Hping 2.0.0-rc3 and 3.0 implement a new feature called scan mode that
works like a low-level automated port scanner. The user does not have to scan
manaully as in the past, but can still use all the hping options in order to
specify how to build the packets used to perform the scan.
The result of the scan contains information about some fields of the received
TCP packets along with the number of the port and service name. By using the hping
scan mode it is possible to uncover subtle aspects of the firewalling of
the target system.
Example of the --scan option usage:
# hping3 --scan known 1.2.3.4 -S
Scanning 1.2.3.4 (1.2.3.4), port known
245 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name | flags |ttl| id | win | len |
+----+-----------+---------+---+-----+-----+-----+
9 discard : .S..A... 64 0 32767 44
13 daytime : .S..A... 64 0 32767 44
21 ftp : .S..A... 64 0 32767 44
22 ssh : .S..A... 64 0 32767 44
25 smtp : .S..A... 64 0 32767 44
37 time : .S..A... 64 0 32767 44
80 www : .S..A... 64 0 32767 44
111 sunrpc : .S..A... 64 0 32767 44
113 auth : .S..A... 64 0 32767 44
631 ipp : .S..A... 64 0 32767 44
3306 mysql : .S..A... 64 0 32767 44
6000 x11 : .S..A... 64 0 32767 44
6667 ircd : .S..A... 64 0 3072 44
All replies received. Done.
Not responding ports:
|