0P3N Blog Blog Post

TCPING - NMAP's Cousin

By: kj2015
November 23, 2016
macbook-1711344_1280TCPING is a utility that operates similarly to PING; however, it works over a TCP port. This utility can be very useful for troubleshooting network connectivity and performance issue at Layer 3 and Layer 4.TCPING can also speak HTTP. If the '-h' flag is used, tcping will connect and attempt to download the given URL over HTTP in addition to opening the port.(Note: doesn't parse www.example.com:8080/index.html format. Use "tcping -h www.example.com/index.html 8080" instead.)I have named this utility as cousin brother of NMAP tool as it can be used by a hacker to probe the host and its associated open ports (services). Even though it not as sophisticated as NMAP still its worth to keep it in an arsenal and for this, I would credit Eli Fulkerson for writing this tiny but, nutty tool.Usage: tcping.exe [-flags] server-address [server-port]Usage (full): tcping.exe [-t] [-d] [-i interval] [-n times] [-w ms] [-b n] [-r times] [-s] [-v] [-j][--tee filename] [-h] [-u] [--post] [--head] [-f] server-address [server-port]-t: ping continuously until stopped via control-c-n 5: for instance, send 5 pings-i 5: for instance, ping every 5 seconds-w 0.5: for instance, wait 0.5 seconds for a response-d: include date and time on each line-b 1: enable beeps (1 for on-down, 2 for on-up, 3 for on-change, 4 for always)-r 5: for instance, relookup the hostname every 5 pings-s: automatically exit on a successful ping-v: print version and exit-j: include jitter, using default rolling average-js 5: include jitter, with a rolling average size of (for instance) 5.--tee: mirror output to a filename specified after '--tee'-4: prefer ipv4-6: prefer ipv6-c : only show an output line on changed state HTTP Options:-h: HTTP mode (use url without https:// for server-address)-u: include target URL on each line

--post : use POST rather than GET (may avoid caching)--head : use HEAD rather than GET--proxy-server : specify a proxy server--proxy-port   : specify a proxy port Debug Options:

-f: force tcping to send at least one byteIf you don't pass server-port, it defaults to 80.Examples -#tcping 127.0.0.1Probing 127.0.0.1:80/tcp - No response - time=2025.865msProbing 127.0.0.1:80/tcp - No response - time=2010.567msProbing 127.0.0.1:80/tcp - No response - time=2010.922msProbing 127.0.0.1:80/tcp - No response - time=2010.812msPing statistics for 127.0.0.1:804 probes sent.0 successful, 4 failed.Was unable to connect, cannot provide trip statistics.#tcping  www.google.comProbing 68.124.200.82:80/tcp - Port is open - time=99.117msProbing 68.124.200.82:80/tcp - Port is open - time=86.670msProbing 68.124.200.82:80/tcp - Port is open - time=94.142msProbing 68.124.200.82:80/tcp - Port is open - time=109.817msPing statistics for 74.125.236.165:804 probes sent.4 successful, 0 failed.Approximate trip times in milli-seconds:Minimum = 86.670ms, Maximum = 109.817ms, Average = 97.436ms#tcping -h www.google.com** Requesting "" from www.google.com: (for various reasons, kbit/s is an approximation)Probing 68.124.200.82:80/tcp - HTTP is open - time=222.451ms rcv_time=4872.588 status=302 bytes=543 kbit/s=~0.874Probing 68.124.200.82:80/tcp - HTTP is open - time=270.149ms rcv_time=241.875 status=302 bytes=546 kbit/s=~18.900Probing 68.124.200.82:80/tcp - HTTP is open - time=369.240ms rcv_time=215.540 status=302 bytes=547 kbit/s=~21.615Probing 68.124.200.82:80/tcp - HTTP is open - time=200.043ms rcv_time=210.911 status=302 bytes=547 kbit/s=~21.698Ping statistics for 68.124.200.82:804 probes sent.4 successful, 0 failed.Approximate trip times in milli-seconds:  Minimum = 200.743ms, Maximum = 367.240ms, Average = 267.596msApproximate download times in milli-seconds: Minimum = 211.911ms, Maximum = 4972.588ms, Average = 1407.229ms

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry