Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75

From: Martin Mačok <martin.macok () underground cz>
Date: Tue, 11 Jan 2005 14:01:54 +0100
On Thu, Dec 30, 2004 at 06:28:14PM +0100, Martin Mačok wrote:


This updated patch contains universal packet fragmentator which could
be utilized to make even tinier (but still legal) fragments. Now, when
nmap is invoked with two or more "-f" (or "-ff"), it cuts the TCP
header after 8th byte (so it takes 3 fragments to deliver single TCP
probe). The old behaviour (single "-f", cutting the data after 16th
byte) has not changed.


I have again updated the patch since. Now the data payload MTU can be
specified using "--mtu N" too. It also tries to fragment all packets
(ie. including pinging and OS fingerprinting besides just the scanning).
The --packet_trace implementation was enhanced so now it tries to get
more info from fragments than the previous one.

For more, see
http://Xtrmntr.org/ORBman/tmp/nmap/nmap-3.78-fragment.patch

Martin Mačok
ICT Security Consultant

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org
Previous By Date Next
Previous By Thread Next

Current thread: