Nmap Development mailing list archives
Re: Fragscan not working?
From: Fyodor <fyodor () insecure org>
Date: Wed, 7 Apr 2010 22:02:08 -0700
On Wed, Apr 07, 2010 at 06:49:40PM +0000, Brandon Enright wrote:
On Wed, 7 Apr 2010 09:55:59 -0500 Ron <ron () skullsecurity net> wrote: I seem to have a different problem. My scans work and I get responses back with -f but a quick look with tcpdump shows my packets aren't fragmented. I'm running 2.6.31 mostly vanilla. If I add --send-eth I do see the fragments go by and the scan also works. I suppose -f should probably imply --send-eth, at least on Linux.
I'm not sure if Linux always does that. Here is what the man page entry for -f says about the issue: Some source systems defragment outgoing packets in the kernel. Linux with the iptables connection tracking module is one such example. Do a scan while a sniffer such as Wireshark is running to ensure that sent packets are fragmented. If your host OS is causing problems, try the --send-eth option to bypass the IP layer and send raw ethernet frames. That being said, I'm open to ways to make -f work better, or to detect problems better, or to document issues better, etc. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? David Fifield (Apr 07)
- Re: Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? Brandon Enright (Apr 07)
- Re: Fragscan not working? Michael Pattrick (Apr 07)
- Re: Fragscan not working? Kris Katterjohn (Apr 07)
- Re: Fragscan not working? Fyodor (Apr 07)
- Re: Fragscan not working? Michael Pattrick (Apr 07)
- Re: Fragscan not working? Fyodor (Apr 08)
- Re: Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? David Fifield (Apr 07)
- <Possible follow-ups>
- RE: Fragscan not working? Derek (Apr 09)