Re: Fragscan not working?

[Brandon Enright <bmenrigh () ucsd edu>]

On Wed, 7 Apr 2010 09:55:59 -0500
Ron <ron () skullsecurity net> wrote:

> On Wed, 7 Apr 2010 08:51:04 -0600 David Fifield
> <david () bamsoftware com> wrote:
> > On Wed, Apr 07, 2010 at 09:30:01AM -0500, Ron wrote:
> > > My friend reported fragscan (-f) not working on the latest version
> > > of Nmap. I tried a couple experiments (both against hosts on the
> > > local network and off the local network) and got absolutely no
> > > responses (ie, 'no ports open'). 
> >
> > It works for me against scanme.nmap.org and against the LAN. Did a
> > previous version of Nmap work for your friend?
> >
> > David Fifield
>
> Yes, he said that 4.68 or so worked. I just tried scanme.insecure.org
> from two different computers and it didn't work. they can't scan each
> other, either, using -f (they're on different subnets on our
> intranet, but there's no filtering between them). I also tried
> scanning two systems on the same subnet with no luck. 
>
> I can send a packet capture off list, if that would help. This is the
> output from a test system scanning scanme.insecure.org-- looks like
> nothing's being received

I seem to have a different problem.  My scans work and I get responses
back with -f but a quick look with tcpdump shows my packets aren't
fragmented.  I'm running 2.6.31 mostly vanilla.

If I add --send-eth I do see the fragments go by and the scan also
works.

I suppose -f should probably imply --send-eth, at least on Linux.

Brandon

Attachment: signature.asc
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/