Nmap Development mailing list archives
Re: Fragscan not working?
From: Ron <ron () skullsecurity net>
Date: Wed, 7 Apr 2010 09:55:59 -0500
On Wed, 7 Apr 2010 08:51:04 -0600 David Fifield <david () bamsoftware com> wrote:
On Wed, Apr 07, 2010 at 09:30:01AM -0500, Ron wrote:My friend reported fragscan (-f) not working on the latest version of Nmap. I tried a couple experiments (both against hosts on the local network and off the local network) and got absolutely no responses (ie, 'no ports open').It works for me against scanme.nmap.org and against the LAN. Did a previous version of Nmap work for your friend? David Fifield
Yes, he said that 4.68 or so worked. I just tried scanme.insecure.org from two different computers and it didn't work. they can't scan each other, either, using -f (they're on different subnets on our intranet, but there's no filtering between them). I also tried scanning two systems on the same subnet with no luck. I can send a packet capture off list, if that would help. This is the output from a test system scanning scanme.insecure.org-- looks like nothing's being received $ sudo ./nmap -f -d scanme.insecure.org Password: Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-04-07 09:53 CDT PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Initiating Ping Scan at 09:53 Scanning scanme.insecure.org (64.13.134.52) [4 ports] Packet capture filter (device eth0): dst host x.x.x.x and (icmp or ((tcp or udp or sctp) and (src host 64.13.134.52))) We got a ping packet back from 64.13.134.52: id = 15136 seq = 0 checksum = 50399 Completed Ping Scan at 09:53, 0.13s elapsed (1 total hosts) Overall sending rates: 30.46 packets / s, 1157.33 bytes / s. mass_rdns: Using DNS server 4.2.2.6 mass_rdns: Using DNS server 4.2.2.5 Initiating Parallel DNS resolution of 1 host. at 09:53 mass_rdns: 0.07s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 09:53, 0.07s elapsed DNS resolution of 1 IPs took 0.08s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0] Initiating SYN Stealth Scan at 09:53 Scanning scanme.insecure.org (64.13.134.52) [1000 ports] Packet capture filter (device eth0): dst host x.x.x.x and (icmp or ((tcp or udp or sctp) and (src host 64.13.134.52))) SYN Stealth Scan Timing: About 50.25% done; ETC: 09:54 (0:00:31 remaining) Completed SYN Stealth Scan at 09:54, 60.56s elapsed (1000 total ports) Overall sending rates: 33.03 packets / s, 1453.18 bytes / s. Nmap scan report for scanme.insecure.org (64.13.134.52) Host is up, received echo-reply (0.059s latency). rDNS record for 64.13.134.52: scanme.nmap.org All 1000 scanned ports on scanme.insecure.org (64.13.134.52) are filtered because of 1000 no-responses Final times for host: srtt: 59259 rttvar: 59259 to: 296295 Read from .: nmap-services. Nmap done: 1 IP address (1 host up) scanned in 61.05 seconds Raw packets sent: 6010 (168.272KB) | Rcvd: 1 (28B) -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? David Fifield (Apr 07)
- Re: Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? Brandon Enright (Apr 07)
- Re: Fragscan not working? Michael Pattrick (Apr 07)
- Re: Fragscan not working? Kris Katterjohn (Apr 07)
- Re: Fragscan not working? Fyodor (Apr 07)
- Re: Fragscan not working? Michael Pattrick (Apr 07)
- Re: Fragscan not working? Fyodor (Apr 08)
- Re: Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? David Fifield (Apr 07)
- <Possible follow-ups>
- RE: Fragscan not working? Derek (Apr 09)