Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] Report ICMP TTL Exceeded messages
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 6 May 2008 21:26:25 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 4 Jan 2008 23:13:07 -0800
Fyodor <fyodor () insecure org> wrote:

On Sat, Jan 05, 2008 at 02:22:36AM +0000, Brandon Enright wrote:

The output looks something like:

ICMP TTL Exceeded message when sending to X.Y.147.215, possible
network loop, try increasing TTL with --ttl

Have you (or other people) actually seen many cases where increasing
the TTL with --ttl resolves the problem?  If so, we could increase the
default Nmap TTL.  But I figured it was high enough that TTL exceeded
notices are probably due to loops which would simply loop more with a
higher TTL.

Cheers,
-F


I have re-worked this patch (attached) to reduce the verbiage printed
to just:

Got ICMP TTL Exceeded when sending to 1.2.3.4, possible network loop!

The error() message is limited to one printing per host so that the
screen isn't flooded with useless information.

The patch applies cleanly against SVN.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkggzQ4ACgkQqaGPzAsl94LIRQCdFtLAbIOtv23DodglPqSwZ5+8
PaMAn3S+ejC7IXfY8xH7gjjeprJ4UYVq
=wa+x
-----END PGP SIGNATURE-----

Attachment: ttlpatch.diff
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
  • Re: [PATCH] Report ICMP TTL Exceeded messages Brandon Enright (May 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]