Nmap Development mailing list archives
Re: [RFC] path-mtu.nse, host.interface_mtu, etc.
From: David Fifield <david () bamsoftware com>
Date: Mon, 23 Aug 2010 10:37:45 -0600
On Wed, Aug 04, 2010 at 08:05:00PM -0500, Kris Katterjohn wrote:
The script isn't working for me with SYN probes. I'm not sure what's wrong but tcpdump doesn't show any replies.<snip>Host script results: |_path-mtu: Error: Unable to determine PMTU (no replies) Final times for host: srtt: 66760 rttvar: 28451 to: 180564 The packets that path-mtu are sending look like 16:30:14.594363 IP (tos 0x0, ttl 128, id 0, offset 0, flags [DF], proto TCP (6), length 1500) 192.168.0.21.51543 > 64.13.134.52.22: Flags [S], seq 1714636915:1714638371, win 3072, options [mss 1460], length 1456Thanks for testing. I get replies and the script behaves correctly when I use scanme. Did you happen to test against any other host, on a LAN or out on the internet? What about using UDP?Similar packets sent by Nping get a response. # nping --tcp -p 22 64.13.134.52 --df 16:32:38.135869 IP (tos 0x0, ttl 64, id 33435, offset 0, flags [DF], proto TCP (6), length 40) 192.168.0.21.57093 > 64.13.134.52.22: Flags [S], cksum 0x78f4 (correct), seq 2445687109, win 1480, length 0 16:32:38.202608 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 44) 64.13.134.52.22 > 192.168.0.21.57093: Flags [S.], cksum 0x4e5e (correct), seq 33882044, ack 2445687110, win 5840, options [mss 1460], length 0 16:32:38.202700 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) 192.168.0.21.57093 > 64.13.134.52.22: Flags [R], cksum 0x7eb9 (correct), seq 2445687110, win 0, length 0Does Nping still work when you add a bunch of data to the mix? Using "nping -c 1 --tcp --df -p 22 --data-length 1460 64.13.134.52": SENT (0.0220s) TCP 192.168.10.6:5116 > 64.13.134.52:22 S ttl=64 id=45459 iplen=1500 seq=3298795002 win=1480 RCVD (0.0250s) ICMP w.x.y.z > 192.168.10.6 Fragmentation required (type=3/code=4) ttl=29 id=3655 iplen=56
You're right. Nping with a non-zero amount of data doesn't work for me either. I think it's my home router blocking the packets. I verified that they aren't making it to the destination. # ./nping --echo-client public --tcp -p 80 --df -c 2 echo.nmap.org Starting Nping 0.5.35DC18 ( http://nmap.org/nping ) at 2010-08-23 10:31 MDT SENT (1.1220s) TCP 192.168.0.21:21151 > 178.79.132.93:80 S ttl=64 id=48781 iplen=40 seq=2942041858 win=1480 CAPT (1.2070s) TCP 206.81.65.18:21151 > 178.79.132.93:80 S ttl=49 id=48781 iplen=40 seq=2942041858 win=1480 RCVD (1.2760s) TCP 178.79.132.93:80 > 192.168.0.21:21151 RA ttl=48 id=0 iplen=40 seq=0 win=0 SENT (2.1240s) TCP 192.168.0.21:21151 > 178.79.132.93:80 S ttl=64 id=48781 iplen=40 seq=2942041858 win=1480 CAPT (2.2015s) TCP 206.81.65.18:21151 > 178.79.132.93:80 S ttl=49 id=48781 iplen=40 seq=2942041858 win=1480 RCVD (2.2780s) TCP 178.79.132.93:80 > 192.168.0.21:21151 RA ttl=48 id=0 iplen=40 seq=0 win=0 # ./nping --echo-client public --tcp -p 80 --df -c 2 echo.nmap.org --data-length 10 Starting Nping 0.5.35DC18 ( http://nmap.org/nping ) at 2010-08-23 10:31 MDT SENT (1.0880s) TCP 192.168.0.21:15766 > 178.79.132.93:80 S ttl=64 id=42908 iplen=50 seq=618787634 win=1480 SENT (2.0900s) TCP 192.168.0.21:15766 > 178.79.132.93:80 S ttl=64 id=42908 iplen=50 seq=618787634 win=1480 I don't get replies when running directly against my router either, but it works against another computer on the LAN. It also works if I scan from a Linode instead of from home. It also works when running against the router with UDP. I think the stateful firewall is filtering out SYN containing data. So it looks like the error is due to my environment. Please go ahead and commit the changes. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 02)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. David Fifield (Aug 04)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 04)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 21)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. David Fifield (Aug 23)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 23)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 04)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. David Fifield (Aug 04)