Solved

hping or lightweight freeware to test Tcp_timestamps

Posted on 2014-11-14
8
196 Views
Last Modified: 2014-12-28
I don't want wireshark or heavyweight tools but could not find hping for Windows (XP & Win 7)
anymore.

Q1:
Where can I get hping for Win XP & 7 ?

Q2:
I have an old nmap for windows but can nmap test if Tcp_timestamp has been disabled?
Any other lightweight freeware for Windows to test this?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 63

Assisted Solution

by:btan
btan earned 500 total points
ID: 40443972
1. looks like it si not readily available and not update since 2005 from the forum. there are a few couple with src and tar based but not the windows though. I believe Backtrack has that too e.g. hping3. Or even nessus plugin tcp_timestamps.nasl

2. Better to see if nping will help  http://nmap.org/nping/ (or if open to linux, tcptest https://code.google.com/p/tcptest/). Specifically nmap has shared in the uptime (http://www.exploresecurity.com/testing-for-tcp-ip-timestamps/) aspect
The uptime guess is labeled a “guess” because various factors can make it completely inaccurate. Some operating systems do not start the timestamp counter at zero, but initialize it with a random value, making extrapolation to zero meaningless. Even on systems using a simple counter starting at zero, the counter eventually overflows and wraps around. With a 1,000 Hz counter increment rate, the counter resets to zero roughly every 50 days. So a host that has been up for 102 days will appear to have been up only two days. Even with these caveats, the uptime guess is accurate much of the time for most operating systems, so it is printed when available, but only in verbose mode. The uptime guess is omitted if the target gives zeros or no timestamp options in its SYN/ACK packets, or if it does not reply at all. The line is also omitted if Nmap cannot discern the timestamp increment rate or it seems suspicious (like a 30-year uptime).
Not all operating systems send TCP timestamps unless incoming TCP SYN packets will have this option enabled. http://ithitman.blogspot.sg/2013/02/enabling-tcp-timestamp-linux-and-windows.html
0
 

Author Comment

by:sunhux
ID: 40445612
Hping.org is not around anymore.  Got nping but did not quite figure how it can be used to scan for tcp timestamp.  Havent manage to locate a windows copy of hping3
0
 
LVL 63

Assisted Solution

by:btan
btan earned 500 total points
ID: 40445644
indeed, probably looking at baacktrack CD will help to retrieve but i doubt you find the windows exe. it seems the most "accurate" tool so far is hping. better to go into running in it linux form else the packet capture analysis based on wireshark is another (though not straightforward) means
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:sunhux
ID: 40452871
Will nmap be able to do this (ie detect if Tcp timestamping is enabled or off) ?
0
 

Author Comment

by:sunhux
ID: 40452898
The closest I get with nmap:

D:\nmap-4.62>nmap |find/i "timestamp"
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes


D:\nmap-4.62>nmap -PP localhost

Starting Nmap 4.62 ( http://nmap.org ) at 2014-11-20 01:12
Skipping SYN Stealth Scan against localhost (127.0.0.1) because Windows does not
 support scanning your own machine (localhost) this way.
0 ports scanned on localhost (127.0.0.1)

Nmap done: 1 IP address (1 host up) scanned in 0.328 seconds
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40453946
Check this out as it tested for uptime using nmap, snmpwalk and rsysinfo (and also hping3)
https://maciejkola.wordpress.com/security-tips-2/why-uptime-can-be-dangerous/
NMAP
root@tester# nmap -v -O victim.com
Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-25 20:29 CEST
Initiating Ping Scan at 20:29
(…) Uptime guess: 15.414 days (since Mon Sep 10 10:23:32 2012)

Open in new window

SNMP:

root@tester# snmpwalk -v 1 -c public victim.com .1.3.6.1.2.1.25.1.1.0
iso.3.6.1.2.1.25.1.1.0 = Timeticks: (156851524) 18 days, 3:41:55.24

Open in new window

RPC:

root@tester# rsysinfo victim.com
System Information for: victim.com

uptime:   18 days,  6:27, load average: 0.04 0.03 0.00

Open in new window

0
 

Author Comment

by:sunhux
ID: 40496578
The syntax I have for my Windows version of snmpwalk & nmap don't have those options
0
 
LVL 63

Assisted Solution

by:btan
btan earned 500 total points
ID: 40497404
it is better then to get the non windows instead since hping is already not avail as well. I saw another tool called nemesis that is a network packet crafting and injection utility for UNIX-like and Windows systems. I did not explore further though
http://nemesis.sourceforge.net/
http://nemesis.sourceforge.net/manpages/nemesis-icmp.1.html
http://nemesis.sourceforge.net/manpages/nemesis-tcp.1.html
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
This video shows how use content aware, what it’s used for, and when to use it over other tools.
Viewers will learn how to use the Hootsuite Dashboard.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question