hping or lightweight freeware to test Tcp_timestamps

I don't want wireshark or heavyweight tools but could not find hping for Windows (XP & Win 7)
anymore.

Q1:
Where can I get hping for Win XP & 7 ?

Q2:
I have an old nmap for windows but can nmap test if Tcp_timestamp has been disabled?
Any other lightweight freeware for Windows to test this?
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
1. looks like it si not readily available and not update since 2005 from the forum. there are a few couple with src and tar based but not the windows though. I believe Backtrack has that too e.g. hping3. Or even nessus plugin tcp_timestamps.nasl

2. Better to see if nping will help  http://nmap.org/nping/ (or if open to linux, tcptest https://code.google.com/p/tcptest/). Specifically nmap has shared in the uptime (http://www.exploresecurity.com/testing-for-tcp-ip-timestamps/) aspect
The uptime guess is labeled a “guess” because various factors can make it completely inaccurate. Some operating systems do not start the timestamp counter at zero, but initialize it with a random value, making extrapolation to zero meaningless. Even on systems using a simple counter starting at zero, the counter eventually overflows and wraps around. With a 1,000 Hz counter increment rate, the counter resets to zero roughly every 50 days. So a host that has been up for 102 days will appear to have been up only two days. Even with these caveats, the uptime guess is accurate much of the time for most operating systems, so it is printed when available, but only in verbose mode. The uptime guess is omitted if the target gives zeros or no timestamp options in its SYN/ACK packets, or if it does not reply at all. The line is also omitted if Nmap cannot discern the timestamp increment rate or it seems suspicious (like a 30-year uptime).
Not all operating systems send TCP timestamps unless incoming TCP SYN packets will have this option enabled. http://ithitman.blogspot.sg/2013/02/enabling-tcp-timestamp-linux-and-windows.html
0
sunhuxAuthor Commented:
Hping.org is not around anymore.  Got nping but did not quite figure how it can be used to scan for tcp timestamp.  Havent manage to locate a windows copy of hping3
0
btanExec ConsultantCommented:
indeed, probably looking at baacktrack CD will help to retrieve but i doubt you find the windows exe. it seems the most "accurate" tool so far is hping. better to go into running in it linux form else the packet capture analysis based on wireshark is another (though not straightforward) means
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

sunhuxAuthor Commented:
Will nmap be able to do this (ie detect if Tcp timestamping is enabled or off) ?
0
sunhuxAuthor Commented:
The closest I get with nmap:

D:\nmap-4.62>nmap |find/i "timestamp"
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes


D:\nmap-4.62>nmap -PP localhost

Starting Nmap 4.62 ( http://nmap.org ) at 2014-11-20 01:12
Skipping SYN Stealth Scan against localhost (127.0.0.1) because Windows does not
 support scanning your own machine (localhost) this way.
0 ports scanned on localhost (127.0.0.1)

Nmap done: 1 IP address (1 host up) scanned in 0.328 seconds
0
btanExec ConsultantCommented:
Check this out as it tested for uptime using nmap, snmpwalk and rsysinfo (and also hping3)
https://maciejkola.wordpress.com/security-tips-2/why-uptime-can-be-dangerous/
NMAP
root@tester# nmap -v -O victim.com
Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-25 20:29 CEST
Initiating Ping Scan at 20:29
(…) Uptime guess: 15.414 days (since Mon Sep 10 10:23:32 2012)

Open in new window

SNMP:

root@tester# snmpwalk -v 1 -c public victim.com .1.3.6.1.2.1.25.1.1.0
iso.3.6.1.2.1.25.1.1.0 = Timeticks: (156851524) 18 days, 3:41:55.24

Open in new window

RPC:

root@tester# rsysinfo victim.com
System Information for: victim.com

uptime:   18 days,  6:27, load average: 0.04 0.03 0.00

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
The syntax I have for my Windows version of snmpwalk & nmap don't have those options
0
btanExec ConsultantCommented:
it is better then to get the non windows instead since hping is already not avail as well. I saw another tool called nemesis that is a network packet crafting and injection utility for UNIX-like and Windows systems. I did not explore further though
http://nemesis.sourceforge.net/
http://nemesis.sourceforge.net/manpages/nemesis-icmp.1.html
http://nemesis.sourceforge.net/manpages/nemesis-tcp.1.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.