Tutorial by ghimau 10 December 2007

SING is a command line tool that sends fully customizable ICMP packets. The main purpose of this tool is to replace the good old ping command with certain enhancements.

You can get this tool at http://sourceforge.net/projects/sing.

In this very basic tutorial, I’ll demonstrate the usage of this tool to send spoofed packets. (I wont show the MAC spoofing as it will be covered in my next tutorial)

Lets get down to business, shall we :)
  1. Ok, first of all, you should get the source code of this tool. Just want to show the usage of wget to download files :)

  2. Untar your file. Run the ./configure and make command to compile the source code.

  3. Ok let say, my linux machine is the bad guy :) Take note of the IP address and the MAC address. The IP of my linux machine (where I’ve ‘make’ SING) is

  4. Here is the victim’s IP address ( This is the address that we gonna SING :)

  5. Lets ping the usual way

  6. I fired up another terminal running tcpdump. You can see the source IP ( and the destinatination IP ( of the echo request. My ‘bad’ machine sending echo request and the victim reply with echo reply.

  7. I run Ethereal. Please don’t ask why I used the old version :) As you can see it produce a more readable result than tcpdump :). Note the source MAC address

  8. Using this command sing –echo –S spoofed_address target_host, I tried to spoof my echo request making as it coming from which is another windows machine in my virtual network.

  9. Well this the machine that I used the IP for the spoofing purpose. Note the MAC address.

  10. I run tcpdump again while the above command is running. Well, you can see that I’ve succeed spoofing the IP address. Looks like is doing the echo request, actually is doing it.

  11. When run tcpdump with –e option, you can see the source MAC address. And the MAC address belongs to So you can only spoof your IP address with this command.

  12. The same output, but in ethereal

  13. Ok.. that’s all for now. By using this command you can only spoof your ip address. If the network admin is aware, they might fire up a sniffer and detect the source machine. But believe me, some of the network admins that I know mostly sucks! They would’nt know the different between a legitimate ICMP traffic and a DdoS traffic. Hahaha.
  14. You can download the pdf version here


On 15 December 2007 at 13:52 , Anonymous said...


On 15 December 2007 at 20:04 , viruspadu said...

sempat ko menggodek mende alah ni dlm demam2 ko tu yer

On 16 December 2007 at 13:09 , cikly said...

itu yg buat demam budak ni hilang.. godek2 lagi!!

On 16 December 2007 at 13:23 , فيصل said...

wow.. DdOs...
ko kena wat satu program yang anta parameter random
buat satu function random
dimana n adalah 0 hingga 255
dan die akan execute shell command yang anta parameter

sing –echo –S rand(n).rand(n).rand(n).rand(n) target_host

peh... bestnyer DdoS..

On 16 December 2007 at 15:15 , ghimau said...

alia : :P

viruspadu : kalau bab ni mesti sempat

ciklycyber : hihik.. ni siapa yer?

kucai : ok gak tu.. :)

On 16 December 2007 at 18:36 , ghimau said...

ok2.. dah tahu ciklycyner ni saper :) brader rep ni http://profiles.friendster.com/ciklycyber

gua terpaksa menggunakan skill kehakesan gua untuk mengesan hihihi

On 23 August 2009 at 14:19 , Wow Gold said...

very good posting!