Stealth scanning with hping3
In addition to the discovery techniques that we learned previously, hping3 can also be used to perform port scans. This specific recipe demonstrates how we can use hping3 to perform a TCP stealth scan.
Getting ready
To use hping3 to perform a TCP stealth scan, you will need to have a remote system that is running accessible network services over TCP. In the examples provided, an instance of Metasploitable2 is used to perform this task. For more information on how to set up Metasploitable2, refer to Chapter 1, Getting Started.
How to do it…
In addition to the discovery capabilities that have already been mentioned, hping3 can also be used to perform a TCP port scan. To perform a port scan with hping3, we need to use the --scan
mode with an integer value to indicate the port number to be scanned:
root@KaliLinux:~# hping3 172.16.36.135 --scan 80 -S Scanning 172.16.36.135 (172.16.36.135), port 80 1 ports to scan, use -V to see all the replies +----+-----------+-----...