网络测试工具之 — tcpping、hping、mtr

本文介绍三个网络测试工具，分别是 tcpping、hping 和 mtr。

tcpping

ping 通过发送 ICMP 消息来测试网络 RTT (Round-Trip Time)，但是因特网中的路由器可能会设置防火墙禁止 ICMP，即使没有被墙，在网络状况很差的情况下，路由器或主机会丢弃 ICMP 消息而优先传输 TCP包。

tcpping 工具工作在 TCP 层，通过发送伪造的 TCP SYN 包并侦听来自服务器或中间设备返回的 SYN/ACK 或 RST 。代码不到1000行，调用 libpcap 和 libnet 提供的接口，打印与 ping 近乎相同测试结果。

tips: 使用 nmap 进行端口扫面，然后对扫描到端口进行 tcpping 测试。open 的端口返回 SYN/ACK，closed 的端口返回 RST。

Install

# Install depencies
$ sudo apt-get install build-essential
$ sudo apt-get install libnet1-dev
$ sudo apt-get install libpcap-dev
$ sudo apt-get install xmltoman

# Build and install
$ git clone <https://github.com/jwyllie83/tcpping.git>
$ cd tcpping
$ make
$ sudo make install

Usage

$ man tcpping

tcpping(1)                           General Commands Manual                          tcpping(1)

NAME
    tcpping - ping(8) written using TCP SYN probes

SYNOPSIS
    tcpping [-v] [-c count] [-p port] [-i interval] [-I interface] [-t ttl] [-S srcaddress]
    remote_host

DESCRIPTION
    tcpping(1) is a utility designed to emulate standard ping(8) in nearly every meaningful way
    and only diverge when necessary. It sends out  forged  TCP  SYN  packets  and listens for a
    SYN/ACK, RST, or ICMP Time Exceeded message.  It counts and  reports on these results using
    an interface that is nearly identical to standard UNIX ping.

    tcpping(1) works well in situations where ICMP messages are either thought to be less resp-
    onsive (through ICMP rate-limiting) or filtered entirely via firewalls.

OPTIONS
    -v      Display more verbose output

    -c COUNT
            Send COUNT packets and exit

    -p PORT
            Send packets to PORT instead of TCP port 80

    -i INTERVAL
            Wait INTERVAL seconds between packets (can be a decimal). Defaults to 1s

    -I INTERFACE
            Send packets from, and probe for responses on, the given INTERFACE. Defaults to the
            first external UP interface though it is not very robust.

    -t TTL  Set TTL as the IP TTL for the probes. Defaults to "sufficiently high"

    -S SRCADDRESS
            Set SRCADDRESS as the source address instead of the default IP of INTERFACE

SECURITY
    tcpping(1)  requires the CAP_NET_RAW capability and is therefore installed as set-uid root.
    Though numerous steps are taken to ensure safety here (clearing the environment, safe input
    checks) there is always some inherent risk.

    It should also be noted that TCP SYN packets can  overwhelm and  crash  some servers as TCP
    SYN packets  yielding  a SYN/ACK  will typically  allocate resources on the server. Issuing
    this command with a very short interval to a server listening on that port is effectively a
    SYN flood which the server may or may not handle gracefully.

    More information about SYN floods can be found here: <http://en.wikipedia.org/wiki/SYN_flood>

...

hping

hping3 是一个能够发送自定义 TCP/IP 包（报文内容、包大小）并显示目标回复的网络工具，它甚至能够在支持的协议下传输文件。你可以用 hping3 进行如下操作：

防火墙测试
高级端口扫描
使用不同的协议、包大小、TOS(type of servie)及IP分片进行网络性能的测试
发现路径的 MTU
在严格的防火墙环境下传输文件
多协议路由跟踪
Firewalk-like usage
远程操作系统探测
TCP/IP 栈审计