Nmap Development mailing list archives
Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk
From: Ron <ron () skullsecurity net>
Date: Mon, 18 Oct 2010 20:05:16 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 18 Oct 2010 19:58:35 -0500 Kris Katterjohn <katterjohn () gmail com> wrote:
This will happen when Nmap cannot determine the MTU for the outgoing interface. path-mtu assumes errors from ip_send() are due to this (not that it matters much) and drops to another MTU level and continues. Does "nmap --iflist" show the correct MTU for the interface on the source machine? This is my first thought since I know this behavior can occur this way, so let me know and I'll think more on it if you see Nmap knows the correct MTU but path-mtu is still causing this error. Also, does the problem occur on a small scan? If this is the problem, it should cause an error for any path-mtu run over that interface (not just on large scans).
Hey Kris, I didn't really collect much information, I was hoping there'd be an obvious cause. What I *can* tell you is that it didn't fail for every host, just for one or a couple. I also exaggerated a little when I said a big scan -- it was only about 10 hosts (but with all ports, etc, so it was more of a slow scan than a big one). Here's the output of --iflist: $ sudo ./nmap --iflist Starting Nmap 5.35DC18 ( http://nmap.org ) at 2010-10-18 20:00 CDT ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC lo (lo) 127.0.0.1/8 loopback up 16436 eth1 (eth1) 192.168.1.18/24 ethernet up 1500 00:0C:29:55:50:31 **************************ROUTES************************** DST/MASK DEV GATEWAY 192.168.1.0/24 eth1 127.0.0.0/8 lo 0.0.0.0/0 eth1 192.168.1.1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAky87tAACgkQ2t2zxlt4g/SfQQCglWJpI0dlTIH0eTWkocd+Xdhl MWoAoLsPg7mXRVdXETzBdS2nj16orsZq =7PCO -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Ron (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Kris Katterjohn (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Ron (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Kris Katterjohn (Nov 02)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Kris Katterjohn (Nov 10)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Ron (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Kris Katterjohn (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk David Fifield (Nov 02)