mailing list archives
Re: [PATCH] --ttl and connect() scans (and traceroute?)
From: Fyodor <fyodor () insecure org>
Date: Sat, 13 Oct 2007 23:35:40 -0700
On Sat, Oct 13, 2007 at 04:35:12PM -0500, Kris Katterjohn wrote:
I have attached a patch to enable --ttl to work with connect() scans (-sT).
As long as the system supports the setsockopt IP_TTL option, it sets it.
From googling, it looks like most systems support this (Linux, BSD, OS X,
I've tested it on Linux and verified it with Wireshark.
Looks good to me! Please check it in.
Hey Eddie, do you think you can use IP_TTL for --traceroute as well?
He would need a way to receive the TTL exceeded messages too. I was
about to say "if that was possible, the traceroute program wouldn't
need to be setuid". But then I noticed that my /bin/traceroute ISN'T
setuid and still seems to work as an unprivileged user. Hmm. An
strace of traceroute shows stuff like:
setsockopt(6, SOL_IP, IP_RECVTTL, , 4) = 0
setsockopt(6, SOL_IP, IP_TTL, , 4) = 0
setsockopt(6, SOL_IP, IP_RECVERR, , 4) = 0
So maybe it is possible. Whether it is worth adding that support to
Nmap depends on how portable it is and how much code is needed.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org