Nmap Development mailing list archives
Re: Nmap 3.80 preview
From: Martin Mačok <martin.macok () underground cz>
Date: Mon, 7 Feb 2005 10:26:09 +0100
On Mon, Feb 07, 2005 at 09:08:46AM +0100, Andreas Ericsson wrote:
I have a slight preference for having one -f do the smallest fragment size (8) with the mtu getting bigger for each additional -f (so 16 for -ff). So this is what I'll do for Nmap 3.81 unless there is a good reason for doing the opposite?I would say the other way around is more intuitive. It feels logical that -f means "fragment" and -ff (or -f -f) means "fragment more/more fragments". Perhaps there are other issues, but as always on monday mornings I speak before I can think things through.
I would agree with this. I slightly prefer -f for mtu=16 for this reasons: 1) mtu=8 (tiny fragments) are more often dropped than mtu=16 (even recommended in RFC) 2) mtu=8 are more problematic to send (for example, you have to completely disable firewall on FreeBSD, which is not needed for mtu=16) 3) keep it compatible with older versions where single -f were mtu=16 4) as told above, it seems to be more intuitive: -f fragment, -ff fragment more. Martin Mačok ICT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Nmap 3.80 preview Fyodor (Feb 05)
- Re: Nmap 3.80 preview Martin Mačok (Feb 06)
- Re: Nmap 3.80 preview Fyodor (Feb 06)
- Re: Nmap 3.80 preview Andreas Ericsson (Feb 07)
- Re: Nmap 3.80 preview Martin Mačok (Feb 07)
- Re: Nmap 3.80 preview Fyodor (Feb 07)
- Re: Nmap 3.80 preview Martin Mačok (Feb 07)
- Re: Nmap 3.80 preview Fyodor (Feb 06)
- Re: Nmap 3.80 preview Martin Mačok (Feb 06)
- <Possible follow-ups>
- Re: Nmap 3.80 preview Fyodor (Feb 10)