-c 1 Only send one request per port (c = count)
-v Verbose, show response for each port
-1 Sends a ping request (ICMP echo request) This number one not letter ell
-2 Send as UDP packet
-S Send a SYN scan, open ports will send a SYN-ACK packet back (a half-open scan)
-A Send an ACK packet
-F Send packet with a FIN flag
-8 1-500 Scan a range of ports equivalent of --span
-p 80 Scan a particular port
Examples
Send one request with a half-open scan to port 80
> hping3 -c 1 -S <www.website.somewhere> -p 80
HPING <www.website.somewhere> (eth1 <website ip>): S set, 40 headers + 0 data bytes
len=46 ip=<website ip> ttl=64 id=31610 sport=80 flags=SA seq=0 win=65535 rtt=14.8 ms
--- <www.website.somewhere> hping statistic ---
1 packets transmitted, 1 packets received, 0% packet loss
Send one request per port using a half-open scan against a Windows XP machine with no firewall
>hping3 -c 1 -S --scan 1-10000 <ip address>
Scanning <ip address>, port 1-10000
10000 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name | flags |ttl| id | win | len |
+----+-----------+---------+---+-----+-----+-----+
445 microsoft-d: .S..A... 64 33955 65535 46
139 netbios-ssn: .S..A... 64 46756 65535 46
135 loc-srv : .S..A... 64 47780 65535 46
3389 .S..A... 64 58947 65535 46
All replies received. Done.
Not responding ports:
Flags
The S and A flags show that the target system responded with a SYN-ACK which means the port is open and can be explored further.
No comments:
Post a Comment