All about hping

The hping is a network tool used to send custom ICMP/UDP/TCP packets and to display target replies.  It provides the capability to use additional protocols unlike ping which uses ICMP to send messages and receive replies. The utility hping3 is the version of the utility that is included in the Kali Linux distribution.

The author’s Linux desktop.

Note: At the time of this writing, it is not recommended to download from the web site due to negative reputation and malware warnings.

hping3 handles fragmentation and can be used to transfer files under supported protocols. Unless otherwise specified the default protocol in hping3 is TCP.

Using hping3, a user can:

  • perform (spoofed) port scanning,
  • test network performance using different protocols,
  • do path MTU discovery,
  • perform traceroute-like actions under different protocols,
  • fingerprint remote operating systems,
  • test firewall rules,
  • audit TCP/IP stacks, and more.

hping3 is scriptable using the Tcl language. Tcl is a simple open-source programming (scripting) language often used for automation and testing.

Use the command hping3 -h to view the utilities help page. Use hping3 -v or –version to show the installed version.

While hping3 supports IP, TCP, UDP, and ICMP protocols the default protocol is TCP. The options to use an alternate protocol are:

-0 or –rawip RAW IP mode
-1 or –icmp ICMP mode
-2 or –udp UDP mode

What is ‘raw IP’? Remember that TCP/IP is a protocol stack; meaning that TCP and UDP packets are encapsulated in IP at layer 3 and then encapsulated by the connection media (ethernet, token ring, Wi-Fi, serial, etc.…) at link layer as they are transmitted by a network interface. A raw IP packet begins with an IPv4 or IPv6 header, with the version field of the header indicating whether it’s an IPv4 or IPv6 header.


ICMP ping using hping3

#hping3 -1

-1 argument specifies ICMP. hping3 sends ICMP echo requests and receives ICMP-reply.

Is a TCP port open?

#hping3 -A -p 80

The default protocol for hping3 is TCP. The -A option identifies the IP address. The -p option specifies the port number.

How will a service respond?

#hping3 –F –P –U –p 80

Sends TCP packets with FIN, PUSH, and URG flags set on port 80 to the target host. If port 80 is open on the target, you will not receive a response. If the port is closed, hping will return an RST (reset) response.