[Tool] Firewalk + installation fix

With the release of the new Backtrack, I completely reinstalled my VM image of the distro. Of course, I then have to reinstall some of my favorite tools that I added myself. These typically include: Nexpose, nng, inundator, firewalk, etc.


Firewalk is a tool that allows you to test Firewall configurations. This works differently than a typical scan in a few ways. Generally, people test ACLs/Firewalls with an nmap ACK scan. However, there are a few issues with that:

  1. Nmap -sA only tests based on open ports of an end machine. This inadvertently reveals information about the firewall, but it does not test the firewall itself and can therefore miss vital information.
  2. An ACK scan just verifies that ACK packets can get through. It works with nmap because it is not caught as a connection initiation. However, this doesn’t do much for us when we are testing to see what can connect through a firewall. Although it is good to know, we would rather know what can actually establish a connection through the firewall

Enter Firewalk. This dated (yet important) tool is used to enumerate firewall configurations. It works by using TTL values to step its way through the firewall. It does not require a machine behind the firewall to have the specific port, instead it just attempts to send packets to each port with a TTL = hops_to_firewall+1. If the firewall allows the port, then a ICMP time exceeded message will come back; If it is blocked, I believe it is either dropped with no response, given an ICMP type 13 code 3, or perhaps a RST. The result will depend on firewall implementations.

all that is required is the IP of the firewall, and the IP for a host behind the firewall.

get Firewalk here!

Installation Walkthrough

Note: Installation is pretty simple, but here are the steps and a small coding error walkthrough (make sure you have the proper dependencies also):

  1. download firewalk
  2. tar zxvf firewalk.tar.gz
  3. cd Firewalk/src
  4. vi firewalk.c
  5. go to line 193
  6. insert:   break;
  7. close editor, and cd ../
  8. ./configure && make && make install

thats it! For clarity, this is what the portion of the firewalk.c code should look like:


/* empty */




2 Responses to “[Tool] Firewalk + installation fix”

  1. Aichpuch Says:


    Why do you need to add the break?


  2. Well, by looking at the code, it seems to indicate that its checking the results from a series of probes.

    First, it checks if the user interrupted the probe.

    return (FW_USER_INTERRUPT);
    case -1:

    If not, then it checks if any serious errors occurred.

    /* err msg set in fw_packet_capture() */
    return (FW_SERIOUS_ERROR);

    If neither of those cases, it doesnt need to throw any errors, so it should just fall through.

    /* empty */


    However, since there is no break statement in the ‘default:’ portion of the switch, the compiler throws some issues.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: