Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fragscan not working?

From: Ron <ron () skullsecurity net>
Date: Wed, 7 Apr 2010 09:55:59 -0500
On Wed, 7 Apr 2010 08:51:04 -0600 David Fifield <david () bamsoftware com>
wrote:

On Wed, Apr 07, 2010 at 09:30:01AM -0500, Ron wrote:

My friend reported fragscan (-f) not working on the latest version
of Nmap. I tried a couple experiments (both against hosts on the
local network and off the local network) and got absolutely no
responses (ie, 'no ports open'). 


It works for me against scanme.nmap.org and against the LAN. Did a
previous version of Nmap work for your friend?

David Fifield


Yes, he said that 4.68 or so worked. I just tried scanme.insecure.org from two different computers and it didn't work. 
they can't scan each other, either, using -f (they're on different subnets on our intranet, but there's no filtering 
between them). I also tried scanning two systems on the same subnet with no luck. 

I can send a packet capture off list, if that would help. This is the output from a test system scanning 
scanme.insecure.org-- looks like nothing's being received


$ sudo ./nmap -f -d scanme.insecure.org
Password:

Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-04-07 09:53 CDT
PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Initiating Ping Scan at 09:53
Scanning scanme.insecure.org (64.13.134.52) [4 ports]
Packet capture filter (device eth0): dst host x.x.x.x and (icmp or ((tcp or udp or sctp) and (src host 64.13.134.52)))
We got a ping packet back from 64.13.134.52: id = 15136 seq = 0 checksum = 50399
Completed Ping Scan at 09:53, 0.13s elapsed (1 total hosts)
Overall sending rates: 30.46 packets / s, 1157.33 bytes / s.
mass_rdns: Using DNS server 4.2.2.6
mass_rdns: Using DNS server 4.2.2.5
Initiating Parallel DNS resolution of 1 host. at 09:53
mass_rdns: 0.07s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 09:53, 0.07s elapsed
DNS resolution of 1 IPs took 0.08s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 09:53
Scanning scanme.insecure.org (64.13.134.52) [1000 ports]
Packet capture filter (device eth0): dst host x.x.x.x and (icmp or ((tcp or udp or sctp) and (src host 64.13.134.52)))
SYN Stealth Scan Timing: About 50.25% done; ETC: 09:54 (0:00:31 remaining)
Completed SYN Stealth Scan at 09:54, 60.56s elapsed (1000 total ports)
Overall sending rates: 33.03 packets / s, 1453.18 bytes / s.
Nmap scan report for scanme.insecure.org (64.13.134.52)
Host is up, received echo-reply (0.059s latency).
rDNS record for 64.13.134.52: scanme.nmap.org
All 1000 scanned ports on scanme.insecure.org (64.13.134.52) are filtered because of 1000 no-responses
Final times for host: srtt: 59259 rttvar: 59259  to: 296295

Read from .: nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 61.05 seconds
           Raw packets sent: 6010 (168.272KB) | Rcvd: 1 (28B)




-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: _bin
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: