hping3 is a network tool that can be used for testing networking products.
hping3 can be used for various kind of testing from unit testing to regression testing.
hping3 has various features, I am listing some of those features:
— hping3 can be used to test by generating and sending ICMP traffic
— hping3 can be used to test by generating and sending UDP traffic
— hping3 can be used to test by generating and sending TCP traffic
— hping3 can be used to test as listening mode where it receives traffic.
— hping3 can be used to test for sending single packet, specified number of packets or flood of packets
— hping3 can be used to send various size packets
— hping3 can be used to generating packet data randomly
— hping3 can be used to generate packet with the specified raw data in a file
Frequently used options with hping3:
Some of the following options are used frequently when executing hping3 application:
-c — count count
-i — interval
— fast Alias for -i u10000. Hping will send 10 packets for second.
— flood
-I — interface interface name
-V — verbose
-z — bind
-Z — unbind
-0 — rawip
-1 — icmp
-2 — udp
-a — spoof hostname
— rand-source
— rand-dest
-C — icmptype type
-K — icmpcode code
-s — baseport source port
-p — destport [+][+]dest port
-F — fin ( Set FIN tcp flag.)
-S — syn ( Set SYN tcp flag.)
-R — rst ( Set RST tcp flag.)
-P — push ( Set PUSH tcp flag.)
-A — ack ( Set ACK tcp flag.)
-d — data data size
-E — file filename
-j — dump
I will list down some example commands for above mentioned features of hping3:
I have used the following test setup, where two PCs are connected . PC1 configured with IP as 4.4.4.1 and PC2 connected with IP as 4.4.4.10 :
PC 1 (4.4.4.1) <======> (4.4.4.10) PC 2
hping3 to send icmp traffic (PC1 to PC2):
hping3 -V -1 4.4.4.10
hping3 to send UDP traffic with source and destination ports as 1024:
hping3 -V -2 -s 1024 -p 1024 4.4.4.10
hping3 to send specified number of packets or flood of packets:
‘-c’ option can be used to specify the number of packets to be sent. eg (sending TCP syn packets):
hping3 -c 10 -V -3 -s 1024 -p 1024 4.4.4.10
‘ — flood’ option can be used to send packet flood. eg (ICMP flood):
hping3 — flood -V -1 4.4.4.10
hping3 to send a specified data size in packets with random data:
‘-d’ size option can be used to specify the data size. eg.
hping3 -c 10 -V -3 -s 9024 -p 100 -d 18 4.4.4.10
hping3 to generate packet with the specified raw data in a file:
hping3 can take a packet data and add that data in a packet and send it.
eg. where pkt_data contains the raw data (ASCII format):
hping3 -c 10 -i u1000 -V -2 -s 1024 -p 1024 -d 12 -E pkt_data -I eth2 4.4.4.10
Code to convert hex data to raw data:
If you have hex dump and to convert to raw data , you can use the following simple ‘c’ code :
#include <stdio.h>
int main(int argc, char * argv[])
{
char * input_file = argv[1];
char *out_file = argv[2];
FILE *fin,*fout;
fin = fopen(input_file , “r”);
if (!fin)
{
return 0;
}
fout = fopen(out_file, “wb”);
if(!fout)
{
fclose(fin);
return 0;
}
char c ;
int ret;
while (ret = fscanf(fin,”%x”,(int *)&c) != EOF)
{
fwrite(&c,1,1,fout);
}
fclose(fin);
fclose(fout);
}
This file can be executed by passing input file having in the format of hex data, some output file name.
e.g:
./a.out pkt_in_hex pkt_data
pkt_in_hex file can have hex data like:
80000064000003E8DEADBEEF
output file cannot be displayed directly as it is in raw format:
output file can be displayed using linux hexdump utility, eg:
hexdump pkt_data
output might show like:
0000000 0080 6400 0000 e803 adde efbe
000000c
