Nmap Development mailing list archives
Re: Fragscan not working?
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 07 Apr 2010 18:25:51 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/07/2010 01:49 PM, Brandon Enright wrote:
On Wed, 7 Apr 2010 09:55:59 -0500 Ron <ron () skullsecurity net> wrote:On Wed, 7 Apr 2010 08:51:04 -0600 David Fifield <david () bamsoftware com> wrote:On Wed, Apr 07, 2010 at 09:30:01AM -0500, Ron wrote:My friend reported fragscan (-f) not working on the latest version of Nmap. I tried a couple experiments (both against hosts on the local network and off the local network) and got absolutely no responses (ie, 'no ports open').It works for me against scanme.nmap.org and against the LAN. Did a previous version of Nmap work for your friend? David FifieldYes, he said that 4.68 or so worked. I just tried scanme.insecure.org from two different computers and it didn't work. they can't scan each other, either, using -f (they're on different subnets on our intranet, but there's no filtering between them). I also tried scanning two systems on the same subnet with no luck. I can send a packet capture off list, if that would help. This is the output from a test system scanning scanme.insecure.org-- looks like nothing's being receivedI seem to have a different problem. My scans work and I get responses back with -f but a quick look with tcpdump shows my packets aren't fragmented. I'm running 2.6.31 mostly vanilla. If I add --send-eth I do see the fragments go by and the scan also works. I suppose -f should probably imply --send-eth, at least on Linux.
I used -f against a host on my LAN (directly connected) and two hosts across the internet (google and scanme), and it all seemed to work fine. I used Wireshark and --packet-trace to watch the traffic, and Nmap gave me good data every time. I even reran using (the unneeded) --send-ip to be sure afterward. I'm running kernel 2.6.33 coming with Sidux (Debian sid).
Brandon
Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJLvRR/AAoJEEQxgFs5kUfu1l0P/3nL1uKJfoRbiZ5T75x2/woN fwEjeF05nOM1SBjvquQ+vfmPFuaSdPx90g9rZZDc7+xTqiKcXPpHQzEEUwNVc7ex JHGrpKbJ/Zpy55wJUZac2KRkvs/QqKO9EhyMO2CYwCKFh6H46sBA7Sx3CoQ6d1FX f5lwPd1qM/JaJI/D5ZuILN4mNbY0WVrAJ30JXGsYaPAsRlIDGG5P0UcuE39BHawM OzTJDqgztWsGaL8URJ7rxhBSZ5q11ErfJzo4ib0p3GuSNdtDTqMjQMwiMZ/asMdT aKOrGOKp9KH7WHHjBm+nGIPwoTImpovzd5G9DIGYzVYfu1KSDx/2J7tuq/EpvrEu Sa/RRJtKsWzH/4LSp+ZrKY+WOjgnlqSj2ynsZ0v0G8ukiR6an3kSwDTLdk3ExB0O AlI8dkDNHhE8FNq/oU3N4FtBsAVr5DT4Cu+Iubj/B+v4++YZDcyoxfCFePV8B2qJ AvWhidFLVTkniWNVip2Bu5km4wmkaGXIFXJ80bG492d/esNQgm5MKRiCUJ4WJYvW Ps6nmrG76WMycqKnKJKEbi+jBezzkJwydV1JO+eRPnFKYOa+dTfTnhL7+ZXWXJy9 uQsHDfHER0gYBUxB8fonhLSLnDY4yxlOrsGYrXsPo4Ut7w/j2h8apjEGY2tlNhX9 76eGia9nGkD5nxbNRLXt =8aBY -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? David Fifield (Apr 07)
- Re: Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? Brandon Enright (Apr 07)
- Re: Fragscan not working? Michael Pattrick (Apr 07)
- Re: Fragscan not working? Kris Katterjohn (Apr 07)
- Re: Fragscan not working? Fyodor (Apr 07)
- Re: Fragscan not working? Michael Pattrick (Apr 07)
- Re: Fragscan not working? Fyodor (Apr 08)
- Re: Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? David Fifield (Apr 07)
- <Possible follow-ups>
- RE: Fragscan not working? Derek (Apr 09)