normal use of hping is uncommon apart from security testing and research. use by non-security engineers is very uncommon.

t1082
linux
elastic

Techniques

T1082

Sample rules

Hping Process Activity

source: elastic
technicques:
- T1082

Description

Hping ran on a Linux host. Hping is a FOSS command-line packet analyzer and has the ability to construct network packets for a wide variety of network security testing applications, including scanning and firewall auditing.

Detection logic

process where host.os.type == "linux" and event.type == "start" and
 event.action in ("exec", "exec_event", "start", "ProcessRollup2", "executed", "process_started") and
 process.name in ("hping", "hping2", "hping3")