|
Nmap Development
mailing list archives
Re: [PATCH] Report ICMP TTL Exceeded messages
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 5 Jan 2008 07:27:14 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Comments inline.
On Fri, 4 Jan 2008 23:13:07 -0800 or thereabouts Fyodor
<fyodor () insecure org> wrote:
On Sat, Jan 05, 2008 at 02:22:36AM +0000, Brandon Enright wrote:
The output looks something like:
ICMP TTL Exceeded message when sending to X.Y.147.215, possible
network loop, try increasing TTL with --ttl
Have you (or other people) actually seen many cases where increasing
the TTL with --ttl resolves the problem?
Well, yes and no. The default TTL should be enough for the farthest
ends of the Internet to reach each other. I run Nmap with a lower TTL
(very glad that option is there) to reduce the effect scanning has on
older network hardware in the even of loops (we have a few).
If so, we could increase the
default Nmap TTL. But I figured it was high enough that TTL exceeded
notices are probably due to loops which would simply loop more with a
higher TTL.
Cheers,
-F
You're probably right that we shouldn't increase the default TTL. I
suppose the blurb about increasing the TTL could go away. Anyone
passing a lower value to --ttl already knows about the option and can
figure out how to fix the problem.
I'm biased because I wrote the patch but I'd really like to see it or
some version of it included. I think a lot of people will end up
surprised that they have a few loops in their network. I was.
Brandon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
iD8DBQFHfzFaqaGPzAsl94IRAlXKAJ9pSolEI9JQVMSUaJvuqZxrQHEPYQCeNM5P
nkjWobhECd+fNHCCJEVXcqA=
=f4u/
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
| 
Intro
