hping – Wikipedia

hping He is a generator and analyzer of packages for the TCP/IP protocol, written by Salvatore Sanfilippo (also known as antirez ). The software is based on the same concept of the Unix command ping But it also makes use of protocols other than ICMP (for example it also allows you to send TCP segments and UDP datagrams), and also allows you to manage the construction to taste of the IP package (TTL, DF ^[first] , ID, man, Tos ^[2] and various IP options) thus also allowing the sending of IP packages simple , that inside they are without a Layer 4 protocol.

HPing is one of the tools used in practice for safety checks and the firewall and networks test, and has been used to exploit the scanle scan technique (also invented by the author of Hping), which is now also implemented in the NMAP port scanner. The latest version of Hping, Hping3 , allows you to prepare scripts using the TCL language and implement an engine for the description of TCP/IP packages in directly legible format; In this way, the programmer can write some scripts for manipulation and analysis of low -level TCP/IP packages in a very short time.

Like many tools used in IT security, HPing is of utility for both system administrators and crackers (or Kiddie scripts).

usage: hping3 host [options]

-h  --help      show this help
 -v  --version   show version
 -c  --count     packet count
 -i  --interval  wait (uX for X microseconds, for example -i u1000)
     --fast      alias for -i u10000 (10 packets for second)
     --faster    alias for -i u1000 (100 packets for second)
     --flood	   sent packets as fast as possible. Don't show replies.
 -n  --numeric   numeric output
 -q  --quiet     quiet
 -I  --interface interface name (otherwise default routing interface)
 -V  --verbose   verbose mode
 -D  --debug     debugging info
 -z  --bind      bind ctrl+z to ttl           (default to dst port)
 -Z  --unbind    unbind ctrl+z
     --beep      beep for every matching packet received 

Mode

default mode     TCP
 -0  --rawip      RAW IP mode
 -1  --icmp       ICMP mode
 -2  --udp        UDP mode
 -8  --scan       SCAN mode.
                  Example: hping—scan 1-30,70-90 -S www.target.host
 -9  --listen     listen mode 

IP

-a  --spoof      spoof source address—rand-dest      random destionation address mode. see the man.
 --rand-source    random source address mode. see the man.
 -t  --ttl        ttl (default 64)
 -N  --id         id (default random)
 -W  --winid      use win* id byte ordering
 -r  --rel        relativize id field          (to estimate host traffic)
 -f  --frag       split packets in more frag.  (may pass weak acl)
 -x  --morefrag   set more fragments flag
 -y  --dontfrag   set don't fragment flag
 -g  --fragoff    set the fragment offset
 -m  --mtu        set virtual mtu, implies—frag if packet size > mtu
 -o  --tos        type of service (default 0x00), try—tos help
 -G  --rroute     includes RECORD_ROUTE option and display the route buffer—lsrr           loose source routing and record route—ssrr           strict source routing and record route
 -H  --ipproto    set the IP protocol field, only in RAW IP mode 

ICMP

-C  --icmptype   icmp type (default echo request)
 -K  --icmpcode   icmp code (default 0)
     --force-icmp send all icmp types (default send only supported types)
     --icmp-gw    set gateway address for ICMP redirect (default 0.0.0.0)
     --icmp-ts    Alias for—icmp—icmptype 13 (ICMP timestamp)
     --icmp-addr  Alias for—icmp—icmptype 17 (ICMP address subnet mask)
     --icmp-help  display help for others icmp options 

UDP/TCP

-s  --baseport   base source port             (default random)
 -p  --destport   [+][+] destination port(default 0) ctrl+z inc/dec
 -k  --keep       keep still source port
 -w  --win        winsize (default 64)
 -O  --tcpoff     set fake tcp data offset     (instead of tcphdrlen / 4)
 -Q  --seqnum     shows only tcp sequence number
 -b  --badcksum   (try to) send packets with a bad IP checksum
                  many systems will fix the IP checksum sending the packet
                  so you'll get bad UDP/TCP checksum instead.
 -M  --setseq     set TCP sequence number
 -L  --setack     set TCP ack
 -F  --fin        set FIN flag
 -S  --syn        set SYN flag
 -R  --rst        set RST flag
 -P  --push       set PUSH flag
 -A  --ack        set ACK flag
 -U  --urg        set URG flag
 -X  --xmas       set X unused flag (0x40)
 -Y  --ymas       set Y unused flag (0x80)
 --tcpexitcode    use last tcp->th_flags as exit code—tcp-mss        enable the TCP MSS option with the given value—tcp-timestamp  enable the TCP timestamp option to guess the HZ/uptime 

Common

-d  --data       data size                    (default is 0)
 -E  --file       data from file
 -e  --sign       add 'signature'
 -j  --dump       dump packets in hex
 -J  --print      dump printable characters
 -B  --safe       enable 'safe' protocol
 -u  --end        tell you when—file reached EOF and prevent rewind
 -T  --traceroute traceroute mode              (implies—bind and—ttl 1)
 --tr-stop        Exit when receive the first not ICMP in traceroute mode—tr-keep-ttl    Keep the source TTL fixed, useful to monitor just one hop—tr-no-rtt	    Don't calculate/show RTT information in traceroute mode 

ARS packet description (new, unstable)

--apd-send       Send the packet described with APD (see docs/APD.txt) 

• NMAP: NMAP and HPING are often considered complementary tools.