Solution

• Hping is a free packet generator and analyzer for the TCP/IP protocol. It is one of the de facto tools for security auditing and testing of firewalls and networks.

• It was used to exploit the idle scan scanning technique and now implemented in the NMAP security scanner.

• The new version of hping, hping3, is scriptable using the tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in very short time.

• Hping is useful to both system administrator and hackers.

• Hping also has a listen mode, enabling it to be used as an unsophisticated backdoor for covert remote access or file transfers.

• Hping’s “listen” mode can be used for receiving data.

• When hping is in listen mode, it monitors traffic for a special “signature” that indicates it should capture the data to follow.

• Some uses of hping are as follows:

  • Determining a Host’s Status When Ping Doesn’t Work

  • Testing Firewall Rules

  • Stealth Port Scanning

  • Remote OS Fingerprinting