In the world of ethical hacking and penetration testing, professionals rely on powerful tools to assess the security posture of their systems and networks. Hping3, a versatile and command-line-based security tool, is an essential part of every security expert’s toolkit. In this blog, we will explore Hping3, its features, and walk you through the installation process, empowering you to harness its capabilities in ethical hacking endeavors.

What is Hping3 ?
Hping3 Tool is a popular and flexible security tool used for network scanning, testing firewalls, and crafting packets for network testing. Written in C, Hping3 operates in the command-line interface, making it an efficient and lightweight utility for experienced users. This versatile tool supports a wide range of protocols and techniques, enabling users to perform tasks such as packet crafting, tracerouting, and port scanning.
Table of Contents
Key Features of Hping3
1. Advanced Scanning Techniques
Hping3 Tool allows users to perform various scanning techniques, including TCP, UDP, ICMP, and SYN scans, to assess the security of networked devices and identify open ports.
2. Packet Crafting
With Hping3 Tool , users can craft custom packets and inject them into the network, simulating specific network behaviors and aiding in the analysis of network vulnerabilities.
3. Traceroute Functionality
The tool offers a traceroute feature, enabling users to trace the path taken by packets through the network, helping to identify potential bottlenecks and areas of concern.
4. Firewall Testing
Hping3 Tool facilitates the testing of firewalls and intrusion detection systems (IDS) by generating packets with various flags and payloads to analyze the system’s response.
Installation Process
Here’s a step-by-step guide to installing Hping3 Tool on different platforms:
1. Installing Hping3 Tool on Linux (Debian/Ubuntu):
Open your terminal and run the following command to install Hping3:
sudo apt-get update
sudo apt-get install hping3
2. Installing Hping3 Tool on macOS:
Install Hping3 using Homebrew, a popular package manager for macOS. Open your terminal and run the following command:
brew install hping
3. Installing Hping3 on Windows
Hping3 is not natively available for Windows. However, you can use Cygwin, a Unix-like environment for Windows, to install and run Hping3. Download and install Cygwin from their official website, selecting “Net” under “Net” and “hping” under “Net Utils” during installation.
Using Hping3
Once Hping3 is installed, you can leverage its power with various command-line options. Below are some examples of common Hping3 commands:
1. Basic TCP Scan
hping3 -S <target_ip>
2. Basic UDP Scan
hping3 -2 <target_ip>
3. SYN Scan
hping3 -S -p <port> <target_ip>
4. Custom Packet Crafting
hping3 -c 10 -d 100 -E test.txt -i u1 <target_ip>
root@kali:~# hping3 -h
usage: hping3 host [options]
-h --help show this help
-v --version show version
-c --count packet count
-i --interval wait (uX for X microseconds, for example -i u1000)
--fast alias for -i u10000 (10 packets for second)
--faster alias for -i u1000 (100 packets for second)
--flood sent packets as fast as possible. Don't show replies.
-n --numeric numeric output
-q --quiet quiet
-I --interface interface name (otherwise default routing interface)
-V --verbose verbose mode
-D --debug debugging info
-z --bind bind ctrl+z to ttl (default to dst port)
-Z --unbind unbind ctrl+z
--beep beep for every matching packet received
Mode
default mode TCP
-0 --rawip RAW IP mode
-1 --icmp ICMP mode
-2 --udp UDP mode
-8 --scan SCAN mode.
Example: hping --scan 1-30,70-90 -S www.target.host
-9 --listen listen mode
IP
-a --spoof spoof source address
--rand-dest random destionation address mode. see the man.
--rand-source random source address mode. see the man.
-t --ttl ttl (default 64)
-N --id id (default random)
-W --winid use win* id byte ordering
-r --rel relativize id field (to estimate host traffic)
-f --frag split packets in more frag. (may pass weak acl)
-x --morefrag set more fragments flag
-y --dontfrag set don't fragment flag
-g --fragoff set the fragment offset
-m --mtu set virtual mtu, implies --frag if packet size > mtu
-o --tos type of service (default 0x00), try --tos help
-G --rroute includes RECORD_ROUTE option and display the route buffer
--lsrr loose source routing and record route
--ssrr strict source routing and record route
-H --ipproto set the IP protocol field, only in RAW IP mode
ICMP
-C --icmptype icmp type (default echo request)
-K --icmpcode icmp code (default 0)
--force-icmp send all icmp types (default send only supported types)
--icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
--icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp)
--icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask)
--icmp-help display help for others icmp options
UDP/TCP
-s --baseport base source port (default random)
-p --destport [+][+] destination port(default 0) ctrl+z inc/dec
-k --keep keep still source port
-w --win winsize (default 64)
-O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q --seqnum shows only tcp sequence number
-b --badcksum (try to) send packets with a bad IP checksum
many systems will fix the IP checksum sending the packet
so you'll get bad UDP/TCP checksum instead.
-M --setseq set TCP sequence number
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag
-X --xmas set X unused flag (0x40)
-Y --ymas set Y unused flag (0x80)
--tcpexitcode use last tcp->th_flags as exit code
--tcp-mss enable the TCP MSS option with the given value
--tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime
Common
-d --data data size (default is 0)
-E --file data from file
-e --sign add 'signature'
-j --dump dump packets in hex
-J --print dump printable characters
-B --safe enable 'safe' protocol
-u --end tell you when --file reached EOF and prevent rewind
-T --traceroute traceroute mode (implies --bind and --ttl 1)
--tr-stop Exit when receive the first not ICMP in traceroute mode
--tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop
--tr-no-rtt Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
--apd-send Send the packet described with APD (see docs/APD.txt)
Conclusion
Hping3 is a potent security tool that offers network scanning, packet crafting, and firewall testing capabilities. As an ethical hacker or penetration tester, mastering Hping3 can significantly enhance your network assessment skills. With a thorough understanding of its installation process and command-line options, you can harness Hping3’s power to identify vulnerabilities, assess network security, and bolster your overall cybersecurity knowledge.
Always remember to use Hping3 responsibly and ethically, adhering to the laws and regulations governing ethical hacking practices. By continuously improving your skills and embracing a security-first mindset, you can contribute to a safer and more resilient digital world.
“This blog is only for learning, so do not use this tool wrongly, we will not be responsible for any illegal act.“
–Instructor