192.168.4.41: flags=RA seq=0 ttl=128 id=47371 win=0 rtt=0.5 ms 46 bytes from 192.168.4.41: flags=RA seq=1 ttl=128 id=+256 win=0 rtt=0.5 ms 46 bytes from 192.168.4.41: flags=RA seq=2 ttl=128 id=+256 win=0 rtt=0.6 ms 46 bytes from 192.168.4.41: flags=RA seq=3 ttl=128 id=+256 win=0 rtt=0.5 ms
尝试使用xprobe2:xprobe2 [options] target
选项:
-v Be verbose -r Show route to target(traceroute) -p <proto:portnum:state> Specify portnumber, protocol and state. Example: tcp:23:open, UDP:53:CLOSED -c <configfile> Specify config file to use. -h Print this help. -o <fname> Use logfile to log everything. -t <time_sec> Set initial receive timeout or roundtrip time. -s <send_delay> Set packsending delay (milseconds). -d <debuglv> Specify debugging level. -D <modnum> Disable module number <modnum>. -M <modnum> Enable module number <modnum>. -L Display modules. -m <numofmatches> Specify number of matches to print. -T <portspec> Enable TCP portscan for specified port(s). Example: -T21-23,53,110 -U <portspec> Enable UDP portscan for specified port(s). -f force fixed round-trip time (-t opt). -F Generate signature (use -o to save to a file). -X Generate XML output and save it to logfile specified
与-o。
-B Options forces TCP handshake module to try to guess
打开TCP端口
-A Perform analysis of sample packets gathered during
portscan in
order to detect suspicious traffic (ie transparent
代理,
firewalls/NIDSs resetting connections). Use with -T.