# Revision history [back]

### Does nmap mtu scan really send crafted mtu size?

Since nmap is a well-known security tools, I guess this is the right section.

I've been reading about nmap techniques here as part of my network security syllabus ...

I've performed 2 scans ... one to port 1337 which is closed while the other port 4444 is open.

When I try nmap mtu scan and capture the packet with Wireshark, I don't see the mtu size (32) that I set in nmap.

[email protected]:~$sudo nmap --mtu 32 192.168.10.12 -p 1337 Nmap scan report for 192.168.10.12 Host is up (0.0023s latency). PORT STATE SERVICE 1337/tcp closed waste MAC Address: AA:AA:AA:AA:AA:12 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds [email protected]:~$


The only value that I see is Total Length: 44

Any idea why I did not see mtu size 32 in Wireshark?

Is this the right place to check mtu size in Wireshark (IPv4 > Total Length)?


### Does nmap mtu scan really send crafted mtu size?

Since nmap is a well-known security tools, I guess this is the right section.

I've been reading about nmap techniques here as part of my network security syllabus ...

I've performed 2 scans ... one to port 1337 which is closed while the other port 4444 is open.

When I try nmap mtu scan and capture the packet with Wireshark, I don't see the mtu size (32) that I set in nmap.

[email protected]:~$sudo nmap --mtu 32 192.168.10.12 -p 1337 Nmap scan report for 192.168.10.12 Host is up (0.0023s latency). PORT STATE SERVICE 1337/tcp closed waste MAC Address: AA:AA:AA:AA:AA:12 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds [email protected]:~$


The only value that I see is Total Length: 44

Any idea why I did not see mtu size 32 in Wireshark?

Is this the right place to check mtu size in Wireshark (IPv4 > Total Length)?


### Does nmap mtu scan really send crafted mtu size?

I've been reading about nmap techniques here here as part of my network security syllabus ...

I've performed 2 scans ... one to port 1337 which is closed while the other port 4444 is open.

When I try nmap mtu scan and capture the packet with Wireshark, I don't see the mtu size (32) that I set in nmap.

[email protected]:~$sudo nmap --mtu 32 192.168.10.12 -p 1337 Nmap scan report for 192.168.10.12 Host is up (0.0023s latency). PORT STATE SERVICE 1337/tcp closed waste MAC Address: AA:AA:AA:AA:AA:12 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds [email protected]:~$


The only value that I see is Total Length: 44

 Any idea why I did not see mtu size 32 in Wireshark?

Wireshark? Is this the right place to check mtu size in Wireshark (IPv4 > Total Length)?

Length)?