Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Bug in Nping 0.6.47? (Linux Mint 17.1, kernel version: 3.13.0-37)

From: Nenad Ivkovic <nivkovic () gmail com>
Date: Sun, 22 Mar 2015 00:30:15 +0000
Hi!
I think I found odd behaviour that could be bug in nping.

Output of this command is as expected, remote port 2222 is closed and
remote host sends back tcp packets with RA flags set

sudo nping --tcp -g 44163 -p 2222 -c 1 echo.nmap.org
*>Starting Nping 0.6.47...*
*>SENT (0.2391s) TCP X.X.X.X:44163 > 74.207.244.221:2222
<http://74.207.244.221:2222> S ttl=64 id=17067 iplen=40  seq=1570285564
win=1480 *
*>RCVD (0.4494s) TCP 74.207.244.221:2222 <http://74.207.244.221:2222> >
X.X.X.X:44163 RA ttl=55 id=0 iplen=40  seq=0 win=0*
 ...

However, with nping in echo mode, same command returns different answer
from remote echo server. Instead of expected RA flags, echo server sends
back tcp packet with PA flags set (from port 9929!)

sudo nping -ec "public" --tcp -g 44163 -p 2222 -c 1 echo.nmap.org
*>Starting Nping 0.6.47...*
*>SENT (1.2238s) TCP X.X.X.X:44163 > 74.207.244.221:2222
<http://74.207.244.221:2222> S ttl=64 id=18290 iplen=40  seq=3406718482
win=1480 *
*>CAPT (1.3439s) TCP X.X.X.X:44163 > 74.207.244.221:2222
<http://74.207.244.221:2222> S ttl=54 id=18290 iplen=40  seq=3406718482
win=1480 *
*>RCVD (1.4639s) TCP 74.207.244.221 <http://74.207.244.221>:9929 >
X.X.X.X:44163 PA ttl=55 id=8008 iplen=164  seq=298421412 win=260
<nop,nop,timestamp 1645516914 11190368>*
...

However, both of these commands behave as expected without -g option.

sudo nping --tcp -p 2222 -c 1 echo.nmap.org
Starting Nping 0.6.47...
*>SENT (0.1436s) TCP X.X.X.X:16345 > 74.207.244.221:2222
<http://74.207.244.221:2222> S ttl=64 id=41314 iplen=40  seq=4082029530
win=1480 *
*>RCVD (0.3539s) TCP 74.207.244.221:2222 <http://74.207.244.221:2222> >
X.X.X.X:16345 RA ttl=55 id=0 iplen=40  seq=0 win=0*

sudo nping -ec "public" --tcp -p 2222 -c 1 echo.nmap.org
Starting Nping 0.6.47...
*>SENT (1.3125s) TCP X.X.X.X:21521 > 74.207.244.221:2222
<http://74.207.244.221:2222> S ttl=64 id=18614 iplen=40  seq=3696733169
win=1480 *
*>CAPT (1.4346s) TCP X.X.X.X:21521 > 74.207.244.221:2222
<http://74.207.244.221:2222> S ttl=54 id=18614 iplen=40  seq=3696733169
win=1480 *
*>RCVD (1.5233s) TCP 74.207.244.221:2222 <http://74.207.244.221:2222> >
X.X.X.X:21521 RA ttl=55 id=0 iplen=40  seq=0 win=0*

Obviously, there seems to be some problem with -g option.
Is this a bug in nping or some feature I don't quite understand?

Greetings,
Nenad

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: