Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nping DNS request over TCP issue #1881

Open
adenosine-phosphatase opened this issue Jan 6, 2020 · 2 comments
Open

nping DNS request over TCP issue #1881

adenosine-phosphatase opened this issue Jan 6, 2020 · 2 comments
Assignees

Comments

@adenosine-phosphatase
Copy link

@adenosine-phosphatase adenosine-phosphatase commented Jan 6, 2020

Hi team,
I noticed that when I try to simulate the DNS Zone Transfer AXFR request (which required TCP instead of standard DNS query via UDP), nping seems to corrupt the 3 way handshake.
Using alternative Linux commands do the proper request.
As per attached document, the defect seems to be present in both Linux and Windows nping binaries.
I also tried nping with "--tcp-connect" option instead of "--tcp" and the former does complete the 3 way handshake, but does not send the DNS payload.
Not sure if this is a bug or something I am doing wrong.
nping sends DNS requests via UDP with no problem.
nping bug.pdf
Thanks

@nnposter

This comment has been minimized.

Copy link

@nnposter nnposter commented Jan 6, 2020

This behavior is expected. Nping is not meant to carry a connection conversation. It is mostly a single-packet request/response tool to "ping" a target. In your case you were hoping for a full TCP handshake and then a data exchange.

When you use --tcp-connect, nping will delegate the "ping" to the OS by requesting a new connection. As soon as the connection is established the logical ping is completed. There is no opportunity to send any data after that.

When you use --tcp, nping will send a single packet and attach any data specified with --data. In the absence of specifying --flags, the SYN flag is used by default. In your case the target will respond with SYN/ACK, as expected, ignoring any data (because the connection is not yet established.

For your objective you should be using a netcat-like tool instead (ncat, nc, socat, ...).

@nnposter

This comment has been minimized.

Copy link

@nnposter nnposter commented Jan 6, 2020

Also, if you need to perform zone transfer specifically, you might want to take a look at nmap script dns-zone-transfer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.