hping3
sudo hping3 --scan all -S $IP
sudo hping3 --scan known -S $IP
| Argument | Description |
-c <number> | Send a particular number of packets |
-t <hops> | The packet TTL (default 64) |
-s <port> | Source TCP port (random by default) |
-d <port> | Destination TCP port |
| -S | Set the TCP SYN flag |
| -F | Set the TCP FIN flag |
| -A | Set the ACK flag |
| Command | Description |
| sudo hping3 -1 -c 10 michalszalkowski.com | hping3 will act like an ordinary ping utility, sending ICMP-reverberation und getting ICMP-reply |
| sudo hping3 --traceroute -V -1 michalszalkowski.com | hping3 will act like popular utilities like tracert (windows) or traceroute (linux) who utilizes ICMP packets expanding each time in 1 its TTL value. |
| sudo hping3 -c 3 -S -p 80 10.0.2.5 | Send three TCP SYN probes to port 80 of 10.0.2.5 |
| sudo hping3 -V -S -c 1 -p 80 -A michalszalkowski.com | This scan could be utilized to check whether a host is alive (when Ping is blocked). This ought to send a RST response TCP port is open. |
| sudo hping3 -V -S -c 1 -p 80 -UPF michalszalkowski.com | This scan sets the succession number to zero and set the URG + PSH + FIN signals in the packet. On the off chance that the focus on gadget’s TCP port is shut, the target gadget sends a TCP RST bundle in answer. In the event that the focus on gadget’s TCP port is open, the target disposes of the TCP Xmas output, sending no answer. |
| sudo hping3 -V -S -c 1 -p 80 -Y michalszalkowski.com | This scan sets the arrangement number to zero and have no flag set in the packet. On the off chance that the focus on device’s port is shut, the target device sends a TCP RST packet in answer. In the event that the target device’s TCP port is open, the target device of the TCP NULL output, sending no reply. |