Nmap Development mailing list archives
Re: trouble with ping version 0.1BETA2
From: David Fifield <david () bamsoftware com>
Date: Tue, 22 Dec 2009 16:13:02 -0700
On Tue, Nov 24, 2009 at 09:54:09PM +0300, geca wrote:
Hellow i did install nping version 0.1BETA2 for MAC os. I try make spoof IP address, but option --source-ip dont work: My network setings: ifconfig en1 en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::21e:c2ff:fea6:6a85%en1 prefixlen 64 scopeid 0x4 inet 10.71.0.100 netmask 0xfffff800 broadcast 10.71.7.255 ether 00:1e:c2:a6:6a:85 media: autoselect status: active supported media: autoselect run nping with options: nping --tcp-connect -p 111 --debug -c 1 --source-ip=10.1.1.1 --dest- ip=10.71.0.201 Nping will send packets in unprivileged mode using regular system calls I watch tcpdump log on destination host (10.71.0.201) and i can't see spoofing IP addres. I see reall ip address. It's bug? tcpdump -i eth0 -n port 111 -e tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 21:53:18.755522 00:1e:c2:a6:6a:85 > 00:20:ed:60:44:d6, ethertype IPv4 (0x0800), length 78: IP 10.71.0.100.60955 > 10.71.0.201.sunrpc: S 2429334520:2429334520(0) win 65535 <mss 1460,nop,wscale 3,nop,nop,timestamp 406321374 0,sackOK,eol> 21:53:18.755585 00:20:ed:60:44:d6 > 00:1e:c2:a6:6a:85, ethertype IPv4 (0x0800), length 74: IP 10.71.0.201.sunrpc > 10.71.0.100.60955: S 2655139069:2655139069(0) ack 2429334521 win 5792 <mss 1460,sackOK,timestamp 3934924864 406321374,nop,wscale 2> 21:53:18.756540 00:1e:c2:a6:6a:85 > 00:20:ed:60:44:d6, ethertype IPv4 (0x0800), length 66: IP 10.71.0.100.60955 > 10.71.0.201.sunrpc: . ack 1 win 65535 <nop,nop,timestamp 406321374 3934924864> 21:53:18.759123 00:1e:c2:a6:6a:85 > 00:20:ed:60:44:d6, ethertype IPv4 (0x0800), length 66: IP 10.71.0.100.60955 > 10.71.0.201.sunrpc: F 1:1(0) ack 1 win 65535 <nop,nop,timestamp 406321374 3934924864> 21:53:18.759695 00:20:ed:60:44:d6 > 00:1e:c2:a6:6a:85, ethertype IPv4 (0x0800), length 66: IP 10.71.0.201.sunrpc > 10.71.0.100.60955: F 1:1(0) ack 2 win 1448 <nop,nop,timestamp 3934924868 406321374> 21:53:18.760401 00:1e:c2:a6:6a:85 > 00:20:ed:60:44:d6, ethertype IPv4 (0x0800), length 66: IP 10.71.0.100.60955 > 10.71.0.201.sunrpc: . ack 2 win 65535 <nop,nop,timestamp 406321374 3934924868>
Thanks for your report Evgeniy. It is true that Nping was not setting the source address for unprivileged TCP and UDP scans. I have just committed a change to make it do this. However, the operating system usually won't permit it unless you are using one of your own real addresses. I get this message now: # ./nping --tcp-connect --debug -c 1 192.168.0.190 -S 1.2.3.4 Nping will send packets in unprivileged mode using regular system calls Starting Nping 0.1BETA3 ( http://nmap.org/nping ) at 2009-12-22 16:10 MST ... NSOCK (0.0350s) Bind to 1.2.3.4 failed (IOD #1) EID 16 It's related to this message in Nmap: WARNING: -S will only affect the source address used in a connect() scan if you specify one of your own addresses. Use -sS or another raw scan if you want to completely spoof your source address, but then you need to know what you're doing to obtain meaningful results. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- trouble with ping version 0.1BETA2 geca (Nov 24)
- Re: trouble with ping version 0.1BETA2 David Fifield (Dec 22)