On 14/10/2007, Fyodor <fyodor_at_insecure.org> wrote:
> On Sat, Oct 13, 2007 at 04:35:12PM -0500, Kris Katterjohn wrote:
> > Hey Eddie, do you think you can use IP_TTL for --traceroute as well?
>
> He would need a way to receive the TTL exceeded messages too. I was
> about to say "if that was possible, the traceroute program wouldn't
> need to be setuid". But then I noticed that my /bin/traceroute ISN'T
> setuid and still seems to work as an unprivileged user. Hmm. An
> strace of traceroute shows stuff like:
>
> setsockopt(6, SOL_IP, IP_RECVTTL, [1], 4) = 0
> setsockopt(6, SOL_IP, IP_TTL, [2], 4) = 0
> setsockopt(6, SOL_IP, IP_RECVERR, [1], 4) = 0
>
> So maybe it is possible. Whether it is worth adding that support to
> Nmap depends on how portable it is and how much code is needed.
I'm not sure about the portability of setsockopt but it looks like
IP_RECVTTL/IP_RECVERR don't works on STREAM sockets, only DGRAM. So it
may be possible to do this with udp but probably not any other
protocols.
I don't have proper internet access till Tuesday so will check this
out in a little more detail then (and all the other nmap happenings
that have occurred whilst I've been internet-less)
thanks
- eddie
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 14 2007
Intro
