LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page spoofing source IP using nmap
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-08-2010, 04:40 AM   #1
m4rtin
Member
 
Registered: Sep 2007
Posts: 261

Rep: Reputation: 16
spoofing source IP using nmap

I tried nmap -S(<IP_Address>: Spoof source address) feature. I set up two computers in two different networks(192.168.1.0/30 and 192.168.2.0/30). Both computers see each other. If I do..

Code:
[root@ /]# nmap -S 192.168.2.2 -e fxp0 -PN -T4 -F 192.168.1.2 2>/dev/null

Starting Nmap 5.00 ( http://nmap.org ) at 2010-11-08 12:25 EET
Warning: Giving up on port early because retransmission cap hit.
Interesting ports on 192.168.1.2:
Not shown: 97 closed ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
111/tcp open  rpcbind

Nmap done: 1 IP address (1 host up) scanned in 51.91 seconds
[root@ /]#
..where 192.168.2.2 is the legitime source IP address of the network interface, I can see packages in 192.168.1.2 computer from 192.168.2.2 using tcpdump. However, if I do nmap -S 8.8.8.8 -e fxp0 -PN -T4 -F 192.168.1.2 2>/dev/null, results are following:

Code:
[root@ /]# nmap -S 8.8.8.8 -e fxp0 -PN -T4 -F 192.168.1.2 2>/dev/null

Starting Nmap 5.00 ( http://nmap.org ) at 2010-11-08 12:33 EET
All 100 scanned ports on 192.168.1.2 are filtered

Nmap done: 1 IP address (1 host up) scanned in 25.81 seconds
[root@ /]#
..which is totally fine as packages can't return to 192.168.1.2, but strange is that I can't see no packages from 8.8.8.8 IP if I check traffic in 192.168.1.2 using tcpdump. Any ideas, what might cause the situation, where packages withc fake scr IP can't reach the destination?
 
Old 11-08-2010, 09:16 AM   #2
iamwilliam
Member
 
Registered: Apr 2006
Location: Nairobi
Distribution: CentOS
Posts: 78

Rep: Reputation: 21
Hi,

Got a couple of suggestions. You might want confirm that tcpdump is listening on the interface you're routing the spoofed packets through.

Code:
tcpdump -n -i fxp0
My second guess would be it's probably an iptables issue. Outgoing packets from non-local ip addresses are dropped. Try flush the output chain.


Code:
iptables -F OUTPUT
 
Old 11-08-2010, 02:53 PM   #3
grzesiek
LQ Newbie
 
Registered: Nov 2010
Location: Poland
Distribution: Debian
Posts: 20

Rep: Reputation: 0
Because your PC not can send packed for not know network (8.8.8.8) - that routes is work.
Also TCP conection not work in faked IP address. SYN -> ACK, SYN?? Where? 8.8.8.8 - where it is?
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Learn how to use nmap, and nmap GUI, a great port scan tool LXer Syndicated Linux News 0 01-03-2008 09:10 AM
LXer: Open Source Parking Spoofing Headers to Benefit Apache LXer Syndicated Linux News 0 04-04-2007 10:46 PM
LXer: Nmap: A valuable open source tool for network security LXer Syndicated Linux News 0 05-15-2006 08:54 AM
Socket error when spoofing source address David Knecht Linux - Networking 0 06-17-2005 05:54 AM
Socket error when spoofing source address David Knecht SUSE / openSUSE 0 06-15-2005 07:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:30 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration