Nmap Development mailing list archives
Re: [RFC] path-mtu.nse, host.interface_mtu, etc.
From: Kris Katterjohn <katterjohn () gmail com>
Date: Mon, 23 Aug 2010 20:51:51 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/23/2010 11:37 AM, David Fifield wrote:
On Wed, Aug 04, 2010 at 08:05:00PM -0500, Kris Katterjohn wrote:The script isn't working for me with SYN probes. I'm not sure what's wrong but tcpdump doesn't show any replies.Thanks for testing. I get replies and the script behaves correctly when I use scanme. Did you happen to test against any other host, on a LAN or out on the internet? What about using UDP?Similar packets sent by Nping get a response. # nping --tcp -p 22 64.13.134.52 --df 16:32:38.135869 IP (tos 0x0, ttl 64, id 33435, offset 0, flags [DF], proto TCP (6), length 40) 192.168.0.21.57093 > 64.13.134.52.22: Flags [S], cksum 0x78f4 (correct), seq 2445687109, win 1480, length 0 16:32:38.202608 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 44) 64.13.134.52.22 > 192.168.0.21.57093: Flags [S.], cksum 0x4e5e (correct), seq 33882044, ack 2445687110, win 5840, options [mss 1460], length 0 16:32:38.202700 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) 192.168.0.21.57093 > 64.13.134.52.22: Flags [R], cksum 0x7eb9 (correct), seq 2445687110, win 0, length 0Does Nping still work when you add a bunch of data to the mix? Using "nping -c 1 --tcp --df -p 22 --data-length 1460 64.13.134.52": SENT (0.0220s) TCP 192.168.10.6:5116 > 64.13.134.52:22 S ttl=64 id=45459 iplen=1500 seq=3298795002 win=1480 RCVD (0.0250s) ICMP w.x.y.z > 192.168.10.6 Fragmentation required (type=3/code=4) ttl=29 id=3655 iplen=56You're right. Nping with a non-zero amount of data doesn't work for me either. I think it's my home router blocking the packets. I verified that they aren't making it to the destination. # ./nping --echo-client public --tcp -p 80 --df -c 2 echo.nmap.org Starting Nping 0.5.35DC18 ( http://nmap.org/nping ) at 2010-08-23 10:31 MDT SENT (1.1220s) TCP 192.168.0.21:21151 > 178.79.132.93:80 S ttl=64 id=48781 iplen=40 seq=2942041858 win=1480 CAPT (1.2070s) TCP 206.81.65.18:21151 > 178.79.132.93:80 S ttl=49 id=48781 iplen=40 seq=2942041858 win=1480 RCVD (1.2760s) TCP 178.79.132.93:80 > 192.168.0.21:21151 RA ttl=48 id=0 iplen=40 seq=0 win=0 SENT (2.1240s) TCP 192.168.0.21:21151 > 178.79.132.93:80 S ttl=64 id=48781 iplen=40 seq=2942041858 win=1480 CAPT (2.2015s) TCP 206.81.65.18:21151 > 178.79.132.93:80 S ttl=49 id=48781 iplen=40 seq=2942041858 win=1480 RCVD (2.2780s) TCP 178.79.132.93:80 > 192.168.0.21:21151 RA ttl=48 id=0 iplen=40 seq=0 win=0 # ./nping --echo-client public --tcp -p 80 --df -c 2 echo.nmap.org --data-length 10 Starting Nping 0.5.35DC18 ( http://nmap.org/nping ) at 2010-08-23 10:31 MDT SENT (1.0880s) TCP 192.168.0.21:15766 > 178.79.132.93:80 S ttl=64 id=42908 iplen=50 seq=618787634 win=1480 SENT (2.0900s) TCP 192.168.0.21:15766 > 178.79.132.93:80 S ttl=64 id=42908 iplen=50 seq=618787634 win=1480 I don't get replies when running directly against my router either, but it works against another computer on the LAN. It also works if I scan from a Linode instead of from home. It also works when running against the router with UDP. I think the stateful firewall is filtering out SYN containing data. So it looks like the error is due to my environment. Please go ahead and commit the changes.
Great, thanks for going through the tests. I've committed this as r19935.
David Fifield
Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMcyW2AAoJEEQxgFs5kUfupmIP/j2hbLTz/R/2u3zsDnHStBhu AYfxE8APG5dUStox9I9pb8TYbj2FXYsHxcR1oyh+pcbQXbCAWWyXatG4OivjmHgu Nfw/ObXzugfIVT4a01EyloBBj/ME3nqjXDwiMPw7i+zeNlJpPRt8UYONhC4yxV5o kCGH/ATf038+K5Ki5i1TXkV1mls2Ci3z/eV3rsnwnsYKR1uNFN+c9Vvvf6WLc/uP WJgmEYPnREGdMIjke3chuqGx4keY29jfuezX+q2de3b1qhLEYKcTE44iE4A5xIlx 1CwyGSBgD+XL1PKuH7T41W1QMCckCam2DkJ+6dEb/tPdkAy7zVk+NGvNgQy6LmB7 AvOyFoLz9VvrVlBR5DrFmQOX9PEa60zgSz+rmu301Oeh+ETG2PVG991ghwRVo9d8 VWyZcIb0C7yKhNjIesZm8K/DkICbAdN3b4lYfkQQYV734uMR/m0ECblmetJZ0clC 9YEwFY9uhuc9GJXCDjxtNFZ18qs4nwtMMPv7XjSAoWuGlUw+twfMbMN1Cv9FZjRf rGrBpI01UwGb+eZTBTWnN4TGoyA3oYsnbTXN3TtM8PEh3cv3Cul+u7m3G9qdq1d5 jEFJQ33beB/UJzSg4btVaf4djg6yqKf3xntw0xRTUprYqcw1v1mSR0NKj3ySy/YH ns24SzeWv+uM7hMZfpFl =Nmaz -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 02)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. David Fifield (Aug 04)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 04)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 21)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. David Fifield (Aug 23)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 23)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. Kris Katterjohn (Aug 04)
- Re: [RFC] path-mtu.nse, host.interface_mtu, etc. David Fifield (Aug 04)