nping

TCP Connect (Handshake)

Perform a standard TCP 3-way handshake with a single host.

nping --tcp-connect [target host]

Example output: Establishes a TCP connection and reports RTT (Round Trip Time).

Use case: Test if a host is reachable and accepting TCP connections.

Multiple TCP Targets

Perform TCP connect against multiple specified targets.

nping --tcp-connect host1.example.com host2.example.com host3.example.com

Use case: Test connectivity to multiple servers simultaneously to identify which ones are accessible.

Port Range Scan

Attempt TCP handshake on ports 1 through 80 (count set to 1 per port).

nping --tcp-connect [target host] -p1-80 -c 1

Note: Useful for quick port scanning. Use responsibly and only on systems you own or have permission to test.

Example: Check which common services are running on a server.

UDP with Payload

Send a UDP packet to port 53 with 100 bytes of random data.

nping --udp [target host] -p 53 --data-length 100

Common UDP ports:

• 53 - DNS queries
• 123 - NTP time synchronization
• 161 - SNMP network management
• 514 - Syslog logging

Use case: Test UDP service availability or firewall rules for stateless protocols.

Stress / Rate Test

Send 500 TCP packets at a rate of 50 packets per second.

nping --tcp [target host] --rate 50 -c 500

Warning: High rates may trigger intrusion detection systems or be interpreted as a DoS attack. Only use on your own infrastructure or with explicit permission.

Use case: Test network throughput, server load handling, or firewall rate limiting.

Bad Checksum

Send a packet with an invalid checksum from source port [src port] to port 80.

nping --udp --badsum --source-port 8080 -p [target port] [target host]

Purpose: Test firewall and IDS/IPS checksum validation rules. Some firewalls may drop invalid packets while others pass them through.

Security note: This tests whether security devices are properly validating packet integrity.

ARP Request (Single)

Send an ARP request to resolve a physical (MAC) address for a specific host.

nping --arp [target host]

Network requirement: Must be on the same local network segment (Layer 2).

Use case: Verify IP-to-MAC address mapping or detect ARP spoofing.

ARP Request (Subnet)

Send ARP requests to all hosts in the /24 network range.

nping --arp 192.168.1.0/24

Result: Discovers active hosts on your local network by their MAC addresses.

Example: Map all devices connected to your local network for inventory or security auditing.

ICMP Echo Request

Send a standard Ping packet (Type 8 - Echo Request).

nping [target host] --icmp --icmp-type echo

Alternative: Use --icmp-type 8 for the same result.

Use case: Basic connectivity test - verify if host is reachable and responding to ICMP.

ICMP Timestamp Request

Send an ICMP timestamp request to check remote system time.

nping [target host] --icmp --icmp-type timestamp

Use case: Time synchronization verification or detecting time-based security controls.

TCP SYN Scan

Send TCP SYN packets without completing the handshake (stealth scan).

nping --tcp [target host] --flags syn -p 80,443,8080

Ports: Test common web service ports (HTTP, HTTPS, alternate HTTP).

Note: This is a half-open scan - doesn't complete the connection, leaving less traces in logs.

Common Options

Advanced Examples

Custom TCP Flags

Send a packet with custom TCP flags (SYN+ACK):

nping --tcp [target host] --flags syn,ack -p 80

Fragmented Packets

Send fragmented packets to test firewall reassembly:

nping --tcp [target host] --mtu 24 -p 80

IPv6 Support

Test IPv6 connectivity:

nping -6 [target host] --tcp -p 80

Safety and Legal Notes

• Always obtain proper authorization before testing networks
• Aggressive scanning may be interpreted as an attack
• Some techniques may violate terms of service or laws
• Use rate limiting to avoid overwhelming target systems
• Monitor your own network's response to understand defensive capabilities

Best practice: Test in isolated lab environments or against systems you own before production use.