Security testing with hping

Advantages Over Nmap

You might wonder why you would want to use hping to look for open ports when you already have Nmap. In some situations, hping offers advantages over Nmap.

First, hping is a lightweight application; if you've got it installed and ready to go, why worry about installing anything more?

Second, it's always good to know how to do the same thing with more than one application. Hping's creator, for example, still maintains the tool even though he's collaborated for years with Fyodor, the creator of Nmap.

Third, you can also conduct incremental scans, which means each scan will climb up one port on a system:

sudo hping -S targethost-p ++0

This command creates a report that tells you what ports are open on the system.

A Better Traceroute?

One interesting feature of hping3 is that you can generate a more revealing trace-route report using any protocol. For example, suppose you want to determine exactly what happens on each hop of a traceroute. To do this, you can specify the use of a TCP SYN packet. The -T option allows you to enable hping3's traceroute function. In the command shown above, the --ttl option allows you to specify the number of routers (i.e., hops) you want to transmit.

If you want to issue a traceroute command using UDP, the command shown in Listing 2 will suffice. The output shows how each router processes the UDP packet.

Listing 2

Tracing UDP

01 sudo hping3 -2 192.168.44.45 -p ++44444 -T -n
02
03 HPING 192.168.44.45 (eth0 192.168.44.45): udp mode set, 28 headers + 0 data bytes
04 hop=1 TTL 0 during transit from ip=172.16.8.1
05 hop=1 hoprtt=1.7 ms
06 hop=2 TTL 0 during transit from ip=12.155.83.1
07 hop=2 hoprtt=2.7 ms
08 hop=3 TTL 0 during transit from ip=12.119.43.49
09 hop=3 hoprtt=10.0 ms
10 hop=4 TTL 0 during transit from ip=12.123.21.30
11 hop=4 hoprtt=13.6 ms
12 hop=5 TTL 0 during transit from ip=12.122.12.21
13 hop=5 hoprtt=13.3 ms
14 hop=6 TTL 0 during transit from ip=12.122.17.42
15 hop=6 hoprtt=11.9 ms
16 hop=7 TTL 0 during transit from ip=12.122.96.9
17 hop=7 hoprtt=36.6 ms
18 hop=8 TTL 0 during transit from ip=192.205.34.62
19 hop=8 hoprtt=13.6 ms
20 hop=9 TTL 0 during transit from ip=4.68.103.46

Why would you want to do such a thing? Because many routers block traditional ICMP packets, even if your latest system used UDP.

To analyze one particular hop of a traceroute packet, you can use the --tr-keep-ttl option:

sudo hping3 -S 12.119.80.1 -p 80 -T --ttl 3 --tr-keep-ttl -n

The -n option ensures that numbers aren't resolved.

The preceding command issues TCP-based packets to the target host, but then reports only the third hop. The output is shown in Listing 3. The information in Listing 3 can help you determine exactly if and how a particular router is altering packets in transit.

Listing 3

Analyzing a Hop

01 hop=3 TTL 0 during transit from ip=12.119.43.61
02 hop=3 hoprtt=31.7 ms
03 hop=3 TTL 0 during transit from ip=12.119.43.61
04 hop=3 hoprtt=6.9 ms
05 hop=3 TTL 0 during transit from ip=12.119.43.61
06 hop=3 hoprtt=5.0 ms
07 hop=3 TTL 0 during transit from ip=12.119.43.49
08 hop=3 hoprtt=5.2 ms
09 hop=3 TTL 0 during transit from ip=12.119.43.49
10 hop=3 hoprtt=5.2 ms
11 hop=3 TTL 0 during transit from ip=12.119.43.49
12 hop=3 hoprtt=4.9 ms
13 hop=3 TTL 0 during transit from ip=12.119.43.61
14 hop=3 hoprtt=5.4 ms
15 hop=3 TTL 0 during transit from ip=12.119.43.61

Discovering the MTU

To determine the MTU (Maximum Transmission Unit – the largest datagram allowed for the network), you could issue the following command:

hping3 -D -V -I em1 --icmp targethost

Replace targethost with the host name or IP address of the system on the network where you want to test the MTU.

Why is it important to discover the MTU? First, VPN connections and other network transmissions sometimes encounter problems if the MTU on a system or a network is set strangely.

In convergence networks (for example, where you're implementing a VoIP SIP or H.323 system), you might need to determine the MTU to avoid problems with jitter and traffic congestion. By determining the MTU and adjusting it properly at the router or your individual hosts, you can reduce latency and resolve call quality issues that would otherwise prove elusive.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Security Strategies

    Is your data safe? Are your borders protected? This month we examine some expert techniques for building more secure networks.

  • KTools: KMyFirewall

    Linux has a fantastic selection of firewalls for securing stand-alone computers or whole networks. Although you can use IPTables to set up a firewall, the configuration is often the most difficult step. KMyFirewall offers a powerful, user-friendly, GUI-based approach.

  • Wifislax 4.6

    Almost every wireless LAN has some potential security weaknesses. The Wifislax Slackware derivative helps detect and eliminate them.

  • Charly's Column: My Traceroute

    Charly takes the name of the “My Traceroute” tool very literally. The journey is the reward for this alternative TTL-measuring utility.

  • Firewalls Intro

    Firewalls are becoming evermore sophisticated. Luckily, the tools for managing firewalls are becoming simpler and more accessible for ordinary users

comments powered by Disqus

Direct Download

Read full article as PDF:

038-041_hping.pdf  (443.94 kB)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia