Nmap Development mailing list archives
Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 02 Nov 2010 14:54:33 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/18/2010 08:05 PM, Ron wrote:
On Mon, 18 Oct 2010 19:58:35 -0500 Kris Katterjohn <katterjohn () gmail com> wrote:This will happen when Nmap cannot determine the MTU for the outgoing interface. path-mtu assumes errors from ip_send() are due to this (not that it matters much) and drops to another MTU level and continues.Does "nmap --iflist" show the correct MTU for the interface on the source machine?This is my first thought since I know this behavior can occur this way, so let me know and I'll think more on it if you see Nmap knows the correct MTU but path-mtu is still causing this error.Also, does the problem occur on a small scan? If this is the problem, it should cause an error for any path-mtu run over that interface (not just on large scans).Hey Kris, I didn't really collect much information, I was hoping there'd be an obvious cause. What I *can* tell you is that it didn't fail for every host, just for one or a couple. I also exaggerated a little when I said a big scan -- it was only about 10 hosts (but with all ports, etc, so it was more of a slow scan than a big one). Here's the output of --iflist: $ sudo ./nmap --iflist Starting Nmap 5.35DC18 ( http://nmap.org ) at 2010-10-18 20:00 CDT ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC lo (lo) 127.0.0.1/8 loopback up 16436 eth1 (eth1) 192.168.1.18/24 ethernet up 1500 00:0C:29:55:50:31 **************************ROUTES************************** DST/MASK DEV GATEWAY 192.168.1.0/24 eth1 127.0.0.0/8 lo 0.0.0.0/0 eth1 192.168.1.1
Thanks. Sorry, I've been busy and I forgot about this. If possible, can you find the smallest scan (hosts and ports) which still causes this problem and send me the output with debugging and script/packet tracing turned on (off-list with altered addresses if you want)? I can search through the output if you can't narrow it down much, but it would just be helpful if you can find a single host and port which can still cause this, if the problem can even occur that way. I'll try to examine this as soon as I can after I receive it and get back to you (and the list) with something. Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJM0Gx5AAoJEEQxgFs5kUfuNAYP/R/V0Fv1oLfUJx+cjqNhsfhD 9bAlC9bt677oqL+U6d3OAi8JxbsQ4q1lppw9kTpKiZ+SB/vrsKTk3lqZbKecHRoA Z8QkV7xbONtTU9uFQoE48is5cOXYLTOfwXF6vPyAOKxoGRMtXE1DW4GHt2Q6KZOv pXXP07Gl6WnGAI7rjSAlTE3MnBrsYMZm5ggxJxEZ86qgDxurGVwCtqUn5nOm3nqu +t0oBrUMeVxI1ZUMIgAhq/I9c4vvDtDYEC0aJ1lCZLB0fS+Du2YiAQf+oPsIqcNV bLYSDd7TobVPrNM4Yp0r/JLoLcDQscmw1+1ahO6m43vJ0x3ZgGwdcCcG4YAI+Oj8 raAhPOsZSKAaJHAPFBk5F1vHLAq6BqU2J/yki69kV++xgwxzlgi5zA+LqDdphWJr MpaIGArC9gwwNgVX8vTjQynUearBmoWJaOTSOYT2KoxlZBPPMAWi6bJhyZ4F87wL CxLaNkwU+dvdTQdBNC2qCWOFEI1cBykHnRvulMOUyQm9KRsUUYPE95cKhbvm51qP L54nu6HsEwmA6cqi07vxdbXcIp0DziECmnvU3feyfgixQLAlIu8JgSMhvwLsO0rq QfPeJI8RteG4B9gIHJfo7EkNbIFJRyf3AumsjvRT8ep1wOh4ZbBPgt6DzZSx83zZ S4He8I1b63MSyADbb/gJ =lgnl -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Ron (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Kris Katterjohn (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Ron (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Kris Katterjohn (Nov 02)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Kris Katterjohn (Nov 10)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Ron (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk Kris Katterjohn (Oct 18)
- Re: [NSE] errors: path-mtu, dns-cache-snoop, and firewalk David Fifield (Nov 02)