hping3
that I want it to use flood mode (
--flood
). Other command-line flags will do
the same thing by specifying the interleave rate (the amount of time to wait before
sending the next message). This way is easier to remember and also pretty explicit.
The program
hping
has been through a few versions, as you can
likely guess from the use of the 3 at the end. This tool is commonly
available across multiple Linux distributions. You may call the pro‐
gram by
hping
on some systems, while on others, you may need to
specify the version number—
hping2
or
hping3
, for instance.
Testing at the lower layers of the network stack using tools like
hping3
can lead to
turning up issues on systems, especially on more fragile devices. Looking higher up in
the network stack, though, Kali Linux has numerous tools that will tackle different
services. When you think about the internet, what service springs to mind first? Spo‐
tify? Facebook? Twitter? Instagram? All of these are offered over HTTP, so you’re
interacting, often, with a web server. Not surprisingly, we can take on testing web
servers. This is different from the application running on the web server, which is a
different thing altogether and something we’ll take on much later. In the meantime,
we want to make sure that web servers themselves will stay up.
Although Kali comes with tests for other protocols including the Session Initiation
Protocol (SIP) and the Real-time Transport Protocol (RTP), both used for Voice over
IP (VoIP). SIP uses a set of HTTP-like protocol commands to interact between
servers and endpoints. When an endpoint wants to initiate a call, it sends an INVITE
request. In order to get the INVITE to the recipient, it will need to be sent through
multiple servers or proxies. Since VoIP is a mission-critical application in enterprises
that use it, it can be essential to determine whether the devices in the network are
capable of withstanding a large number of requests.
SIP can use either TCP or User Datagram Protocol (UDP) as a transport, though ear‐
lier versions of the protocol favored UDP as the transport protocol. As a result, some
tools, particularly if they are older, will lean toward using UDP. Modern implementa‐
tions not only support TCP but also support Transport Layer Security (TLS) to
ensure the headers can’t be read. Keep in mind that SIP is based on HTTP, which
means all the headers and other information are text-based, unlike H.323, another
VoIP protocol, which is binary and can’t generally be read visually without something
to do a protocol decode. The tool
inviteflood
uses UDP as the transport protocol,
without the ability to switch to TCP. This does, though, have the benefit of allowing
the flood to happen faster because there is no time waiting for the connection to be
established. In
Example 2-6
, you can see a run of
inviteflood
.
