Nmap Development mailing list archives
Re: Problem with --traceroute option with 6.00 and 6.25
From: David Fifield <david () bamsoftware com>
Date: Fri, 26 Jul 2013 22:02:08 -0700
On Thu, Jul 04, 2013 at 09:12:09AM +0200, Jorge García - Bardok wrote:
I've just updated the nmap version I use with my students at school in order to have all prepared for next year (sec. school, we teach them what a network topology is using zenmap). Since this new version only two hosts appear in traceroute. This is the output with 6.25 (zenmap quick traceroute, both Windows and Linux, also tried with 6.00 from the Ubuntu repo and a compiled 6.25):
I think the difference may be that 6.25 is using TCP (80/tcp) for the traceroute, and 5.51 is using ICMP (1/icmp).
Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-04 09:04 Hora de verano romance TRACEROUTE (using port 80/tcp) Starting Nmap 5.51 ( http://nmap.org ) at 2013-07-04 09:02 Hora de verano romance TRACEROUTE (using proto 1/icmp)
I suspect that there is some kind of HTTP proxy or firewall that is
making the target appear to be accesible with a TTL of 2.
Try this to prevent any TCP probes from being sent:
nmap -sn -PE --traceroute www.google.com
We changed it so that traceroute can use the information gained from
host discovery as regards what probes get responses. That change might
have been made between 5.51 and 6.25. That would explain why 5.51
defaults to ICMP and 6.25 uses TCP (because the target replied to a TCP
probe during host discovery).
The reply during host discovery appears to be "reset". This would have
been in response to an ACK packet to port 80, which is one of the
default host discovery probes.
<status state="up" reason="reset" reason_ttl="127"/>
The responses for ports 80 and 443 have different TTLs, which further
makes me think that there is some kind of proxy two hops from you.
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="54"/><service name="http"
method="table" conf="3"/></port>
<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="https"
method="table" conf="3"/></port>
David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- Problem with --traceroute option with 6.00 and 6.25 Jorge García - Bardok (Jul 04)
- Re: Problem with --traceroute option with 6.00 and 6.25 Daniel Miller (Jul 04)
- Re: Problem with --traceroute option with 6.00 and 6.25 Jorge García - Bardok (Jul 04)
- Re: Problem with --traceroute option with 6.00 and 6.25 David Fifield (Jul 26)
- Re: Problem with --traceroute option with 6.00 and 6.25 Daniel Miller (Jul 04)