Nmap Development mailing list archives

Re: Nmap 3.80 preview

From: Martin Mačok <martin.macok () underground cz>
Date: Mon, 7 Feb 2005 10:26:09 +0100

On Mon, Feb 07, 2005 at 09:08:46AM +0100, Andreas Ericsson wrote:

I have a slight preference for having one -f do the smallest fragment
size (8) with the mtu getting bigger for each additional -f (so 16 for
-ff).  So this is what I'll do for Nmap 3.81 unless there is a good
reason for doing the opposite?


I would say the other way around is more intuitive. It feels logical 
that -f means "fragment" and -ff (or -f -f) means "fragment more/more 
fragments". Perhaps there are other issues, but as always on monday 
mornings I speak before I can think things through.


I would agree with this. I slightly prefer -f for mtu=16 for this
reasons:

1) mtu=8 (tiny fragments) are more often dropped than mtu=16 (even
   recommended in RFC)

2) mtu=8 are more problematic to send (for example, you have to
   completely disable firewall on FreeBSD, which is not needed for
   mtu=16)

3) keep it compatible with older versions where single -f were mtu=16

4) as told above, it seems to be more intuitive: -f fragment, -ff
   fragment more.

Martin Mačok
ICT Security Consultant

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

Nmap 3.80 preview Fyodor (Feb 05)
- Re: Nmap 3.80 preview Martin Mačok (Feb 06)
  - Re: Nmap 3.80 preview Fyodor (Feb 06)
    - Re: Nmap 3.80 preview Andreas Ericsson (Feb 07)
    - Re: Nmap 3.80 preview Martin Mačok (Feb 07)
    - Re: Nmap 3.80 preview Fyodor (Feb 07)
    - Re: Nmap 3.80 preview Martin Mačok (Feb 07)
- <Possible follow-ups>
- Re: Nmap 3.80 preview Fyodor (Feb 10)