Nmap Development mailing list archives
Re: NPing issue.
From: David Fifield <david () bamsoftware com>
Date: Sun, 25 Oct 2009 22:29:20 -0600
On Fri, Oct 23, 2009 at 07:18:20PM -0400, AFH Security wrote:
I'm fairly new to the list so I just figured I'd let everyone know that "nping" may or may not have an issue.,I notice an issue when I tried to compile NPing I had an issue with "libnbase" and then someone suggested in the #nmap irc channel on Freenode, that I should "make clean" before "make", so that cleared everything and finally compiled. I used "checkinstall" to create a deb package. One it finally installed , I was eager to try out a few options. Oh of which I thought would be pretty neat to see the responses on my "test box", having a packet sniffer running on the box getting ready to receive all the packets, I send a packet created with nping to the testbox. Sadly, no success. Now, I'm not sure if it's my fault on whether or not I used the tool correctly, but I know with Hping all I had to do was specify the source, and destination .... So that's what I did.. firstly I tried it with hping3 sudo hping3 -SA -c 5 -d 187 -j -a spoofer.testnetwork.lan -p 139 -s 4444 victimbox.testnetwork.lan Everything seemed to have work just fine... Then I tried the same using Nping is here is the following results.: sudo nping --tcp -p 139 -g 4444 --flags syn -S spoofedbox.testnetwork.lan victimbox.testnetwork.lan I get: nping: common_modified.cc:973: bool route_dst(const sockaddr_storage*, route_nfo*, bool, char*, sockaddr_storage*): Assertion `device[0] != '\0'' failed. Aborted
Thanks for the report. Nping shouldn't be giving an assertion failure in this case, but a more helpful error message. It looks like when you're using the -S option you also have to use the -e option unless the spoofed address you give is one of your real addresses. Nmap does the same thing with -S. You get a warning like this: # nmap -S 192.168.0.21 target.com WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -PN . If you are using it to specify your real source address, you can ignore this warning. If you use an address that is not one of your assigned addresses, you get # nmap -S 192.168.0.22 google.com Could not figure out what device to send the packet out on with the source address you gave me! If you are trying to sp00f your scan, this is normal, just give the -e eth0 or -e ppp0 or whatever. Otherwise you can still use -e, but I find it kindof fishy. That second message is, I think, what the assertion failure is trying to express. I suppose that Nping could use by default whichever interface is connected to the default gateway, or it could check to see if the spoofed address is within the netmask of a configured interface. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NPing issue. AFH Security (Oct 23)
- Re: NPing issue. David Fifield (Oct 25)
- Re: NPing issue. Luis M. (Oct 27)