Introduction

In this video tutorial, we went over the techniques needed to bypass firewall rules that block ICMP Ping requests with hping3 tool. We analyzed the packets with Wireshark on security onion.

Skills Learned

  • hping3
  • ICMP
  • Firewall Evasion
  • Wireshark
  • Security Onion

First, I’ll show you the initial firewall configuration on the Security Onion machine. We’ll be using UFW (Uncomplicated Firewall). Initially, the firewall is set to accept ICMP requests, so a simple ping from our Kali machine will be successful.

Next, I’ll reconfigure the firewall to drop all incoming ICMP packets. This will simulate a real-world scenario where a firewall is blocking our pings. After reloading the firewall, you’ll see that our pings from the Kali machine are no longer receiving a response.

Now, here’s where it gets interesting. Even with ICMP blocked, I’ll show you that Nmap can still sometimes identify open ports and determine if a host is up. However, there might be situations where Nmap is not available or allowed, so we need an alternative.

This is where hping3 comes in. I’ll demonstrate how to use hping3 to send different types of TCP packets to bypass the ICMP block and discover open ports. We’ll explore the following techniques:

  • TCP SYN Scan (-S): We’ll send TCP SYN packets to specific ports. If a port is open, we’ll receive a SYN-ACK response, confirming that the port is listening.
  • Acknowledgement Scan (-A): We’ll send TCP ACK packets. If a port is open, the target will respond with a reset packet.

To make things even clearer, I’ll use Wireshark to capture and analyze the packets we’re sending and receiving. This will give you a visual representation of how these scans work and how the target responds.

Finally, I’ll show you how to revert the firewall rules back to their original state, allowing ICMP requests once again.

Technical Commands

Here are all the technical commands that I used in the video:

  • sudo ufw reload
  • ping 192.168.94.136
  • sudo nmap -sV 192.168.94.136
  • sudo nmap -sC 192.168.94.136
  • sudo nmap -sn 192.168.94.136
  • hping3 -S 192.168.94.136 -p 443 -c 3
  • hping3 -S 192.168.94.136 -p 22 -c 3
  • hping3 -S 192.168.94.136 -p 21 -c 3
  • hping3 -F -P -U 192.168.94.136 -p 443 -c 2
  • hping3 -A 192.168.94.136 -p 443 -c 2
  • sudo wireshark
  • ip.addr == 192.168.94.133
  • hping3 -A 192.168.94.136 -c 2

Video Walk-through

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles