The hping command can be used to generate and analyze tcp packets. It's brought to you by Salvatore Sanfilippo (aka Antirez). It can be useful in testing n


There is an hping RPM available in the EPEL repository. If you have the EPEL repo setup, you can install with yum, if you don't have it setup, you will need to set it up.

yum -y install hping3

Scan for TCP and ICMP Timestamps

Security firms consider exposed timestamps (especially publicly exposed) to be a concern. Not the most threatening of concerns, but it's best practice to give away as little information on your network as possible. The network timestamps are often enabled by default like on Cisco ASA routers, as well as many other devices and operating systems.

Try to Obtain TCP Timestamp Intervals

This command will send 5 packets to port 443 (assuming 443 is listening).

hping3 --tcp-timestamp -c 5 -p 443 ip.or.host.name

If the above hping replies, the TCP timestamp intervals are exposed, if you do not get any replies then your TCP timestamp intervals are not exposed.

Try to Obtain ICMP Timestamp Intervals

ICMP types 13 and 14 are related to timestamps. 

  • ICMP Type 13 - Timestamp Request
  • ICMP Type 14 - Timestamp Response

Timestamp Requests

hping3 --icmp --icmptype 13 -c 5 ip.or.host.name

Timestamp Responses

hping3 --icmp --icmptype 14 -c 5 ip.or.host.name

Scan For Open Ports with hping

This command will perform a TCP syn scan "-S" flag, on the specified port ranges 20-30, 70-90, and 5400-5500 on server01.example.centoshowtos.org.

hping --scan 20-30,70-90,5400-5500 -S server01.example.centoshowtos.org