HPING

hping3 -S IP_address -p 80                 | -p for specifying the port number, hping by default sends to port 0

                                           | -S send SYN packets


hping3 -S IP_address -p 80 -c 4            | -c specifies the number of packet HPING can send to the target machine



hping3 -S --scan known IP_Address           | scan for open ports before starting the idle scanning



hping3 -S --scan 1-1000 192.168.60.4   | SYN scan (half open) 


 ** reponding ports mean open and non-respondent mean close

UDP Scan

hping3 -2 --scan 1-1000 192.168.50.4

Idle Scan

hping3 -r -S -p portNumber  IP_Address                   | Idle/zombie scan     ----[1] detecting the zombie machine


hping3 -a [zombie IP] -S  -p [target port] [target IP]   | Identify the zombie  ------ [2] crafting packet for analysis

Xmas Scan

hping3 -F -P -U -p 80, 25, 135  192.168.60.4


--No reponses mean either open or filtered ports 

-- Reponses mean closed ports


hping3 -F -P -U --scan 1-1000  25, 135  192.168.60.4 -V

Null Scan

hping3  --scan 1-1000 192.168.50.2 -V

--No reponses mean either open or filtered ports 

-- Reponses mean closed ports

Firewall Evasion

hping3 --rand-source -S -p 80 192.168.50.3  -c 3 |

hping3 -a 192.168.70.60  -S -p 80 192.168.50.3   | 

hping3 -S -s 53 --scan known  192.168.50.3       | send traffic from port 53 

hping3 -S -p 21 --data-length 24 192.168.50.3    |

hping3 -1 --rand-dest 192.169.8.x -I eht2        | scan a range of the netblock IPs

hping3 -S --scan 80, 43, 21, 192.168.2.1 -i u100 | delay 100 microsconds