Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Does nmap mtu scan really send crafted mtu size?

Since nmap is a well-known security tools, I guess this is the right section.

I've been reading about nmap techniques here as part of my network security syllabus ...

I've performed 2 scans ... one to port 1337 which is closed while the other port 4444 is open.

When I try nmap mtu scan and capture the packet with Wireshark, I don't see the mtu size (32) that I set in nmap.

[email protected]:~$ sudo nmap --mtu 32 192.168.10.12 -p 1337

Nmap scan report for 192.168.10.12
Host is up (0.0023s latency).
PORT     STATE  SERVICE
1337/tcp closed waste
MAC Address: AA:AA:AA:AA:AA:12 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds
[email protected]:~$

The only value that I see is Total Length: 44

Any idea why I did not see mtu size 32 in Wireshark?

Is this the right place to check mtu size in Wireshark (IPv4 > Total Length)?

image description

Does nmap mtu scan really send crafted mtu size?

Since nmap is a well-known security tools, I guess this is the right section.

I've been reading about nmap techniques here as part of my network security syllabus ...

I've performed 2 scans ... one to port 1337 which is closed while the other port 4444 is open.

When I try nmap mtu scan and capture the packet with Wireshark, I don't see the mtu size (32) that I set in nmap.

[email protected]:~$ sudo nmap --mtu 32 192.168.10.12 -p 1337

Nmap scan report for 192.168.10.12
Host is up (0.0023s latency).
PORT     STATE  SERVICE
1337/tcp closed waste
MAC Address: AA:AA:AA:AA:AA:12 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds
[email protected]:~$

The only value that I see is Total Length: 44

Any idea why I did not see mtu size 32 in Wireshark?

Is this the right place to check mtu size in Wireshark (IPv4 > Total Length)?

image description

Does nmap mtu scan really send crafted mtu size?

I've been reading about nmap techniques here here as part of my network security syllabus ...

I've performed 2 scans ... one to port 1337 which is closed while the other port 4444 is open.

When I try nmap mtu scan and capture the packet with Wireshark, I don't see the mtu size (32) that I set in nmap.

[email protected]:~$ sudo nmap --mtu 32 192.168.10.12 -p 1337

Nmap scan report for 192.168.10.12
Host is up (0.0023s latency).
PORT     STATE  SERVICE
1337/tcp closed waste
MAC Address: AA:AA:AA:AA:AA:12 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds
[email protected]:~$

The only value that I see is Total Length: 44

  1. Any idea why I did not see mtu size 32 in Wireshark? Wireshark?

  2. Is this the right place to check mtu size in Wireshark (IPv4 > Total Length)?

Length)?

image description