Hping3 is a command-line tool that allow us to analyze TCP/IP messages on a network. Also Hping3 can assemble network packets, which can be very useful for pentesters in performing device and service discovery and illegal actions like performing a Denial-Of-Service (DoS) attack.
Key Features of Hping3
- Host discovery on a network.
- Fingerprinting host devices to determine services.
- Sniffing network traffic.
- Denial of Service (DoS).
- File Transfer.
Host Discovery on a Network
In the real world there are many servers and devices that have ICMP responses disabled for security reasons. We can useHping3 to probe a port on a target system to force an ICMP response back.
First we use the ping utility to send ping request on our localhost server.
If we use Hping3 to probe a specific port by sending SYN packets will force the target to reveal itself.
Here we have specified SYN packets using -S flag, and specify the port 80 using -p 80. After applying the above command we got following response shown in the screenshot:
From the above screenshot we can see that we have received successful responses from our target. This means our target is open.
Sending Files using Hping3
We can also send files using hping3. For an example we just send a text file from our Linux Mint virtual machine to our host Kali Linux machine. First we start listener on our machine where we want to download our file by using following command:
Here the -1 flag used for ICMP and the IP address is the sender's IP. -9 flag is used to start the listener and -I is used to choose the network interface. Then the listener will start as we can see in the following screenshot:
After starting the listener mode here we can send the file from another machine by using following command:
Here -e flag is used to give a signature and -E flag is used for sending file data, -d flag used for size of data.
The following screen recording shows how it works.
Sniffing Network Traffic using Hping3
We also can use hping3 as a network packet sniffer. Here also we can use hping3's listener mode and intercept and save all traffic going through our machine’s network interface.
First we need to allow this (uncomment)
net.ipv4.conf.all.accept_redirects = 0
in /etc/sysctl.conf file. Shows in the following screenshot:
For an example, to intercept all traffic containing HTTP signature we can apply the following command:
In the following screenshot we can see the output.
Denial of Service (DOS) using Hping3
We can do denial of service of DoS attack (SYN flood) using hping3. Simple command will be like following:
Here -S indicates that we are using SYN packets, --flood is for sending packets as soon as possible.
Also we can do this batter by using some advanced features.
Here -c flag is used for packet count (we can raise or decrees it as per our requirements) -d flag is for size of data, -w is to set window size, -p flag is used to specify the destination port, --rand-source flag is used to randomize the source.
This is how we can use hping3 on our Kali Linux system. We can read more about hping3 here. Hping3 is great utility for testing a network, it also very popular.
Disclaimer: This tutorial is for educational propose. Attacking others devices considered as criminal offense. We don't support that. This is for spreading cybersecurity awareness. If anyone do any illegal stuffs then only that person will be responsible for it.
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.