How to use the hping3 command on Linux to ping websites with TCP SYN packets instead of ICMP.

Posted: October 14, 2013. At: 6:39 PM. This was 4 years ago. Post ID: 6431

This posting will explain the workings of the hping3 command. This is a command that may be run as the superuser to ping a website with TCP packets instead of the default ICMP packets used by the ping command.

This is an example; I am sending some TCP SYN packets to the http://hackthissite.com to ping the website.

root@neo:/home/homer# hping3 hackthissite.com -S -p 80 -c 3
HPING hackthissite.com (wlan0 64.95.64.190): S set, 40 headers + 0 data bytes
len=44 ip=64.95.64.190 ttl=45 DF id=0 sport=80 flags=SA seq=0 win=14600 rtt=267.9 ms
len=44 ip=64.95.64.190 ttl=45 DF id=0 sport=80 flags=SA seq=1 win=14600 rtt=264.9 ms
len=44 ip=64.95.64.190 ttl=45 DF id=0 sport=80 flags=SA seq=2 win=14600 rtt=276.3 ms
 
--- hackthissite.com hping statistic ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 264.9/269.7/276.3 ms

This example shows me port scanning the Microsoft.com website using hping3. This is another good use of this command.

root@neo:/home/homer# hping3 microsoft.com -S --scan 80-300
Scanning microsoft.com (65.55.58.201), port 80-300
221 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name |  flags  |ttl| id  | win | len |
+----+-----------+---------+---+-----+-----+-----+
   80 http       : .S..A... 242 14629  8190    44
All replies received. Done.
Not responding ports: (81 ) (82 ) (83 ) (84 ) (85 ) (86 ) (87 link) (88 kerberos) (89 ) (90 ) (91 ) (92 ) (93 ) (94 ) (95 supdup) (96 ) (97 ) (98 linuxconf) (99 ) (100 ) (101 hostnames) (102 iso-tsap) (103 ) (104 acr-nema) (105 csnet-ns) (106 poppassd) (107 rtelnet) (108 ) (109 pop2) (110 pop3) (111 sunrpc) (112 ) (113 auth) (114 ) (115 sftp) (116 ) (117 uucp-path) (118 ) (119 nntp) (120 ) (121 ) (122 ) (123 ntp) (124 ) (125 ) (126 ) (127 ) (128 ) (129 pwdgen) (130 ) (131 ) (132 ) (133 ) (134 ) (135 loc-srv) (136 ) (137 netbios-ns) (138 netbios-dgm) (139 netbios-ssn) (140 ) (141 ) (142 ) (143 imap2) (144 ) (145 ) (146 ) (147 ) (148 ) (149 ) (150 ) (151 ) (152 ) (153 ) (154 ) (155 ) (156 ) (157 ) (158 ) (159 ) (160 ) (161 snmp) (162 snmp-trap) (163 cmip-man) (164 cmip-agent) (165 ) (166 ) (167 ) (168 ) (169 ) (170 ) (171 ) (172 ) (173 ) (174 mailq) (175 ) (176 ) (177 xdmcp) (178 nextstep) (179 bgp) (180 ) (181 ) (182 ) (183 ) (184 ) (185 ) (186 ) (187 ) (188 ) (189 ) (190 ) (191 prospero) (192 ) (193 ) (194 irc) (195 ) (196 ) (197 ) (198 ) (199 smux) (200 ) (201 at-rtmp) (202 at-nbp) (203 ) (204 at-echo) (205 ) (206 at-zis) (207 ) (208 ) (209 qmtp) (210 z3950) (211 ) (212 ) (213 ipx) (214 ) (215 ) (216 ) (217 ) (218 ) (219 ) (220 imap3) (221 ) (222 ) (223 ) (224 ) (225 ) (226 ) (227 ) (228 ) (229 ) (230 ) (231 ) (232 ) (233 ) (234 ) (235 ) (236 ) (237 ) (238 ) (239 ) (240 ) (241 ) (242 ) (243 ) (244 ) (245 ) (246 ) (247 ) (248 ) (249 ) (250 ) (251 ) (252 ) (253 ) (254 ) (255 ) (256 ) (257 ) (258 ) (259 ) (260 ) (261 ) (262 ) (263 ) (264 ) (265 ) (266 ) (267 ) (268 ) (269 ) (270 ) (271 ) (272 ) (273 ) (274 ) (275 ) (276 ) (277 ) (278 ) (279 ) (280 ) (281 ) (282 ) (283 ) (284 ) (285 ) (286 ) (287 ) (288 ) (289 ) (290 ) (291 ) (292 ) (293 ) (294 ) (295 ) (296 ) (297 ) (298 ) (299 ) (300 )

Of course we can just use the vanilla command to ping a website and get packets back; but this uses ICMP packets and some networks might not allow these through. I have a script that will allow you to ping through a proxy and get confirmation that a host is up.

Here is the post where I put a copy of the script for anyone to use.

http://www.securitronlinux.com/bejiitaswrath/common-errors-and-troubleshooting-commands-for-linux/. This script is very useful for pinging a host through a restrictive proxy and getting a response.

You can also use the tcpping command to ping a remote host. Just download the tcpping binary using this command.

[email protected]:~# wget http://www.vdberg.org/~richard/tcpping
--2013-10-14 18:13:16--  http://www.vdberg.org/~richard/tcpping
Resolving www.vdberg.org (www.vdberg.org)... 94.142.246.140, 2a02:898:62:f6::8c
Connecting to www.vdberg.org (www.vdberg.org)|94.142.246.140|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3510 (3.4K)
Saving to: 'tcpping’
 
100%[=============================================================================================================================>] 3,510       --.-K/s   in 0.001s  
 
2013-10-14 18:13:19 (2.24 MB/s) - 'tcpping’ saved [3510/3510]

Then make the binary executable using chmod.

[email protected]:~# chmod 755 tcpping
[email protected]:~# ./tcpping hackthissite.com
seq 0: tcp response from hackthissite.com (64.95.64.190) [open]  372.014 ms
seq 1: tcp response from hackthissite.com (64.95.64.190) [open]  364.722 ms
seq 2: tcp response from hackthissite.com (64.95.64.190) [open]  324.132 ms
seq 3: tcp response from hackthissite.com (64.95.64.190) [open]  300.618 ms
seq 4: tcp response from hackthissite.com (64.95.64.190) [open]  780.365 ms
^C

That is how easy that is.

No comments have been made. Use this form to start the conversation :)

Leave a Reply