|
Nmap Development
mailing list archives
[PATCH] Report ICMP TTL Exceeded messages
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 5 Jan 2008 02:22:36 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Developers,
Attached is a patch to detect when probes are lost to the abyss because
their TTL was exceeded. I wrote this patch to detect route loops on
our network but I figure it will be useful in general.
The output looks something like:
ICMP TTL Exceeded message when sending to X.Y.147.215, possible network loop, try increasing TTL with --ttl
Right now the patch requires either verbose or debugging output to be
on but it may be desirable to print the message regardless of these.
The message is limited to 1 per host even if the error is received for
every probe against that host. This patch doesn't do anything with the
port state but I can see it doing a 'newstate = PORT_FILTERED;' if
others think that's accurate or useful.
Brandon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHfunsqaGPzAsl94IRAtmRAKDGmmOiAe15bhVxrOjTqiYQPJdE/QCgvFoC
UCzqqxv/gjLVd0m2UXl8yXk=
=OpdU
-----END PGP SIGNATURE-----
Attachment:
icmpttl.diff
Description:
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
- [PATCH] Report ICMP TTL Exceeded messages Brandon Enright (Jan 04)
| 
Intro
