Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Fragmentation scan

Re: Fragmentation scan

From: Andy Lutomirski <luto_at_myrealbox.com>
Date: Wed, 06 Oct 2004 17:32:51 -0700

Fyodor wrote:

>Recent (maybe 2.4+ -- anyone know exactly when it started?) Linux
>kernels seem to defragment the packets Nmap sends before sticking them
>on the wire :(. Sadly, raw sockets just don't seem to give Nmap the
>level of control it needs on many platforms (Solaris has issues with
>adding the don't fragment bit, and Windows SP2 cripples the whole
>interfaces). For this reason, and due to a desire for cool local
>network host enumeration techniques such as ARP scan, I think I want
>to move Nmap to writing raw ethernet frames in preference to raw
>sockets when dealing with ethernet-compatible devices (includes 802.11
>wireless devices). That should resolve many of these problems,
>hopefully without adding a bunch of its own. I haven't researched the
>best way to move forward yet -- maybe libdnet, maybe write my own
>library. It needs to work well on Windows, since that is the platform
>with the most pathetic raw sockets implementation.
>
>
How 'bout just borrowing code from pcapsend.c -- we're already doing
this anyway, and the logic shouldn't be different between Windows and
other OS's. The nasty part will be ARP. If you're willing to wrap all
recieve calls in something that can pick ARPs off the wire and to assure
that we nmap doesn't block except when recieving then this can be solved
nicely in one thread and our Windows problems get solved for free.
Otherwise I'll code up an ARP reciever thread, hopefully in a
non-Windows-specific manner, which I was planning to do anyway, and the
whole mess could be transplanted into the core code.

FWIW, it could be handy to support MAC spoofing of scans. I would have
had a good white-hat use for that a couple days ago. An interesting
black-hat use comes to mind as well, but I'll leave that to everyone's
imagination.

So long as I'm asking, is STL allowed in the core yet? I was planning
on using it in the Windows code (where STL is "always" present), but
I'll avoid it in pcapsend if that might cause problems later.

--Andy

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Oct 07 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos