- Yu-Jung Cheng·Last edited by Yu-Jung Cheng on Mar 31, 2022Linked with GitHubContributed by
hping3 usage
tags: ping linux network
Some example of hping3 on ubuntu 12.10
[1]. Send "SYN" packet with particular port number
root@tom-vm-lab:/home/tom# ping www.microsoft.com -c 5
PING lb1.www.ms.akadns.net (65.55.57.27) 56(84) bytes of data.
--- lb1.www.ms.akadns.net ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3998ms
root@tom-vm-lab:/home/tom#
root@tom-vm-lab:/home/tom# hping3 -S www.microsoft.com -p 80
HPING www.microsoft.com (eth0 65.55.57.27): S set, 40 headers + 0 data bytes
len=46 ip=65.55.57.27 ttl=245 DF id=9580 sport=80 flags=SA seq=0 win=8190 rtt=197.3 ms
len=46 ip=65.55.57.27 ttl=245 DF id=41832 sport=80 flags=SA seq=1 win=8190 rtt=194.4 ms
len=46 ip=65.55.57.27 ttl=244 DF id=64096 sport=80 flags=SA seq=2 win=8190 rtt=198.0 ms
len=46 ip=65.55.57.27 ttl=244 DF id=57392 sport=80 flags=SA seq=3 win=8190 rtt=195.6 ms
len=46 ip=65.55.57.27 ttl=244 DF id=22763 sport=80 flags=SA seq=4 win=8190 rtt=191.6 ms
len=46 ip=65.55.57.27 ttl=244 DF id=15177 sport=80 flags=SA seq=5 win=8190 rtt=193.7 ms
len=46 ip=65.55.57.27 ttl=244 DF id=50767 sport=80 flags=SA seq=6 win=8190 rtt=202.1 ms
len=46 ip=65.55.57.27 ttl=245 DF id=42590 sport=80 flags=SA seq=7 win=8190 rtt=202.9 ms
^C
--- www.microsoft.com hping statistic ---
8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max = 191.6/197.0/202.9 ms
root@tom-vm-lab:/home/tom#
[2]. Trace hops
root@tom-vm-lab:/home/tom# hping3 -S www.microsoft.com -p 80 -T
HPING www.microsoft.com (eth0 65.55.57.27): S set, 40 headers + 0 data bytes
hop=1 TTL 0 during transit from ip=168.95.98.254 name=h254.s98.ts.hinet.net
hop=1 hoprtt=22.9 ms
hop=2 TTL 0 during transit from ip=168.95.144.2 name=tchn-3301.hinet.net
hop=2 hoprtt=42.1 ms
hop=3 TTL 0 during transit from ip=220.128.16.194 name=tchn-3011.hinet.net
hop=3 hoprtt=35.2 ms
hop=4 TTL 0 during transit from ip=220.128.16.6 name=TPDT-3011.hinet.net
hop=4 hoprtt=63.4 ms
hop=5 TTL 0 during transit from ip=220.128.11.149 name=r4102-s2.tp.hinet.net
hop=5 hoprtt=30.3 ms
hop=6 TTL 0 during transit from ip=220.128.7.13 name=r4002-s2.tp.hinet.net
hop=6 hoprtt=46.3 ms
hop=7 TTL 0 during transit from ip=211.72.108.237 name=r12-pa.us.hinet.net
hop=7 hoprtt=206.8 ms
hop=8 TTL 0 during transit from ip=202.39.82.93 name=202-39-82-93.HINET-IP.hinet.net
hop=8 hoprtt=193.8 ms
hop=9 TTL 0 during transit from ip=207.46.40.50 name=xe-7-0-1-0.by2-96c-1b.ntwk.msn.net
hop=9 hoprtt=244.8 ms
hop=10 TTL 0 during transit from ip=207.46.40.48 name=ge-0-3-0-0.co1-64c-1a.ntwk.msn.net
hop=10 hoprtt=201.3 ms
hop=11 TTL 0 during transit from ip=10.22.8.6 name=UNKNOWN
hop=11 hoprtt=277.6 ms
hop=12 TTL 0 during transit from ip=10.22.8.2 name=UNKNOWN
hop=12 hoprtt=218.6 ms
len=46 ip=65.55.57.27 ttl=244 DF id=695 sport=80 flags=SA seq=12 win=8190 rtt=215.1 ms
len=46 ip=65.55.57.27 ttl=245 DF id=23255 sport=80 flags=SA seq=13 win=8190 rtt=208.8 ms
len=46 ip=65.55.57.27 ttl=245 DF id=53940 sport=80 flags=SA seq=14 win=8190 rtt=197.1 ms
len=46 ip=65.55.57.27 ttl=245 DF id=6998 sport=80 flags=SA seq=15 win=8190 rtt=209.5 ms
len=46 ip=65.55.57.27 ttl=245 DF id=65497 sport=80 flags=SA seq=16 win=8190 rtt=221.0 ms
^C
--- www.microsoft.com hping statistic ---
17 packets transmitted, 17 packets received, 0% packet loss
round-trip min/avg/max = 22.9/155.0/277.6 ms
root@tom-vm-lab:/home/tom#
[3]. Scanning ports
root@tom-vm-lab:/home/tom# hping3 --scan 1-1024 -S -t 16 192.168.1.114
Scanning 192.168.1.114 (192.168.1.114), port 1-1024
1024 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name | flags |ttl| id | win | len |
+----+-----------+---------+---+-----+-----+-----+
80 http : .S..A... 64 0 5840 46
443 https : .S..A... 64 0 5840 46
554 rtsp : .S..A... 64 0 5840 46
All replies received. Done.
Not responding ports:
root@tom-vm-lab:/home/tom#
root@tom-vm-lab:/home/tom# hping3 --scan known 192.168.1.114
Scanning 192.168.1.114 (192.168.1.114), port known
337 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name | flags |ttl| id | win | len |
+----+-----------+---------+---+-----+-----+-----+
All replies received. Done.
Not responding ports: (80 http) (443 https) (554 rtsp)
root@tom-vm-lab:/home/tom#
[4]. Send ICMP packet with spoofed IP source
Command : hping3 <target-IP> -i <u1000 | u1000000 | ... > --icmp -a <spoofed-IP>
root@tom-vm-lab:/home/tom# hping3 192.168.1.1 -i u1000 --icmp
HPING 192.168.1.1 (eth0 192.168.1.1): icmp mode set, 28 headers + 0 data bytes
len=46 ip=192.168.1.1 ttl=64 id=1073 icmp_seq=0 rtt=1.1 ms
len=46 ip=192.168.1.1 ttl=64 id=1074 icmp_seq=1 rtt=0.9 ms
len=46 ip=192.168.1.1 ttl=64 id=1075 icmp_seq=2 rtt=0.8 ms
len=46 ip=192.168.1.1 ttl=64 id=1076 icmp_seq=3 rtt=0.8 ms
len=46 ip=192.168.1.1 ttl=64 id=1077 icmp_seq=4 rtt=0.9 ms
ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN
ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN
ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN
ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN
ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN
ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN
len=46 ip=192.168.1.1 ttl=64 id=1084 icmp_seq=147 rtt=2.2 ms
len=46 ip=192.168.1.1 ttl=64 id=1085 icmp_seq=287 rtt=0.8 ms
len=46 ip=192.168.1.1 ttl=64 id=1086 icmp_seq=431 rtt=0.6 ms
len=46 ip=192.168.1.1 ttl=64 id=1087 icmp_seq=572 rtt=0.7 ms
len=46 ip=192.168.1.1 ttl=64 id=1088 icmp_seq=713 rtt=0.7 ms
ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN
len=46 ip=192.168.1.1 ttl=64 id=1090 icmp_seq=854 rtt=0.8 ms
len=46 ip=192.168.1.1 ttl=64 id=1091 icmp_seq=993 rtt=0.7 ms
len=46 ip=192.168.1.1 ttl=64 id=1092 icmp_seq=1130 rtt=0.6 ms
len=46 ip=192.168.1.1 ttl=64 id=1093 icmp_seq=1267 rtt=0.9 ms
len=46 ip=192.168.1.1 ttl=64 id=1094 icmp_seq=1405 rtt=0.8 ms
ICMP Port Unreachable from ip=192.168.1.1 name=UNKNOWN
len=46 ip=192.168.1.1 ttl=64 id=1096 icmp_seq=1544 rtt=0.6 ms
len=46 ip=192.168.1.1 ttl=64 id=1097 icmp_seq=1684 rtt=0.6 ms
^C
--- 192.168.1.1 hping statistic ---
1819 packets transmitted, 25 packets received, 99% packet loss
round-trip min/avg/max = 0.6/0.9/2.2 ms
root@tom-vm-lab:/home/tom# hping3 192.168.1.1 -i u1000 --icmp -a 192.168.1.114
HPING 192.168.1.1 (eth0 192.168.1.1): icmp mode set, 28 headers + 0 data bytes
^C
--- 192.168.1.1 hping statistic ---
32237 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
root@tom-vm-lab:/home/tom#
root@tom-vm-lab:/home/tom# hping3 192.168.1.114 --flood --icmp -a 192.168.1.102
HPING 192.168.1.114 (eth0 192.168.1.114): icmp mode set, 28 headers + 0 data bytes
hping in flood mode, no replies will be shown
^C
--- 192.168.1.114 hping statistic ---
565355 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
Read more
Setup DNS server
Setup master&slave DNS servers on Rocky 8.4
Oct 21, 2024Ueful actions and tips
Notes for couple useful actions and syntax.
Oct 10, 2024Gnu Privacy Guard
Use GPG for file encription and decryption and basic usage.
Mar 10, 2024Deploy OpenStack using Kolla-Ansible
last update: 2022-12-09
Nov 20, 2023Published on 
HackMD
HackMD