Quick Hping How-To

By | 2010/12/11

hping is an excellent networking tool that can be used to send a crafted packet over a specific port to test firewall settings.

In this example, I’ll show you how to do quick firewall port testing using hping3.

First, install hping! Ubuntu has the latest hping3:

sudo apt-get install hping3

Ok, now let’s send a packet out over port 22 to a destination host see if that is being filtered.

(Note: Because of the use of raw sockets, you must run hping3 with sudo.)

sudo hping3 192.168.1.202 -p 22 -c 4 -V -S

sudo hping3 [destination host] [port] [number of packets to transmit] [verbose] [-S for SYN]

It is useful (though not required) to also run wireshark or tcpdump at the same time on this host in another screen or terminal.

The terminal output is very similar to the ping command:

01hping

Zero packet loss! So I can see that port 22 is not being filtered.

A filtered port would report 100% packet loss, for example.

Wireshark or tcpdump of course can give all of the juicy details to futher troubleshoot firewalls:

02hping


hping can do much, much, much more including spoofing the source ip address, scan multiple ports, and other goodies. I suggest you check out these good links:

http://www.securitybydefault.com/2010/02/hping3-cheatsheet.html

http://rationallyparanoid.com/articles/hping.html

http://www.hping.org

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.