Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

trouble with ping version 0.1BETA2

From: geca <geca () lansp ru>
Date: Tue, 24 Nov 2009 21:54:09 +0300
Hellow
i did install nping version 0.1BETA2 for MAC os.
I try make spoof IP address, but option --source-ip dont work:
My network setings:
ifconfig en1
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::21e:c2ff:fea6:6a85%en1 prefixlen 64 scopeid 0x4
        inet 10.71.0.100 netmask 0xfffff800 broadcast 10.71.7.255
        ether 00:1e:c2:a6:6a:85
        media: autoselect status: active
        supported media: autoselect

run nping with options:
nping --tcp-connect -p 111 --debug -c 1 --source-ip=10.1.1.1 --dest- ip=10.71.0.201 

Nping will send packets in unprivileged mode using regular system calls
Starting Nping 0.1BETA2 ( http://nmap.org/nping ) at 2009-11-24 21:47 MSK 
Resolving specified targets...
1 target IP address determined.
Next target returned by getNextTarget(): Targets[0/1] --> 10.71.0.201

NSOCK (0.0000s) msevent_new (IOD #NULL) (EID #12)
NSOCK (0.0000s) Timer created - 1ms from now.  EID 12
NSOCK (0.0000s) NSE #12: Adding event
NSOCK (0.0000s) nsock_loop() started (timeout=1ms). 1 events pending
NSOCK (0.0000s) wait_for_events
NSOCK (0.0000s) before iterating, list 0
NSOCK (0.0000s) before iterating, list 1
NSOCK (0.0000s) before iterating, list 2
NSOCK (0.0000s) before iterating, list 3
NSOCK (0.0000s) before iterating 12
NSOCK (0.0000s) before iterating, list 4
NSOCK (0.0000s) list 3, iterating 12
NSOCK (0.0000s) NSE #12: Removing event from event_lists[3]
NSOCK (0.0000s) Callback: TIMER SUCCESS for EID 12
tcpconnect_event_handler(): Received callback of type TIMER with status SUCCESS 
NSOCK (0.0000s) msevent_new (IOD #1) (EID #16)
NSOCK (0.0000s) TCP connection requested to 10.71.0.201:111 (IOD #1) EID 16 
NSOCK (0.0000s) NSE #16: Adding event
SENT (0.0000s) Starting TCP Handshake > 10.71.0.201:111
NSOCK (0.0000s) msevent_delete (IOD #NULL) (EID #12)
NSOCK (0.0000s) nsock_loop() started (timeout=1000ms). 1 events pending
NSOCK (0.0000s) wait_for_events
NSOCK (0.0010s) before iterating, list 0
NSOCK (0.0010s) before iterating 16
NSOCK (0.0010s) before iterating, list 1
NSOCK (0.0010s) before iterating, list 2
NSOCK (0.0010s) before iterating, list 3
NSOCK (0.0010s) before iterating, list 4
NSOCK (0.0010s) list 0, iterating 16
NSOCK (0.0010s) NSE #16: Removing event from event_lists[0]
NSOCK (0.0010s) Callback: CONNECT SUCCESS for EID 16 [10.71.0.201:111]
tcpconnect_event_handler(): Received callback of type CONNECT with status SUCCESS 
RECV (0.0010s) Handshake with 10.71.0.201:111 completed
NSOCK (0.0010s) msevent_delete (IOD #1) (EID #16)

Next target returned by getNextTarget(): Targets[0/1] --> 10.71.0.201

Max rtt: 0.940ms | Min rtt: 0.940ms | Avg rtt: 0.940ms
TCP connection attempts: 1 | Successful connections: 1 | Failed: 0 (0.00%) 
Tx time: 0.00073s | Tx bytes/s: 109589.04 | Tx pkts/s: 1369.86
Rx time: 0.00167s | Rx bytes/s: 23952.10 | Rx pkts/s: 599.16
Nping done: 1 IP address pinged in 0.00 seconds
I watch tcpdump log on destination host (10.71.0.201) and i can't see spoofing IP addres. 
I see reall ip address.
It's bug?

tcpdump -i eth0 -n  port 111 -e
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
21:53:18.755522 00:1e:c2:a6:6a:85 > 00:20:ed:60:44:d6, ethertype IPv4 (0x0800), length 78: IP 10.71.0.100.60955 > 10.71.0.201.sunrpc: S 2429334520:2429334520(0) win 65535 <mss 1460,nop,wscale 3,nop,nop,timestamp 406321374 0,sackOK,eol> 21:53:18.755585 00:20:ed:60:44:d6 > 00:1e:c2:a6:6a:85, ethertype IPv4 (0x0800), length 74: IP 10.71.0.201.sunrpc > 10.71.0.100.60955: S 2655139069:2655139069(0) ack 2429334521 win 5792 <mss 1460,sackOK,timestamp 3934924864 406321374,nop,wscale 2> 21:53:18.756540 00:1e:c2:a6:6a:85 > 00:20:ed:60:44:d6, ethertype IPv4 (0x0800), length 66: IP 10.71.0.100.60955 > 10.71.0.201.sunrpc: . ack 1 win 65535 <nop,nop,timestamp 406321374 3934924864> 21:53:18.759123 00:1e:c2:a6:6a:85 > 00:20:ed:60:44:d6, ethertype IPv4 (0x0800), length 66: IP 10.71.0.100.60955 > 10.71.0.201.sunrpc: F 1:1 (0) ack 1 win 65535 <nop,nop,timestamp 406321374 3934924864> 21:53:18.759695 00:20:ed:60:44:d6 > 00:1e:c2:a6:6a:85, ethertype IPv4 (0x0800), length 66: IP 10.71.0.201.sunrpc > 10.71.0.100.60955: F 1:1 (0) ack 2 win 1448 <nop,nop,timestamp 3934924868 406321374> 21:53:18.760401 00:1e:c2:a6:6a:85 > 00:20:ed:60:44:d6, ethertype IPv4 (0x0800), length 66: IP 10.71.0.100.60955 > 10.71.0.201.sunrpc: . ack 2 win 65535 <nop,nop,timestamp 406321374 3934924868> 

Best regards
Evgeniy
russia
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: