Notifications
Clear all
Topic starter 16/08/2025 8:12 pm
Let’s break down what fragmented packet scanning means in the context of Nmap, a powerful network scanning tool:
🧩 What Is Fragmented Packet Scanning in Nmap?
Fragmented scanning is a stealth technique used by Nmap to evade firewalls and intrusion detection systems (IDS). It works by splitting TCP packets into smaller fragments before sending them to the target. This makes it harder for security devices to detect or block the scan.
🛠️ How It Works
Nmap offers two options for fragmented scanning:
| Option | Description | Example |
|---|---|---|
-f |
Splits packets into tiny 8-byte fragments | nmap -f <target> |
--mtu <value> |
Sets a custom fragment size (MTU) | nmap --mtu 16 <target> |
These fragmented packets are sent separately, and some firewalls or IDS may fail to reassemble them properly before inspection—allowing the scan to slip through undetected.
🎯 Why Use Fragmentation?
- Bypass Firewalls: Some firewalls don’t inspect fragmented packets thoroughly.
- Evade IDS/IPS: Intrusion detection systems may miss fragmented scans.
- Reduce Detection: Fragmented packets don’t always trigger standard scan alerts.
⚠️ Limitations
- Not always effective: Modern security systems often reassemble packets before inspection.
- May cause scan failures: Some hosts block fragmented packets entirely, leading to incomplete scan results.
- OS-dependent behavior: Some operating systems may reassemble fragments before sending, undermining the technique.
