Security testing with hping
Advantages Over Nmap
You might wonder why you would want to use hping to look for open ports when you already have Nmap. In some situations, hping offers advantages over Nmap.
First, hping is a lightweight application; if you've got it installed and ready to go, why worry about installing anything more?
Second, it's always good to know how to do the same thing with more than one application. Hping's creator, for example, still maintains the tool even though he's collaborated for years with Fyodor, the creator of Nmap.
Third, you can also conduct incremental scans, which means each scan will climb up one port on a system:
sudo hping -S targethost-p ++0
This command creates a report that tells you what ports are open on the system.
A Better Traceroute?
One interesting feature of hping3 is that you can generate a more revealing trace-route report using any protocol. For example, suppose you want to determine exactly what happens on each hop of a traceroute. To do this, you can specify the use of a TCP SYN packet. The -T option allows you to enable hping3's traceroute function. In the command shown above, the --ttl option allows you to specify the number of routers (i.e., hops) you want to transmit.
If you want to issue a traceroute command using UDP, the command shown in Listing 2 will suffice. The output shows how each router processes the UDP packet.
Listing 2
Tracing UDP
Why would you want to do such a thing? Because many routers block traditional ICMP packets, even if your latest system used UDP.
To analyze one particular hop of a traceroute packet, you can use the --tr-keep-ttl option:
sudo hping3 -S 12.119.80.1 -p 80 -T --ttl 3 --tr-keep-ttl -n
The -n option ensures that numbers aren't resolved.
The preceding command issues TCP-based packets to the target host, but then reports only the third hop. The output is shown in Listing 3. The information in Listing 3 can help you determine exactly if and how a particular router is altering packets in transit.
Listing 3
Analyzing a Hop
Discovering the MTU
To determine the MTU (Maximum Transmission Unit – the largest datagram allowed for the network), you could issue the following command:
hping3 -D -V -I em1 --icmp targethost
Replace targethost with the host name or IP address of the system on the network where you want to test the MTU.
Why is it important to discover the MTU? First, VPN connections and other network transmissions sometimes encounter problems if the MTU on a system or a network is set strangely.
In convergence networks (for example, where you're implementing a VoIP SIP or H.323 system), you might need to determine the MTU to avoid problems with jitter and traffic congestion. By determining the MTU and adjusting it properly at the router or your individual hosts, you can reduce latency and resolve call quality issues that would otherwise prove elusive.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Budgie 10.10 Scheduled for Q1 2025 with a Surprising Desktop Update
If Budgie is your desktop environment of choice, 2025 is going to be a great year for you.
-
Firefox 134 Offers Improvements for Linux Version
Fans of Linux and Firefox rejoice, as there's a new version available that includes some handy updates.
-
Serpent OS Arrives with a New Alpha Release
After months of silence, Ikey Doherty has released a new alpha for his Serpent OS.
-
HashiCorp Cofounder Unveils Ghostty, a Linux Terminal App
Ghostty is a new Linux terminal app that's fast, feature-rich, and offers a platform-native GUI while remaining cross-platform.
-
Fedora Asahi Remix 41 Available for Apple Silicon
If you have an Apple Silicon Mac and you're hoping to install Fedora, you're in luck because the latest release supports the M1 and M2 chips.
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.