[Trinux-talk] problems with firewalk...

[Bob R. <ri...@ei...>]

Hi,

I'm having a problem getting firewalk to work in Trinux.  I've tried both
the rc1 2.2.19 and rc2 2.4.5 kernel, using the 'net' and 'pcmcia' floppy
boot image on three different machines with as many different ethernet
cards (mostly 3com).  

Regarless of which options i issue to firewalk, i get the same type of
response.  It runs down the list of incrementing TTL's and simply puts a
'*' for each response.  The following is a sample scan

Ramping up hopcounts to binding host...
probe:  1  TTL:  1  port 33434:   *
probe:  2  TTL:  2  port 33434:   *
probe:  3  TTL:  3  port 33434:   *
probe:  4  TTL:  4  port 33434:   *
probe:  5  TTL:  5  port 33434:   *
probe:  6  TTL:  6  port 33434:   *
probe:  7  TTL:  7  port 33434:  
0 ports open, 0 ports unknown
7 probes sent, 0 replies received

I've switched source and desination ports, different gateways/targets,
different number of hops btw gateway and target, different protocols/etc
and all i get is the above (with appropriate changes to port and TTL). I
can see the ICMP time exceeded coming back in through tcpdump, so i know
the packets are being written to the network and the ICMP's are
making it back.

I've had the same problem running firewalk on different boxes, different
network cards/etc.  I'm to the point where i think it's just flat broken,
but i wanted to hit at least this list to see if anyone has seen this
behavior before.  Is hping2 the only alternative for this style of network
scanning?

Thanks!!!

Bob