hping3

Ping a destination with 4 ICMP ping requests

$ hping3 --icmp --count [4] [ip_or_hostname]

$ hping3 --udp --destport [80] --syn [ip_or_hostname]

$ hping3 --verbose --syn --destport [80] --baseport [5090] [ip_or_hostname]

$ hping3 --traceroute --verbose --syn --destport [80] [ip_or_hostname]

$ hping3 --scan [80,3000,9000] --syn [ip_or_hostname]

$ hping3 --count [2] --verbose --destport [80] --ack [ip_or_hostname]

$ hping3 --flood --destport [80] --syn [ip_or_hostname]

hping3 [options] <host>
Example: hping3 -S -p 80 target.com
Example: hping3 --flood --rand-source target_ip

-c
    Stop after sending packets.

-i
    Wait seconds between packets (can be 'u' for microseconds).

-p
    Set the destination port (0 for random).

-s
    Set the SYN flag (TCP SYN scan).

-a
    Set the ACK flag.

-F
    Set the FIN flag.

-R
    Set the RST flag.

-P
    Set the PUSH flag.

-U
    Set the URG flag.

-X
    Set FIN, PUSH, URG flags (Xmas scan).

-Y
    Set no flags (Null scan).

-d
    Set packet data size in bytes.

-E
    Read data from to fill the packet.

-I
    Set network interface (e.g., eth0).

--traceroute
    Enable traceroute mode.

--flood
    Send packets as fast as possible, without showing replies.

--rand-source
    Use random source IP addresses (requires root).

-V
    Enable verbose output.

-k
    Keep source port across replies.

-S
    Enable scan mode, e.g., `-S -p 1-1024`.

--scan
    Scan mode with port range, e.g., `--scan 1-1024 -S`.

hping3 is a command-line oriented
TCP/IP packet assembler/analyzer. It's an enhanced version of the original
hping and is widely used for network security auditing, firewall testing,
and various network reconnaissance tasks. Unlike the standard
ping utility, hping3 allows users to construct
custom network packets from scratch, enabling the manipulation
of TCP flags, IP addresses, packet size, and other parameters.
This flexibility makes it an invaluable tool for simulating
denial-of-service (DoS) attacks, performing advanced port scanning
techniques (like SYN scans, FIN scans, Xmas scans), tracerouting
through firewalls, and conducting network performance analysis.
It supports various protocols, including TCP, UDP, ICMP, and RAW-IP,
and can send packets over different interfaces.
hping3 can also act as a simple traceroute, a covert channel,
or a powerful network discovery tool.

hping3 is a powerful tool that can generate significant network traffic and potentially disrupt services.
It often requires root privileges to craft raw packets and use specific network interfaces.
Misuse can lead to legal consequences or unintended network issues.
Always ensure you have explicit permission before using it against any network or system you don't own.

hping3's core strength lies in its ability to craft arbitrary TCP/IP packets,
allowing users to precisely control headers, flags, and data payloads for
highly customized network interactions, making it invaluable for protocol analysis
and vulnerability research.

Due to its versatility, hping3 is frequently used to test firewall rules
and Intrusion Detection Systems (IDS) by attempting to bypass them
using various packet manipulation techniques, such as sending fragmented packets
or setting unusual TCP flags.

hping3 was created by Salvatore Sanfilippo (Antirez) as an advanced
packet crafter, evolving from the original hping tool.
It gained significant popularity within the security community
for its flexibility in network testing and exploitation scenarios,
becoming a standard utility in many penetration testing distributions.

ping(8), nmap(1), netcat(1), traceroute(8)