How to use the command hping3 (with examples)
hping3 is an advanced ping utility that supports protocols such as TCP, UDP, and raw IP. It is best run with elevated privileges and can be used to perform various network analysis tasks. In this article, we will illustrate several use cases of hping3 with examples.
Use case 1: Ping a destination with 4 ICMP ping requests
Code:
hping3 --icmp --count 4 ip_or_hostname
Motivation: This use case allows you to perform a basic ping test by sending ICMP echo request packets to the specified IP address or hostname. It can be used to check the reachability of a destination.
Explanation:
--icmp
: Specifies the use of ICMP protocol for the ping request.--count 4
: Sends 4 ICMP echo request packets.ip_or_hostname
: The IP address or hostname of the destination.
Example output:
ICMP mode set
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 10.735/11.764/12.988 ms
Use case 2: Ping an IP address over UDP on port 80
Code:
hping3 --udp --destport 80 --syn ip_or_hostname
Motivation: This use case allows you to perform a UDP ping test by sending packets to the specified IP address or hostname on port 80. It can be used to check if a specific service is running on the destination.
Explanation:
--udp
: Specifies the use of UDP protocol for the ping request.--destport 80
: Sets the destination port to 80.--syn
: Sends a TCP SYN packet with the UDP packet.ip_or_hostname
: The IP address or hostname of the destination.
Example output:
UDP mode set
Using default send buffer size
Using default receive buffer size
8 bytes from 192.168.0.1: icmp_seq=1 ttl=64 id=12282 ip_id=0 dstport=80 icmptype=3 code=3
Use case 3: Scan TCP port 80, scanning from the specific local source port 5090
Code:
hping3 --verbose --syn --destport 80 --baseport 5090 ip_or_hostname
Motivation: This use case allows you to scan a specific TCP port (port 80 in this example) on the specified IP address or hostname. It can be used to check if the port is open or closed and can help in identifying potential security vulnerabilities.
Explanation:
--verbose
: Prints detailed information during the scan.--syn
: Sends TCP SYN packets for the scan.--destport 80
: Specifies the destination port to scan.--baseport 5090
: Sets the local source port to start the scan from.ip_or_hostname
: The IP address or hostname of the destination.
Example output:
SYN mode set
Using default send buffer size
Using default receive buffer size
sent: 1 out of 1 packets sent
1 packets didn't receive any response
Use case 4: Traceroute using a TCP scan to a specific destination port
Code:
hping3 --traceroute --verbose --syn --destport 80 ip_or_hostname
Motivation: This use case allows you to perform a traceroute by using a TCP scan to a specific destination port. It can be used to trace the route packets take to reach a destination, while also checking if the port is open or closed.
Explanation:
--traceroute
: Enables traceroute mode.--verbose
: Prints detailed information during the scan.--syn
: Sends TCP SYN packets for the scan.--destport 80
: Specifies the destination port to scan.ip_or_hostname
: The IP address or hostname of the destination.
Example output:
traceroute mode set
Using default send buffer size
Using default receive buffer size
hop=1 ttl=64 rtt=0.6 ms ...
hop=2 ttl=64 rtt=0.7 ms ...
...
Use case 5: Scan a set of TCP ports on a specific IP address
Code:
hping3 --scan 80,3000,9000 --syn ip_or_hostname
Motivation: This use case allows you to scan multiple TCP ports on the specified IP address or hostname. It can be used to check the availability of specific services running on the destination.
Explanation:
--scan 80,3000,9000
: Specifies the ports to scan (80, 3000, 9000 in this example).--syn
: Sends TCP SYN packets for the scan.ip_or_hostname
: The IP address or hostname of the destination.
Example output:
SYN mode set
Using default send buffer size
Using default receive buffer size
PORT STATE SERVICE
80/tcp open http
3000/tcp open ppp
9000/tcp open cslistener
Use case 6: Perform a TCP ACK scan to check if a given host is alive
Code:
hping3 --count 2 --verbose --destport 80 --ack ip_or_hostname
Motivation: This use case allows you to perform a TCP ACK scan to check if a given host is alive. It can be used to test the responsiveness of a host by sending TCP ACK packets to a specific destination port.
Explanation:
--count 2
: Sends 2 packets as part of the scan.--verbose
: Prints detailed information during the scan.--destport 80
: Specifies the destination port for the TCP ACK packets.--ack
: Sends TCP ACK packets for the scan.ip_or_hostname
: The IP address or hostname of the destination.
Example output:
ACK mode set
Using default send buffer size
Using default receive buffer size
8 bytes from 192.168.0.1: icmp_seq=1 ttl=64 id=12282 ip_id=0 dstport=80 icmptype=3 code=3
Use case 7: Perform a charge test on port 80
Code:
hping3 --flood --destport 80 --syn ip_or_hostname
Motivation: This use case allows you to perform a charge test by flooding a specific port (port 80 in this example) on the specified IP address or hostname. It can be used to test the performance and capacity of a network or server.
Explanation:
--flood
: Sends packets as fast as possible, flooding the destination.--destport 80
: Specifies the destination port to flood.--syn
: Sends TCP SYN packets for the flood.ip_or_hostname
: The IP address or hostname of the destination.
Example output:
SYN mode set
Using default send buffer size
Using default receive buffer size
8 bytes from 192.168.0.1: icmp_seq=1 ttl=64 id=12282 ip_id=0 dstport=80 icmptype=3 code=3
Conclusion:
hping3 is a powerful ping utility that provides advanced functionalities for network analysis. With its support for various protocols and options, it can be used for testing network reachability, service availability, and performance. The use cases illustrated in this article demonstrate the versatility of hping3 and its usefulness in network troubleshooting and security assessment.