Fijxu
/
Markdown-Notes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Markdown-Notes/Networking/UDP Ping.md

5.2 KiB
Executable File
Raw Permalink Blame History

How to ping via UDP

UDP protocol is different from TCP, there is no SYN, SYN ACK and RST (3-Way Handshake), so it is difficult to get a response from a UDP server without sending valid data to the server.

How to find data to send

You can use netcat / nc with the -u argument to make a UDP connection to the server

nc -u <IP> <port>

Once netcat is connected to the server, you can use "Wireshark" to capture network traffic.

You will need to set the ip.addr == <IP> && udp filters in order to exclude other unnecessary packets and then start capturing the traffic. (Remember that you have to replace <IP> with the server IP)

!wiresharkFilter.png]

Then you can start typing numbers or anything else inside NetCat to check if the server responds to the data sent, in my case, I sent a 1 to the server and it responds with a . (which in hexadecimal is 0e and in ASCII is SO)

!Pasted image 20220114185921.png Now that we have data to send, we will use one of these 2 tools, one called nping or hping3, these two are used to generate custom packets.

nping

Using nping is quite simple, and in order to do a UDP ping, you have to type this in the console:

nping --udp --data-string "1" -p <port> <IP>

(If you need information about what each command does, type nping --help or read the manuals with man nping)

With this command, a 1 will be sent to the server every second, thus being possible to estimate the latency between client and server !Pasted image 20220114202442.png

hping3 (Recommended)

Like nping, hping3 also serves to execute pings, but this one has more useful options and gives more information about the latency, you don't have to wait for the command to finish to see the latency like nping.

First of all, you have to create a file with the data you want to send, if you know that the server responds to 1, you create a file with a 1 inside using this command:

echo "1" > data

Then we use this hping command to send pings to the server

hping3 -2 -d 1 -E data -p <port> <IP>

(The -d argument is dynamic and has to be changed depending on the length of the data.)

!Pasted image 20220114204056.png

And that's it, so we can get the latency between client and server through a UDP port.

Common problems

What to do in case the server is not responding

Sometimes, there are servers that do not deliver any response when sending random data, for that we need the software that interacts with the server (the client).

In this case I will take as an example the CS:GO community servers.

We start Wireshark and set the ip.addr == <IP> && udp filters, replacing <IP> with the IP of the community server and start capturing traffic.

Now hit Refresh to get a response from the server !Pasted image 20220214220004.png]

Now we go back to Wireshark and see if the server gives us a response.

!Pasted image 20220214221154.png

As we can see, what we need to send in order to get a response is ....TSource Engine Query but we must be careful, because the .... may not be correct and will not work when pinging, this is because most of the packets send Hexadeciamal characters, so what we have to do to get the correct data, is to click on the first packet sent by us (where the Source is the local IP), go to the bottom, expand the Data section, Right click > Copy > ...as Printable Text and we will have copied the data.

!Pasted image 20220214233215.png

In my case I get ÿÿÿÿTSource Engine Query, and as you can see, the .... was changed to ÿÿÿÿ, which is the correct data to be able to send a ping.

This data can be copied to a file for use with hping3 or directly copied in quotes with in the --data-string argument of nping. (If this doesn't work, see bellow)

I have used the explanations above and still get no response.

Sometimes, using the Copy > ...as Printable Text option may not work if we copy it to a text file (for hping3) or using it with --data-string of nping , in that case, the thing to do, is to copy the Value. Then instead of going to Copy > ...as Printable Text, you select Value, so we get the data in Hexadecimal

ffffffff54536f7572636520456e67696e6520517565727900

is the same as

ÿÿÿÿÿTSource Engine Query

Already having the value in Hexadecimal, we can use it directly from nping with the argument --data "<value>" instead of using --data-string.

Ex:

nping --udp --data "ffffffffff54536f7572636520456e67696e652051756565727900" -p <port> <IP>

With hping3 it is a bit more complicated since in hping3 there is no equivalent to --data like nping, if you need to send custom data, you need to write it to a file first. So how do I write Hexadecimal directly to a file?

That can be done using this command:

echo '<data>' | xxd -r -p > <filename>

(You will need to have the vim or xxd-standalone package installed from AUR in case you are using an Arch Linux based distro) (If you are using other distro other than Arch Linux, just install the vim package)

Replace <data> with the Hexadecimal value and <filename> with the name you want and you will have a file with the data needed to use it with hping3.