Nmap Development mailing list archives
Re: Fragscan not working?
From: Michael Pattrick <mpattrick () rhinovirus org>
Date: Wed, 7 Apr 2010 14:57:56 -0400
On Windows the frag scan works, but not all the time. I initially scanned a few times 2 hours ago and the scans failed to find any open ports, I rescanned from a different network environment just a few minutes ago and the scan worked perfectly. I can't recreate the initial conditions, so the cause will remain a mystery. -M On Wed, Apr 7, 2010 at 2:49 PM, Brandon Enright <bmenrigh () ucsd edu> wrote:
On Wed, 7 Apr 2010 09:55:59 -0500 Ron <ron () skullsecurity net> wrote:On Wed, 7 Apr 2010 08:51:04 -0600 David Fifield <david () bamsoftware com> wrote:On Wed, Apr 07, 2010 at 09:30:01AM -0500, Ron wrote:My friend reported fragscan (-f) not working on the latest version of Nmap. I tried a couple experiments (both against hosts on the local network and off the local network) and got absolutely no responses (ie, 'no ports open').It works for me against scanme.nmap.org and against the LAN. Did a previous version of Nmap work for your friend? David FifieldYes, he said that 4.68 or so worked. I just tried scanme.insecure.org from two different computers and it didn't work. they can't scan each other, either, using -f (they're on different subnets on our intranet, but there's no filtering between them). I also tried scanning two systems on the same subnet with no luck. I can send a packet capture off list, if that would help. This is the output from a test system scanning scanme.insecure.org-- looks like nothing's being receivedI seem to have a different problem. My scans work and I get responses back with -f but a quick look with tcpdump shows my packets aren't fragmented. I'm running 2.6.31 mostly vanilla. If I add --send-eth I do see the fragments go by and the scan also works. I suppose -f should probably imply --send-eth, at least on Linux. Brandon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? David Fifield (Apr 07)
- Re: Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? Brandon Enright (Apr 07)
- Re: Fragscan not working? Michael Pattrick (Apr 07)
- Re: Fragscan not working? Kris Katterjohn (Apr 07)
- Re: Fragscan not working? Fyodor (Apr 07)
- Re: Fragscan not working? Michael Pattrick (Apr 07)
- Re: Fragscan not working? Fyodor (Apr 08)
- Re: Fragscan not working? Ron (Apr 07)
- Re: Fragscan not working? David Fifield (Apr 07)
- <Possible follow-ups>
- RE: Fragscan not working? Derek (Apr 09)