“hping3” is a command-line tool used for crafting and analyzing TCP/IP packets in a network environment. It is inspired by the functionality of the traditional “ping” command but offers more advanced features for packet manipulation and analysis. Here are some key features and aspects of hping3:
- Packet Crafting: hping allows users to craft custom TCP, UDP, and ICMP packets with specific header fields and payload contents. This capability is useful for testing network security, diagnosing network issues, and performing various network experiments.
- TCP/IP Packet Analysis: hping can analyze incoming and outgoing TCP/IP packets, providing detailed information about packet headers, including source and destination addresses, ports, sequence numbers, acknowledgment numbers, and flags. This feature enables users to inspect network traffic and troubleshoot connectivity problems.
- Network Scanning: hping can perform various network scanning techniques, including TCP SYN scanning, UDP scanning, and ICMP scanning. These scanning methods help identify open ports, detect active hosts, and gather information about network services running on remote systems.
- Firewall Testing: hping is often used for testing firewall rules and configurations by sending custom packets with different flags and options. By observing the response from the firewall, users can determine whether specific ports or services are allowed or blocked, helping to improve network security.
- Packet Fragmentation and Reassembly: hping supports packet fragmentation and reassembly, allowing users to send fragmented packets and monitor how network devices handle fragmented traffic. This feature can be useful for testing the behavior of routers, firewalls, and other network devices under different conditions.
- Spoofing and Fingerprinting: hping can spoof source IP addresses and manipulate packet headers to disguise the origin of network traffic. It can also perform operating system fingerprinting by analyzing the responses to crafted packets, helping to identify the operating system running on remote hosts.
- Scripting and Automation: hping can be scripted and automated using shell scripts or other programming languages, allowing users to perform complex network tests and experiments. This scripting capability enhances the versatility and usefulness of hping in various network administration and security tasks.
hping3 Command Examples
1. Ping localhost over TCP:
# hping3 [localhost]
2. Ping an IP address over TCP on a specific port:
# hping3 -p [80] -S [192.168.1.1]
3. Ping an IP address over UDP on port 80:
# hping3 --udp -p [80] -S [192.168.1.1]
4. Scan a set of TCP ports on a specific IP address:
# hping3 --scan [80,3000,9000] -S [192.168.1.1]
5. Perform a charge test on port 80:
# hping3 --flood -p [80] -S [192.168.1.1]
6. Ping a destination with 4 ICMP ping requests:
# hping3 --icmp --count [4] [ip_or_hostname]
7. Scan TCP port 80, scanning from the specific local source port 5090:
8. Traceroute using a TCP scan to a specific destination port:
# hping3 --traceroute --verbose --syn --destport [80] [ip_or_hostname]
9. Perform a TCP ACK scan to check if a given host is alive:
# hping3 --count [2] --verbose --destport [80] -A [ip_or_hostname]
Summary
Overall, hping3 is a powerful and flexible tool for network administrators, security professionals, and researchers who need to analyze and manipulate TCP/IP packets in a network environment. Its command-line interface, advanced features for packet crafting and analysis, and support for scripting make it a valuable addition to the toolkit of anyone working with computer networks.