|
Nmap Development
mailing list archives
Re: 24-Hour Beta: Nmap 4.69BETA1
From: "Alan Jones" <asjones987 () gmail com>
Date: Sun, 7 Sep 2008 20:30:40 -0500
The nmap scan i originally did was
nmap -v -A -reason -traceroute -sC <host>
Note: i am running Windows with WinPcap (one a little newer then what comes
with Nmap)
on 4.68
64.13.134.52: guessing hop distance at 9
TRACEROUTE (using port 22/tcp)
HOP RTT ADDRESS
1 1.00 home (192.168.x.xx)
2 14.00 adsl-70-xx-x-x.dsl.ltrkar.sbcglobal.net (70.232.xx.xxx)
3 14.00 dist2-vlan52.ltrkar.sbcglobal.net (76.253.179.34)
4 12.00 bb1-g1-0-2.ltrkar.sbcglobal.net (76.253.179.17)
5 29.00 151.164.189.80
6 29.00 asn6461-abovenet.eqchil.sbcglobal.net (151.164.251.46)
7 37.00 so-0-1-0.mpr1.ord2.us.above.net (64.125.30.146)
8 86.00 so-2-0-0.mpr1.sjc2.us.above.net (64.125.26.137)
9 79.00 so-4-0-0.mpr3.pao1.us.above.net (64.125.28.221)
10 83.00 metro0.sv.svcolo.com (208.185.168.173)
11 82.00 scanme.nmap.org (64.13.134.52)
on 4.69beta 1 with the same scan i get guess of 1 hop
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 1.00 home (192.168.x.xxx)
2 1.00 scanme.nmap.org (64.13.134.52)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Running
nmap -sP -PE --traceroute scanme.nmap.org
on both nmap 4.68 and 4.69beta1 both give the same proper output.
Running
nmap -sP -PA --traceroute scanme.nmap.org
on both nmap 4.68 and 4.69beta1 both give a 2 hop output
so something could be odd in 4.68 with this command.... (I have not used -PA
before).
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
nmap -sP -PA -packet-trace -traceroute scanme.nmap.org
Starting Nmap 4.69BETA1 ( http://nmap.org ) at 2008-09-07 20:22 Central
Daylight
Time
SENT (0.2640s) TCP 192.168.1.67:35207 > 64.13.134.52:80 A ttl=39 id=55457
iplen=
40 seq=2377664578 win=4096 ack=3390443990
RCVD (0.2650s) TCP 64.13.134.52:80 > 192.168.1.67:35207 R ttl=255 id=1192
iplen=
63 seq=3390443990 win=0
NSOCK (0.2760s) msevent_new (IOD #1) (EID #8)
NSOCK (0.2760s) UDP connection requested to 192.168.1.254:53 (IOD #1) EID 8
NSOCK (0.2760s) msevent_new (IOD #1) (EID #18)
NSOCK (0.2760s) Read request from IOD #1 [192.168.1.254:53] (timeout: -1ms)
EID
18
NSOCK (0.2760s) msevent_new (IOD #1) (EID #27)
NSOCK (0.2760s) Write request for 43 bytes to IOD #1 EID 27 [
192.168.1.254:53]:
@i...........52.134.13.64.in-addr.arpa.....
NSOCK (0.2810s) nsock_loop() started (timeout=500ms). 3 events pending
NSOCK (0.2810s) wait_for_events
NSOCK (0.2820s) Callback: CONNECT SUCCESS for EID 8 [192.168.1.254:53]
NSOCK (0.2820s) msevent_delete (IOD #1) (EID #8)
NSOCK (0.2820s) Callback: WRITE SUCCESS for EID 27 [192.168.1.254:53]
NSOCK (0.2820s) msevent_delete (IOD #1) (EID #27)
NSOCK (0.2840s) wait_for_events
NSOCK (0.3210s) Callback: READ SUCCESS for EID 18 [192.168.1.254:53] (72
bytes):
@i...........52.134.13.64.in-addr.arpa..............B...scanme.nmap.org.
NSOCK (0.3210s) msevent_new (IOD #1) (EID #34)
NSOCK (0.3210s) Read request from IOD #1 [192.168.1.254:53] (timeout: -1ms)
EID
34
NSOCK (0.3210s) msevent_delete (IOD #1) (EID #34)
NSOCK (0.3210s) msevent_delete (IOD #1) (EID #18)
SENT (0.3260s) TCP 192.168.1.67:56142 > 64.13.134.52:80 A ttl=255 id=4828
iplen=
40 seq=887041461 win=17725 ack=41
RCVD (0.3260s) TCP 192.168.1.67:56142 > 64.13.134.52:80 A ttl=255 id=4828
iplen=
40 seq=887041461 win=17725 ack=41
RCVD (0.3270s) TCP 64.13.134.52:80 > 192.168.1.67:56142 R ttl=255 id=1194
iplen=
63 seq=41 win=0
SENT (0.3280s) TCP 192.168.1.67:56143 > 64.13.134.52:80 A ttl=2 id=36382
iplen=4
0 seq=3589731325 win=62301 ack=18467
RCVD (0.3280s) TCP 192.168.1.67:56143 > 64.13.134.52:80 A ttl=2 id=36382
iplen=4
0 seq=3589731325 win=62301 ack=18467
SENT (0.3290s) TCP 192.168.1.67:56144 > 64.13.134.52:80 A ttl=3 id=57660
iplen=4
0 seq=724144501 win=4246 ack=6334
RCVD (0.3300s) TCP 192.168.1.67:56144 > 64.13.134.52:80 A ttl=3 id=57660
iplen=4
0 seq=724144501 win=4246 ack=6334
RCVD (0.3300s) TCP 64.13.134.52:80 > 192.168.1.67:56143 R ttl=255 id=1195
iplen=
63 seq=18467 win=0
SENT (0.3310s) TCP 192.168.1.67:56145 > 64.13.134.52:80 A ttl=1 id=21008
iplen=4
0 seq=856602797 win=40522 ack=26500
RCVD (0.3320s) TCP 64.13.134.52:80 > 192.168.1.67:56144 R ttl=255 id=1196
iplen=
63 seq=6334 win=0
RCVD (0.3320s) TCP 192.168.1.67:56145 > 64.13.134.52:80 A ttl=1 id=21008
iplen=4
0 seq=856602797 win=40522 ack=26500
RCVD (0.3330s) ICMP 192.168.1.254 > 192.168.1.67 TTL=0 during transit
(type=11/c
ode=0) ttl=255 id=1197 iplen=68
NSOCK (0.3330s) msevent_new (IOD #1) (EID #8)
NSOCK (0.3330s) UDP connection requested to 192.168.1.254:53 (IOD #1) EID 8
NSOCK (0.3330s) msevent_new (IOD #1) (EID #18)
NSOCK (0.3330s) Read request from IOD #1 [192.168.1.254:53] (timeout: -1ms)
EID
18
NSOCK (0.3330s) msevent_new (IOD #1) (EID #27)
NSOCK (0.3330s) Write request for 44 bytes to IOD #1 EID 27 [
192.168.1.254:53]:
.~...........254.1.168.192.in-addr.arpa.....
NSOCK (0.3370s) nsock_loop() started (timeout=500ms). 3 events pending
NSOCK (0.3370s) wait_for_events
NSOCK (0.3380s) Callback: CONNECT SUCCESS for EID 8 [192.168.1.254:53]
NSOCK (0.3380s) msevent_delete (IOD #1) (EID #8)
NSOCK (0.3380s) Callback: WRITE SUCCESS for EID 27 [192.168.1.254:53]
NSOCK (0.3380s) msevent_delete (IOD #1) (EID #27)
NSOCK (0.3400s) wait_for_events
NSOCK (0.3420s) Callback: READ SUCCESS for EID 18 [192.168.1.254:53] (172
bytes)
NSOCK (0.3420s) msevent_new (IOD #1) (EID #34)
NSOCK (0.3420s) Read request from IOD #1 [192.168.1.254:53] (timeout: -1ms)
EID
34
NSOCK (0.3420s) msevent_delete (IOD #1) (EID #34)
NSOCK (0.3420s) msevent_delete (IOD #1) (EID #18)
Host scanme.nmap.org (64.13.134.52) appears to be up.
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 2.00 home (192.168.1.254)
2 3.00 scanme.nmap.org (64.13.134.52)
Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds
On Sun, Sep 7, 2008 at 4:41 PM, David Fifield <david () bamsoftware com> wrote:
On Sun, Sep 07, 2008 at 03:05:29PM -0500, Alan Jones wrote:
Here is a nmap scan to scanme.inscure.org
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 2.00 home (192.168.1.254)
2 2.00 scanme.nmap.org (64.13.134.52)
Hm. Does the same thing happen with Nmap 4.68? Try running the commands
nmap -sP -PE --traceroute scanme.nmap.org
nmap -sP -PA --traceroute scanme.nmap.org
It would help if you would send me the --packet-trace output of your
two-hop scan too.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
Re: 24-Hour Beta: Nmap 4.69BETA1 David Fifield (Sep 07)
| 
Intro
