hpinging windows box without using --winid option you will see as increments are 256 multiple because different id byteordering. This can be really usefull for OS fingerprinting:
#hping win95 -r
HPING win95 (eth0 192.168.4.41): NO FLAGS are set, 40 headers + 0 data bytes
46 bytes from 192.168.4.41: flags=RA seq=0 ttl=128 id=47371 win=0 rtt=0.5 ms
46 bytes from 192.168.4.41: flags=RA seq=1 ttl=128 id=+256 win=0 rtt=0.5 ms
46 bytes from 192.168.4.41: flags=RA seq=2 ttl=128 id=+256 win=0 rtt=0.6 ms
46 bytes from 192.168.4.41: flags=RA seq=3 ttl=128 id=+256 win=0 rtt=0.5 ms
-v Be verbose
-r Show route to target(traceroute)
-p <proto:portnum:state> Specify portnumber, protocol and state.
Example: tcp:23:open, UDP:53:CLOSED
-c <configfile> Specify config file to use.
-h Print this help.
-o <fname> Use logfile to log everything.
-t <time_sec> Set initial receive timeout or roundtrip time.
-s <send_delay> Set packsending delay (milseconds).
-d <debuglv> Specify debugging level.
-D <modnum> Disable module number <modnum>.
-M <modnum> Enable module number <modnum>.
-L Display modules.
-m <numofmatches> Specify number of matches to print.
-T <portspec> Enable TCP portscan for specified port(s).
Example: -T21-23,53,110
-U <portspec> Enable UDP portscan for specified port(s).
-f force fixed round-trip time (-t opt).
-F Generate signature (use -o to save to a file).
-X Generate XML output and save it to logfile specified
with -o.
-B Options forces TCP handshake module to try to guess
open TCP port
-A Perform analysis of sample packets gathered during
portscan in
order to detect suspicious traffic (i.e. transparent
proxies,
firewalls/NIDSs resetting connections). Use with -T.
Fail. In hping no such functionality.
nonsense:
Try xprobe2 usage: xprobe2 [options] target
Options:
with -o.
open TCP port
portscan in
proxies,