Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] --ttl and connect() scans (and traceroute?)
From: "Eddie Bell" <ejlbell () gmail com>
Date: Sun, 14 Oct 2007 13:41:33 +0100

On 14/10/2007, Fyodor <fyodor () insecure org> wrote:
On Sat, Oct 13, 2007 at 04:35:12PM -0500, Kris Katterjohn wrote:
Hey Eddie, do you think you can use IP_TTL for --traceroute as well?

He would need a way to receive the TTL exceeded messages too.  I was
about to say "if that was possible, the traceroute program wouldn't
need to be setuid".  But then I noticed that my /bin/traceroute ISN'T
setuid and still seems to work as an unprivileged user.  Hmm.  An
strace of traceroute shows stuff like:

setsockopt(6, SOL_IP, IP_RECVTTL, [1], 4) = 0
setsockopt(6, SOL_IP, IP_TTL, [2], 4)   = 0
setsockopt(6, SOL_IP, IP_RECVERR, [1], 4) = 0

So maybe it is possible.  Whether it is worth adding that support to
Nmap depends on how portable it is and how much code is needed.

I'm not sure about the portability of setsockopt but it looks like
IP_RECVTTL/IP_RECVERR don't works on STREAM sockets, only DGRAM. So it
may be possible to do this with udp but probably not any other

I don't have proper internet access till Tuesday so will check this
out in a little more detail then (and all the other nmap happenings
that have occurred whilst I've been internet-less)

- eddie

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]