HPING3

  • Post category:CEH

TCP/IP packet generator.

TCP SYN SCAN

Send TCP packet to specified port with SYN flag set.

Command: hping3 -S <target-ip> -p <port> -c <no-of-packets-to-send>

Example:

┌──(kali㉿kali)-[~]
└─$ sudo hping3 -S 192.168.168.150 -p 80 -c 1
HPING 192.168.168.150 (eth0 192.168.168.150): S set, 40 headers + 0 data bytes
len=46 ip=192.168.168.150 ttl=128 DF id=9 sport=80 flags=RA seq=0 win=0 rtt=3.8 ms

— 192.168.168.150 hping statistic —
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.8/3.8/3.8 ms

TCP FIN SCAN

Send TCP packet to specified port with FIN flag set.

Command: hping3 -F <target-ip> -p <port> -c <no-of-packets-to-send>

Example:

──(kali㉿kali)-[~]
└─$ sudo hping3 -F 192.168.168.150 -p 80 -c 1
HPING 192.168.168.150 (eth0 192.168.168.150): F set, 40 headers + 0 data bytes
len=46 ip=192.168.168.150 ttl=128 DF id=10 sport=80 flags=RA seq=0 win=0 rtt=7.6 ms

— 192.168.168.150 hping statistic —
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 7.6/7.6/7.6 ms

TCP Port SCAN

Send TCP packet with SYN flag set to range of ports.

Command: hping3 –scan <port/s> -S <target-ip>

Example:
sudo hping3 –scan 1-1000,known -S 192.168.168.150

UDP SCAN

Send UDP packet to specified port on a target.

Command: hping3 –udp -p <port> <target-ip>

Example:

Port Open
──(kali㉿kali)-[~]
└─$ sudo hping3 –udp 192.168.168.150 -p 53
HPING 192.168.168.150 (eth0 192.168.168.150): udp mode set, 28 headers + 0 data bytes
^X^C
— 192.168.168.150 hping statistic —
9 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms

Port Closed
┌──(kali㉿kali)-[~]
└─$ sudo hping3 –udp 192.168.168.150 -p 80
HPING 192.168.168.150 (eth0 192.168.168.150): udp mode set, 28 headers + 0 data bytes
ICMP Port Unreachable from ip=192.168.168.150 name=UNKNOWN
status=0 port=2845 seq=0
ICMP Port Unreachable from ip=192.168.168.150 name=UNKNOWN
status=0 port=2846 seq=1
ICMP Port Unreachable from ip=192.168.168.150 name=UNKNOWN
status=0 port=2847 seq=2
ICMP Port Unreachable from ip=192.168.168.150 name=UNKNOWN
status=0 port=2848 seq=3
^X^C
— 192.168.168.150 hping statistic —
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 6.7/15.3/36.5 ms

 

ICMP SCAN

Send ICMP (echo request default) packet to specified target.

Command: hping3 –icmp <target-ip>

Example:

┌──(kali㉿kali)-[~]
└─$ sudo hping3 –icmp 192.168.168.150 -c 10
HPING 192.168.168.150 (eth0 192.168.168.150): icmp mode set, 28 headers + 0 data bytes
len=46 ip=192.168.168.150 ttl=128 id=50235 icmp_seq=0 rtt=11.4 ms
len=46 ip=192.168.168.150 ttl=128 id=50236 icmp_seq=1 rtt=9.8 ms
len=46 ip=192.168.168.150 ttl=128 id=50237 icmp_seq=2 rtt=2.0 ms
len=46 ip=192.168.168.150 ttl=128 id=50238 icmp_seq=3 rtt=11.5 ms
len=46 ip=192.168.168.150 ttl=128 id=50239 icmp_seq=4 rtt=7.4 ms
len=46 ip=192.168.168.150 ttl=128 id=50240 icmp_seq=5 rtt=2.2 ms
len=46 ip=192.168.168.150 ttl=128 id=50241 icmp_seq=6 rtt=5.9 ms
len=46 ip=192.168.168.150 ttl=128 id=50242 icmp_seq=7 rtt=11.5 ms
len=46 ip=192.168.168.150 ttl=128 id=50243 icmp_seq=8 rtt=10.3 ms
len=46 ip=192.168.168.150 ttl=128 id=50244 icmp_seq=9 rtt=8.1 ms

— 192.168.168.150 hping statistic —
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 2.0/8.0/11.5 ms

UDP Flood

Send UDP packet to specified port on a target.

Command: hping3 –udp –flood -p <port> <target-ip> -d <packet-size-in-bytes>

Example:

──(kali㉿kali)-[~]
└─$ sudo hping3 –udp –flood -p 53 192.168.168.150 -d 512
HPING 192.168.168.150 (eth0 192.168.168.150): udp mode set, 28 headers + 512 data bytes
hping in flood mode, no replies will be shown
^X^C
— 192.168.168.150 hping statistic —
82871 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms