Intermittent response... not sure if its my device or if there is something I can fix

[jfrux]

Sometimes it finds my device, sometimes it doesn't... very intermittent from scan to scan. Is the device doing something that could be causing this?

[eviltik]

By intermittent response, are you saying that evilscan provide intermittent result ? i suppose yes.

In this case, can you please tcpdump while you are scanning, so we can check if the problem is device side or evilscan side.

thank you

[jfrux]

tcpdump on which device?

[eviltik]

on the computer where you launch evilscan

[jfrux]

Alright, I’ll try to find some time this week to knock this out. Thanks! On Oct 8, 2018, 8:17 AM -0400, eviltik notifications@github.com, wrote:

on the computer where you launch evilscan — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[jfrux]

Okay so its been awhile but I wanted to follow up... It's still intermittent for some users on whether it finds the device by port even when the IP of the device is clearly in the list to be scanned.

Any "gotchas" or situations you can think of that could be causing this that I could let my users know about? Firewalls? Router settings? etc.?

What types of things would block this from finding it as OPEN or whatever?

[eviltik]

firewall no, because it's intermittent.

Router settings it can. Check MTU if different than 1500.

Another point is timeout. Does your devices are heavy loaded ?

[jfrux]

I’m sorry, when I say intermittent I mean I get a various spread of users complaining that it’s not finding their devices… so like users who are successful usually remain successful, but a certain number of users cannot ever find their device.

The device is a custom mobile device that always has a particular port exposed and do not generally have timeout issues or heavy load.  How long would it wait for a timeout?

I myself do not have any problems… but my limited testing is just not enough to rule out external forces involved. On Jan 4, 2019, 12:12 PM -0500, eviltik notifications@github.com, wrote:

firewall no, because it's intermittent. Router settings it can. Check MTU if different than 1500. Another point is timeout. Does your devices are heavy loaded ? — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[eviltik]

It's really hard to say from where the problem is coming from. As previously said, should be great to have a tcpdump server <=> device in a use case where the problem occured ...

[eviltik]

default timeout is 2000 ms ... should be enought ...

[eviltik]

try --timeout 50000 perhaps

[jfrux]

Possible to instruct it which network interface to use to scan from? Getting reports that maybe it's scanning the wrong network interface on some devices with more advanced network setups?

For instance, device looking to be detected is on their Wifi, but they have Wifi AND Ethernet both connected? Or would that even be an issue?

[eviltik]

I don't know but i can do anything with the code regarding your problem right now.

Do not hesitate to reopen if i can fix something