So, the next time that you happen to be in a mentor training session and someone named John Three, that knows way more than you, asks you about TCP fragmentation, don't be like me and say that it does not exist. It does. Not in the IP header where you have the MF/DF flags along with the fragment offset, but in over lapping TCP data segments which may get sent in the wrong order.

Mark Baggett discusses the issue in his blog.

The two things that I would add to his research are that when using fragroute, you have to do an initial ping to the host to get the path into the ARP table. As Mark indecates, his done using BackTrack 3. To get the same results in BackTrack 4, you first have to disable reverse-path filtering by doing a:

"echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter"

This was discoverd by searching and finding a post to the Ubuntu Forums.

In a follow up with Mark, he brought to my attention another potential issue with reverse-path filtering.

I passed my GIAC Certified Intrusion Analyst (GCIA) today. I feel like a load has been lifted off my shoulders. I hate exams.