Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fragscan not working?

From: Fyodor <fyodor () insecure org>
Date: Wed, 7 Apr 2010 22:02:08 -0700
On Wed, Apr 07, 2010 at 06:49:40PM +0000, Brandon Enright wrote:

On Wed, 7 Apr 2010 09:55:59 -0500
Ron <ron () skullsecurity net> wrote:

I seem to have a different problem.  My scans work and I get responses
back with -f but a quick look with tcpdump shows my packets aren't
fragmented.  I'm running 2.6.31 mostly vanilla.

If I add --send-eth I do see the fragments go by and the scan also
works.

I suppose -f should probably imply --send-eth, at least on Linux.


I'm not sure if Linux always does that.  Here is what the man page
entry for -f says about the issue:

  Some source systems defragment outgoing packets in the kernel. Linux
  with the iptables connection tracking module is one such example. Do
  a scan while a sniffer such as Wireshark is running to ensure that
  sent packets are fragmented. If your host OS is causing problems,
  try the --send-eth option to bypass the IP layer and send raw
  ethernet frames.

That being said, I'm open to ways to make -f work better, or to detect
problems better, or to document issues better, etc.

Cheers,
-F



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: