hping wiki



Hping 2.0.0-rc3 and 3.0 implement a new feature called scan mode that works like a low-level automated port scanner. The user does not have to scan manaully as in the past, but can still use all the hping options in order to specify how to build the packets used to perform the scan.

The result of the scan contains information about some fields of the received TCP packets along with the number of the port and service name. By using the hping scan mode it is possible to uncover subtle aspects of the firewalling of the target system.

Example of the --scan option usage:

# hping3 --scan known 1.2.3.4 -S

Scanning 1.2.3.4 (1.2.3.4), port known
245 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name |  flags  |ttl| id  | win | len |
+----+-----------+---------+---+-----+-----+-----+
    9 discard    : .S..A...  64     0 32767    44
   13 daytime    : .S..A...  64     0 32767    44
   21 ftp        : .S..A...  64     0 32767    44
   22 ssh        : .S..A...  64     0 32767    44
   25 smtp       : .S..A...  64     0 32767    44
   37 time       : .S..A...  64     0 32767    44
   80 www        : .S..A...  64     0 32767    44
  111 sunrpc     : .S..A...  64     0 32767    44
  113 auth       : .S..A...  64     0 32767    44
  631 ipp        : .S..A...  64     0 32767    44
 3306 mysql      : .S..A...  64     0 32767    44
 6000 x11        : .S..A...  64     0 32767    44
 6667 ircd       : .S..A...  64     0  3072    44
All replies received. Done.
Not responding ports:

 
Edit this page Upload file Page history - Page last update: Tue Oct 05 09:46:40 GMT 2004 by 82.49.49.143 | Your address: 54.225.59.14 | Admin