nping 도구를 이용하여, TCP RST flag packet을 수동으로 작성 후 목적지 서버에 보내는 테스트를 진행한 내용입니다.
1. nping rpm 파일을 다운로드 합니다.
https://nmap.org/download.html
2. Linux(CentOS 환경)에서 yum으로 다운로드 받은 rpm을 설치합니다.
| [root@localhost ~]# ls anaconda-ks.cfg nmap-7.94-1.x86_64.rpm nping-0.7.94-1.x86_64.rpm [root@localhost ~]# yum install nping-0.7.94-1.x86_64.rpm Loaded plugins: fastestmirror Examining nping-0.7.94-1.x86_64.rpm: 2:nping-0.7.94-1.x86_64 Marking nping-0.7.94-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package nping.x86_64 2:0.7.94-1 will be installed --> Finished Dependency Resolution Dependencies Resolved =========================================================================================================================================================================== Package Arch =========================================================================================================================================================================== Installing: nping x86_64 Transaction Summary =========================================================================================================================================================================== Install 1 Package Total size: 4.6 M Installed size: 4.6 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 2:nping-0.7.94-1.x86_64 Verifying : 2:nping-0.7.94-1.x86_64 Installed: nping.x86_64 2:0.7.94-1 Complete! |
3. nping 도구는 매우 다양한 옵션을 제공합니다.
| [root@localhost ~]# nping --help Nping 0.7.94 ( https://nmap.org/nping ) Usage: nping [Probe mode] [Options] {target specification} TARGET SPECIFICATION: Targets may be specified as hostnames, IP addresses, networks, etc. Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.*.1-24 PROBE MODES: --tcp-connect : Unprivileged TCP connect probe mode. --tcp : TCP probe mode. --udp : UDP probe mode. --icmp : ICMP probe mode. --arp : ARP/RARP probe mode. --tr, --traceroute : Traceroute mode (can only be used with TCP/UDP/ICMP modes). TCP CONNECT MODE: -p, --dest-port <port spec> : Set destination port(s). -g, --source-port <portnumber> : Try to use a custom source port. TCP PROBE MODE: -g, --source-port <portnumber> : Set source port. -p, --dest-port <port spec> : Set destination port(s). --seq <seqnumber> : Set sequence number. --flags <flag list> : Set TCP flags (ACK,PSH,RST,SYN,FIN...) --ack <acknumber> : Set ACK number. --win <size> : Set window size. --badsum : Use a random invalid checksum. UDP PROBE MODE: -g, --source-port <portnumber> : Set source port. -p, --dest-port <port spec> : Set destination port(s). --badsum : Use a random invalid checksum. ICMP PROBE MODE: --icmp-type <type> : ICMP type. --icmp-code <code> : ICMP code. --icmp-id <id> : Set identifier. --icmp-seq <n> : Set sequence number. --icmp-redirect-addr <addr> : Set redirect address. --icmp-param-pointer <pnt> : Set parameter problem pointer. --icmp-advert-lifetime <time> : Set router advertisement lifetime. --icmp-advert-entry <IP,pref> : Add router advertisement entry. --icmp-orig-time <timestamp> : Set originate timestamp. --icmp-recv-time <timestamp> : Set receive timestamp. --icmp-trans-time <timestamp> : Set transmit timestamp. ARP/RARP PROBE MODE: --arp-type <type> : Type: ARP, ARP-reply, RARP, RARP-reply. --arp-sender-mac <mac> : Set sender MAC address. --arp-sender-ip <addr> : Set sender IP address. --arp-target-mac <mac> : Set target MAC address. --arp-target-ip <addr> : Set target IP address. IPv4 OPTIONS: -S, --source-ip : Set source IP address. --dest-ip <addr> : Set destination IP address (used as an alternative to {target specification} ). --tos <tos> : Set type of service field (8bits). --id <id> : Set identification field (16 bits). --df : Set Don't Fragment flag. --mf : Set More Fragments flag. --evil : Set Reserved / Evil flag. --ttl <hops> : Set time to live [0-255]. --badsum-ip : Use a random invalid checksum. --ip-options <R|S [route]|L [route]|T|U ...> : Set IP options --ip-options <hex string> : Set IP options --mtu <size> : Set MTU. Packets get fragmented if MTU is small enough. IPv6 OPTIONS: -6, --IPv6 : Use IP version 6. --dest-ip : Set destination IP address (used as an alternative to {target specification}). --hop-limit : Set hop limit (same as IPv4 TTL). --traffic-class <class> : : Set traffic class. --flow <label> : Set flow label. ETHERNET OPTIONS: --dest-mac <mac> : Set destination mac address. (Disables ARP resolution) --source-mac <mac> : Set source MAC address. --ether-type <type> : Set EtherType value. PAYLOAD OPTIONS: --data <hex string> : Include a custom payload. --data-string <text> : Include a custom ASCII text. --data-length <len> : Include len random bytes as payload. ECHO CLIENT/SERVER: --echo-client <passphrase> : Run Nping in client mode. --echo-server <passphrase> : Run Nping in server mode. --echo-port <port> : Use custom <port> to listen or connect. --no-crypto : Disable encryption and authentication. --once : Stop the server after one connection. --safe-payloads : Erase application data in echoed packets. TIMING AND PERFORMANCE: Options which take <time> are in seconds, or append 'ms' (milliseconds), 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m, 0.25h). --delay <time> : Adjust delay between probes. --rate <rate> : Send num packets per second. MISC: -h, --help : Display help information. -V, --version : Display current version number. -c, --count <n> : Stop after <n> rounds. -e, --interface <name> : Use supplied network interface. -H, --hide-sent : Do not display sent packets. -N, --no-capture : Do not try to capture replies. --privileged : Assume user is fully privileged. --unprivileged : Assume user lacks raw socket privileges. --send-eth : Send packets at the raw Ethernet layer. --send-ip : Send packets using raw IP sockets. --bpf-filter <filter spec> : Specify custom BPF filter. OUTPUT: -v : Increment verbosity level by one. -v[level] : Set verbosity level. E.g: -v4 -d : Increment debugging level by one. -d[level] : Set debugging level. E.g: -d3 -q : Decrease verbosity level by one. -q[N] : Decrease verbosity level N times --quiet : Set verbosity and debug level to minimum. --debug : Set verbosity and debug to the max level. EXAMPLES: nping scanme.nmap.org nping --tcp -p 80 --flags rst --ttl 2 192.168.1.1 nping --icmp --icmp-type time --delay 500ms 192.168.254.254 nping --echo-server "public" -e wlan0 -vvv nping --echo-client "public" echo.nmap.org --tcp -p1-1024 --flags ack SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES |
4. 테스트로 source ip와 source port, destination ip와 destination port를 지정하고 RST flag를 설정해서 packet을 보낼 수 있습니다.
## 아래 예제에서 192.168.1.53은 ESXi Host, 192.168.1.3은 vCenter 입니다.
## 실제로 이렇게 Packet을 보내고, 192.168.1.3인 vCenter에서 tcpdump로 packet을 수집해보면 정상적으로 RST flag의 packet이 들어오는 것을 확인할 수 있습니다.
| [root@localhost ~]# nping --source-ip 192.168.1.53 -g 443 --dest-ip 192.168.1.3 -p 50000 --tcp --flags RST Starting Nping 0.7.94 ( https://nmap.org/nping ) at 2023-08-08 04:31 EDT SENT (0.0085s) TCP 192.168.1.53:443 > 192.168.1.3:50000 R ttl=64 id=48812 iplen=40 seq=829823380 win=1480 SENT (1.0087s) TCP 192.168.1.53:443 > 192.168.1.3:50000 R ttl=64 id=48812 iplen=40 seq=829823380 win=1480 SENT (2.0098s) TCP 192.168.1.53:443 > 192.168.1.3:50000 R ttl=64 id=48812 iplen=40 seq=829823380 win=1480 SENT (3.0109s) TCP 192.168.1.53:443 > 192.168.1.3:50000 R ttl=64 id=48812 iplen=40 seq=829823380 win=1480 SENT (4.0120s) TCP 192.168.1.53:443 > 192.168.1.3:50000 R ttl=64 id=48812 iplen=40 seq=829823380 win=1480 Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A Raw packets sent: 5 (200B) | Rcvd: 0 (0B) | Lost: 5 (100.00%) Nping done: 1 IP address pinged in 5.03 seconds root@vcsa01 [ ~ ]# tcpdump -i eth0 src 192.168.1.53 and dst 192.168.1.3 and 'tcp[tcpflags]==tcp-rst' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 05:43:34.123794 IP esxi703.contoso.com.https > vcsa01.contoso.com.50000: Flags [R], seq 3145488621, win 1480, length 0 05:43:35.123872 IP esxi703.contoso.com.https > vcsa01.contoso.com.50000: Flags [R], seq 3145488621, win 1480, length 0 05:43:36.125035 IP esxi703.contoso.com.https > vcsa01.contoso.com.50000: Flags [R], seq 3145488621, win 1480, length 0 05:43:37.126117 IP esxi703.contoso.com.https > vcsa01.contoso.com.50000: Flags [R], seq 3145488621, win 1480, length 0 05:43:38.127176 IP esxi703.contoso.com.https > vcsa01.contoso.com.50000: Flags [R], seq 3145488621, win 1480, length 0 ^C 5 packets captured 5 packets received by filter 0 packets dropped by kernel |
'Networking' 카테고리의 다른 글
| [NSX] Setup - 1. NSX Manager 설치 (0) | 2023.09.16 |
|---|---|
| [NSX] Setup - 0. Basic Network Environment (0) | 2023.09.16 |
| RSS from uplink to virtual nic (2) | 2023.07.26 |
| [Socket Programming #2] CLOSE_WAIT (0) | 2023.05.19 |
| [Socket Programming #1] Server/Client based on TCP (0) | 2023.05.18 |
