Testing security with hping

You can test the security of your network in a number of ways. One is to hire your own hacker and see if he can get in. Another (and maybe more practical) way is to install hping. As the name suggests, hping is based on the ping utility, but the two applications are used in different ways.

You will have used ping to see if a device is accessible via a network, and even looked at the route between your computer and another one (by using the -R option). Ping uses the Internet Control Message Protocol (ICMP), one of the fundamental elements of TCP/IP. All that it does is send out ICMP requests (the ICMP ECHO_REQUEST) and then waits for a valid reply (an ICMP ECHO_RESPONSE). Ping tells you that the destination is reachable, but says nothing about what is going on at the other end. In fact, a device does not even have to be fully booted before it will respond to ping.

Hping differs from ping in that as well as sending ICMP packets, it can also send UDP (User Datagram Protocol) and IP (Internet Protocol) packets. The default is TCP (Transmission Control Protocol). Users can also modify packet headers to try to elicit different responses from target devices.

Using hping to simulate an attack

When attacking a system, hackers frequently start by carrying out a SYN Scan, which is the first step in a TCP/IP handshake and a basic way of obtaining information about a targeted computer. The hacker sends a SYN packet to a port on the computer. If the port is available for communication then the computer will return a SYN/ACC packet. If he gets this response then the hacker knows that he has found a possible way in.

This is where hping comes into its own. We can use it to carry out exactly this type of activity (you may have to log in as root to run hping):

Article Written by