答案1
失败。在 hping 中没有这样的功能。
废话:
不使用 --winid 选项对 windows 框进行 hping 操作,您将看到增量是 256 的倍数,因为不同的 id 字节顺序。这对于 OS 指纹识别非常有用:
#hping win95 -r
HPING win95 (eth0 192.168.4.41): NO FLAGS are set, 40 headers + 0 data bytes
46 bytes from 192.168.4.41: flags=RA seq=0 ttl=128 id=47371 win=0 rtt=0.5 ms
46 bytes from 192.168.4.41: flags=RA seq=1 ttl=128 id=+256 win=0 rtt=0.5 ms
46 bytes from 192.168.4.41: flags=RA seq=2 ttl=128 id=+256 win=0 rtt=0.6 ms
46 bytes from 192.168.4.41: flags=RA seq=3 ttl=128 id=+256 win=0 rtt=0.5 ms
答案2
尝试使用 xprobe2:xprobe2 [options] target
选项:
-v Be verbose
-r Show route to target(traceroute)
-p <proto:portnum:state> Specify portnumber, protocol and state.
Example: tcp:23:open, UDP:53:CLOSED
-c <configfile> Specify config file to use.
-h Print this help.
-o <fname> Use logfile to log everything.
-t <time_sec> Set initial receive timeout or roundtrip time.
-s <send_delay> Set packsending delay (milseconds).
-d <debuglv> Specify debugging level.
-D <modnum> Disable module number <modnum>.
-M <modnum> Enable module number <modnum>.
-L Display modules.
-m <numofmatches> Specify number of matches to print.
-T <portspec> Enable TCP portscan for specified port(s).
Example: -T21-23,53,110
-U <portspec> Enable UDP portscan for specified port(s).
-f force fixed round-trip time (-t opt).
-F Generate signature (use -o to save to a file).
-X Generate XML output and save it to logfile specified
使用 -o。
-B Options forces TCP handshake module to try to guess
打开 TCP 端口
-A Perform analysis of sample packets gathered during
端口扫描
order to detect suspicious traffic (i.e. transparent
代理,
firewalls/NIDSs resetting connections). Use with -T.