Playing with Hping3 alpha-2

O'Reilly recently featured an interview with Hping author Salvatore Sanfilippo titled Network Tool Development with hping3. Hping is a packet crafting tool with a long lineage. I recommend reading the interview if you'd like background on Hping and what the developer formerly known as antirez is doing. I downloaded hping3-alpha-2.tar.gz to a system running FreeBSD 5.3 BETA1 and gave it a try.

Before extracting and installing the new Hping3, you must have a Tcl interpreter installed. Tcl is required because Hping now works within a Tcl shell. It surprised me to see Tcl used in something other than Sguil. Here are highlights from the installation process:

fedorov:/home/hping3-alpha-2$ ./configure
build byteorder.c...
create byteorder.h...
===> Found Tclsh in: /usr/local/bin/tclsh8.4
system type: FREEBSD

MANPATH : /usr/local/man
TCL_VER : 8.4
TCL_INC : -I/usr/local/include/tcl8.4
LIBTCL : -ltcl84 -lm -lpthread
TCLSH : /usr/local/bin/tclsh8.4

(to modify try configure --help)
creating Makefile...
creating dependences...
now you can try `make'
fedorov:/home/hping3-alpha-2$ make
./hping3 -v
hping version 3.0.0-alpha-1
($Id: release.h,v 1.4 2004/04/09 23:38:56 antirez Exp $)

Here's what running Hping3 looks like. I followed some of the getting started tutorial. First I resolve a hostname and then I try to send an ICMP packet:

fedorov:/root# hping3
hping3> hping resolve www.taosecurity.com
hping3> hping send {ip{daddr=}+icmp{type=8,code=0}}
Packet building error: 'Unknown keyword: 'ip{daddr''
in packet ip{daddr=}+icmp{type=8,code=0}

Notice how I got an error when I mistyped curly braces instead of parentheses. Below I fixed the error and sent a packet.

hping3> hping send {ip(daddr=,code=0)}

Next I receive a packet on the wire within Hping3:

hping3> hping recv em0

This packet is represented in Ars Packet Description (APD) format, a standard developed by Antirez. Check the Hping wiki for more information.


