OLD QUESTION AND TITLE (Look further down for the updated question):
Why Nmap fragmented scan is only working on Backtrack?
I spent quite a few hours today trying to capture and study some fragmented IPv4 packets using Wireshark and Nmap security scanner.
I tried a couple of different OS' (Ubuntu and Debian) but to my surprise, Wireshark would only capture normal packets.
After launching the same Nmap scan from a Backtrack live CD it worked!
So to my understanding if it works on Backtrack which is tweaked for security purposes, there must be something (a setting maybe) preventing fragmented packets to the other Operating Systems.
After lots of Googling I did not manage to find the reason why this might be happening. Any ideas what this must be and if it is possible to perform an IP fragmented scan from an Ubuntu or a Debian OS?
UPDATED QUESTION:
When I initially asked this question I was thinking that it might be an operating system related problem, but it turns out it might be a hardware related question because I managed to make a fragmented scan using an Ubuntu virtual machine.
So I can run nmap fragmented scans from virtual machines running on my physical machine, but not from my physical machine itself.
Is there any kernel setting (under /proc ?) preventing this, or it is hardware restriction and I cannot do anything about it?
Best Answer
What network-card are you using?
I may be related to promiscuous mode, which does affect a lot of sniffing abilites of modern networking cards.