Evasion via Fragmentation, MTU and Data Length
Fragmenting packets to 8 bytes or 16 bytes of data
We can limit the size of our TCP packets by using the -f
or -ff
nmap flag. The -f
flag will limit the size of the data to be sent to 8 bytes instead of 24 bytes. The size of each packet will thus be 20 bytes (TCP header) + 8 bytes (data). The -ff
flag will limit the seize of the packets to 16 bytes. The maximum size of a packet is thus 20 bytes (TCP header) + 16 bytes (data).
Fragment Your Packets According to a Set MTU
We can use the --mtu
option to specified the maximum size that our data packets can take. For example, using --mtu
24 will limit the data size of the TCP packets to 24 bytes. Adding to this the 20 bytes size for the IP header, this will give a packet of maximum 44 bytes.
The mtu value specified should always be a multiple of 8
Generate Packets with Specific Length
We can generate packets with data of a specific size by using the nmap flag --data-length <VALUE>.
All packets will have a data size of the specified value + adding the 20 bytes of the TCP header. This can be useful if we notice that packets of a specific size trigger the firewall or IDS. The value specified has to be a multiple of 8.
Last updated