1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
|
Say hping3, not hping2.
--- hping3-3.a2.ds1.orig/docs/hping3.8
+++ hping3-3.a2.ds1/docs/hping3.8
@@ -1,8 +1,8 @@
-.TH HPING2 8 "2001 Aug 14"
+.TH HPING3 8 "2001 Aug 14"
.SH NAME
-hping2 \- send (almost) arbitrary TCP/IP packets to network hosts
+hping3 \- send (almost) arbitrary TCP/IP packets to network hosts
.SH SYNOPSIS
-.B hping2
+.B hping3
[
.B \-hvnqVDzZ012WrfxykQbFSRPAUXYjJBuTG
] [
@@ -116,11 +116,11 @@
.br
.ad
.SH DESCRIPTION
-hping2 is a network tool able to send custom TCP/IP packets and to
-display target replies like ping program does with ICMP replies. hping2
+hping3 is a network tool able to send custom TCP/IP packets and to
+display target replies like ping program does with ICMP replies. hping3
handle fragmentation, arbitrary packets body and size and can be used in
order to transfer files encapsulated under supported protocols. Using
-hping2 you are able to perform at least the following stuff:
+hping3 you are able to perform at least the following stuff:
- Test firewall rules
- Advanced port scanning
@@ -136,7 +136,7 @@
- A lot of others.
.IR "It's also a good didactic tool to learn TCP/IP" .
-hping2 is developed and maintained by antirez@invece.org and is
+hping3 is developed and maintained by antirez@invece.org and is
licensed under GPL version 2. Development is open so you can send
me patches, suggestion and affronts without inhibitions.
.SH HPING SITE
@@ -158,7 +158,7 @@
.I -c --count count
Stop after sending (and receiving)
.I count
-response packets. After last packet was send hping2 wait COUNTREACHED_TIMEOUT
+response packets. After last packet was send hping3 wait COUNTREACHED_TIMEOUT
seconds target host replies. You are able to tune COUNTREACHED_TIMEOUT editing
hping2.h
.TP
@@ -171,10 +171,10 @@
.I wait
to X micro seconds.
The default is to wait
-one second between each packet. Using hping2 to transfer files tune this
+one second between each packet. Using hping3 to transfer files tune this
option is really important in order to increase transfer rate. Even using
-hping2 to perform idle/spoofing scanning you should tune this option, see
-.B HPING2-HOWTO
+hping3 to perform idle/spoofing scanning you should tune this option, see
+.B HPING3-HOWTO
for more information.
.TP
.I --fast
@@ -195,13 +195,13 @@
startup time and when finished.
.TP
.I -I --interface interface name
-By default on linux and BSD systems hping2 uses default routing interface.
+By default on linux and BSD systems hping3 uses default routing interface.
In other systems or when there is no default route
-hping2 uses the first non-loopback interface.
-However you are able to force hping2 to use the interface you need using
+hping3 uses the first non-loopback interface.
+However you are able to force hping3 to use the interface you need using
this option. Note: you don't need to specify the whole name, for
example -I et will match eth0 ethernet0 myet1 et cetera. If no interfaces
-match hping2 will try to use lo.
+match hping3 will try to use lo.
.TP
.I -V --verbose
Enable verbose output. TCP replies will be shown as follows:
@@ -211,7 +211,7 @@
.TP
.I -D --debug
Enable debug mode, it's useful when you experience some problem with
-hping2. When debug mode is enabled you will get more information about
+hping3. When debug mode is enabled you will get more information about
.B interface detection, data link layer access, interface settings, options
.B parsing, fragmentation, HCMP protocol
and other stuff.
@@ -223,30 +223,30 @@
CTRL+Z once or twice.
.TP
.I -Z --unbind
-Unbind CTRL+Z so you will able to stop hping2.
+Unbind CTRL+Z so you will able to stop hping3.
.TP
.I --beep
Beep for every matching received packet (but not for ICMP errors).
.SH PROTOCOL SELECTION
-Default protocol is TCP, by default hping2 will send tcp headers to target
+Default protocol is TCP, by default hping3 will send tcp headers to target
host's port 0 with a winsize of 64 without any tcp flag on. Often this
is the best way to do an 'hide ping', useful when target is behind
a firewall that drop ICMP. Moreover a tcp null-flag to port 0 has a good
probability of not being logged.
.TP
.I -0 --rawip
-RAW IP mode, in this mode hping2 will send IP header with data
+RAW IP mode, in this mode hping3 will send IP header with data
appended with --signature and/or --file, see also --ipproto that
allows you to set the ip protocol field.
.TP
.I -1 --icmp
-ICMP mode, by default hping2 will send ICMP echo-request, you can set
+ICMP mode, by default hping3 will send ICMP echo-request, you can set
other ICMP type/code using
.B --icmptype --icmpcode
options.
.TP
.I -2 --udp
-UDP mode, by default hping2 will send udp to target host's port 0.
+UDP mode, by default hping3 will send udp to target host's port 0.
UDP header tunable options are the following:
.B --baseport, --destport, --keep.
.TP
@@ -288,11 +288,11 @@
shows interesting details.
.TP
.I -9 --listen signature
-HPING2 listen mode, using this option hping2 waits for packet that contain
+HPING3 listen mode, using this option hping3 waits for packet that contain
.I signature
and dump from
.I signature
-end to packet's end. For example if hping2 --listen TEST reads a packet
+end to packet's end. For example if hping3 --listen TEST reads a packet
that contain
.B 234-09sdflkjs45-TESThello_world
it will display
@@ -304,7 +304,7 @@
ensures that target will not gain your real address. However replies
will be sent to spoofed address, so you will can't see them. In order
to see how it's possible to perform spoofed/idle scanning see the
-.BR HPING2-HOWTO .
+.BR HPING3-HOWTO .
.TP
.I --rand-source
This option enables the
@@ -347,7 +347,7 @@
or
.B --bind
options. If in doubt try
-.BR "" "`" "hping2 some.host.com -t 1 --traceroute" "'."
+.BR "" "`" "hping3 some.host.com -t 1 --traceroute" "'."
.TP
.I -N --id
Set ip->id field. Default id is random but if fragmentation is turned on
@@ -361,11 +361,11 @@
.I -W --winid
id from Windows* systems before Win2k has different byte ordering, if this
option is enable
-hping2 will properly display id replies from those Windows.
+hping3 will properly display id replies from those Windows.
.TP
.I -r --rel
Display id increments instead of id. See the
-.B HPING2-HOWTO
+.B HPING3-HOWTO
for more information. Increments aren't computed as id[N]-id[N-1] but
using packet loss compensation. See relid.c for more information.
.TP
@@ -445,7 +445,7 @@
.SH TCP/UDP RELATED OPTIONS
.TP
.I -s --baseport source port
-hping2 uses source port in order to guess replies sequence number. It
+hping3 uses source port in order to guess replies sequence number. It
starts with a base source port number, and increase this number for each
packet sent. When packet is received sequence number can be computed as
.IR "replies.dest.port - base.source.port" .
@@ -485,7 +485,7 @@
by target host. This can be useful when you need to analyze whether
TCP sequence number is predictable. Output example:
-.B #hping2 win98 --seqnum -p 139 -S -i u1 -I eth0
+.B #hping3 win98 --seqnum -p 139 -S -i u1 -I eth0
.nf
HPING uaz (eth0 192.168.4.41): S set, 40 headers + 0 data bytes
2361294848 +2361294848
@@ -540,8 +540,8 @@
.SH COMMON OPTIONS
.TP
.I -d --data data size
-Set packet body size. Warning, using --data 40 hping2 will not generate
-0 byte packets but protocol_header+40 bytes. hping2 will display
+Set packet body size. Warning, using --data 40 hping3 will not generate
+0 byte packets but protocol_header+40 bytes. hping3 will display
packet size information as first line output, like this:
.B HPING www.yahoo.com (ppp0 204.71.200.67): NO FLAGS are set, 40 headers + 40 data bytes
.TP
@@ -577,9 +577,9 @@
A to host B you may use the following:
.nf
.I [host_a]
-.B # hping2 host_b --udp -p 53 -d 100 --sign signature --safe --file /etc/passwd
+.B # hping3 host_b --udp -p 53 -d 100 --sign signature --safe --file /etc/passwd
.I [host_b]
-.B # hping2 host_a --listen signature --safe --icmp
+.B # hping3 host_a --listen signature --safe --icmp
.fi
.TP
.I -u --end
@@ -587,13 +587,13 @@
.I --file filename
option, tell you when EOF has been reached. Moreover prevent that other end
accept more packets. Please, for more information see the
-.BR HPING2-HOWTO .
+.BR HPING3-HOWTO .
.TP
.I -T --traceroute
-Traceroute mode. Using this option hping2 will increase ttl for each
+Traceroute mode. Using this option hping3 will increase ttl for each
.B ICMP time to live 0 during transit
received. Try
-.BR "hping2 host --traceroute" .
+.BR "hping3 host --traceroute" .
This option implies --bind and --ttl 1. You can override the ttl of 1
using the --ttl option. Since 2.0.0 stable it prints RTT information.
.TP
@@ -601,7 +601,7 @@
Keep the TTL fixed in traceroute mode, so you can monitor just one hop
in the route. For example, to monitor how the 5th hop changes or
how its RTT changes you can try
-.BR "hping2 host --traceroute --ttl 5 --tr-keep-ttl" .
+.BR "hping3 host --traceroute --ttl 5 --tr-keep-ttl" .
.TP
.I --tr-stop
If this option is specified hping will exit once the first packet
--- hping3-3.a2.ds1.orig/main.c
+++ hping3-3.a2.ds1/main.c
@@ -193,8 +193,8 @@
}
if (parse_options(argc, argv) == -1) {
- printf("hping2: missing host argument\n"
- "Try `hping2 --help' for more information.\n");
+ printf("hping3: missing host argument\n"
+ "Try `hping3 --help' for more information.\n");
exit(1);
}
@@ -298,7 +298,7 @@
/* if we are in listemode enter in listenmain() else */
/* print HPING... bla bla bla and enter in wait_packet() */
if (opt_listenmode) {
- fprintf(stderr, "hping2 listen mode\n");
+ fprintf(stderr, "hping3 listen mode\n");
/* memory protection */
if (memlockall() == -1) {
--- hping3-3.a2.ds1.orig/parseoptions.c
+++ hping3-3.a2.ds1/parseoptions.c
@@ -215,12 +215,12 @@
case AGO_UNKNOWN:
case AGO_REQARG:
case AGO_AMBIG:
- ago_gnu_error("hping", o);
- fprintf(stderr, "Try hping --help\n");
+ ago_gnu_error("hping3", o);
+ fprintf(stderr, "Try hping3 --help\n");
exit(1);
case AGO_ALONE:
if (targethost_set == 1) {
- fprintf(stderr, "hping: you must specify only "
+ fprintf(stderr, "hping3: you must specify only "
"one target host at a time\n");
exit(1);
} else {
--- hping3-3.a2.ds1.orig/usage.c
+++ hping3-3.a2.ds1/usage.c
@@ -16,7 +16,7 @@
void show_usage(void)
{
printf(
-"usage: hping host [options]\n"
+"usage: hping3 host [options]\n"
" -h --help show this help\n"
" -v --version show version\n"
" -c --count packet count\n"
--- hping3-3.a2.ds1.orig/version.c
+++ hping3-3.a2.ds1/version.c
@@ -18,7 +18,7 @@
void show_version(void)
{
- printf("hping version %s (%s)\n", RELEASE_VERSION, RELEASE_DATE);
+ printf("hping3 version %s (%s)\n", RELEASE_VERSION, RELEASE_DATE);
#ifdef USE_TCL
printf("This binary is TCL scripting capable\n");
#else
|