Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMP Port Unreachable in Host Discovery

From: "Brett Cunningham" <cssniper22 () gmail com>
Date: Fri, 15 Jun 2007 23:05:52 -0500
When a host responds to ICMP, but returns Port Unreachable on SYN/Connect()
scans, would it be possible to compare the results of a traceroute and a
tool such as "TCP Traceroute" (see:
http://www.netscantools.com/nstpro_traceroute.html). Correct me if I'm
wrong, but if the firewall where to report the Port Unreachable, the ICMP
traceroute wouldn't match the TCP Traceroute.

On 6/14/07, Kris Katterjohn <katterjohn () gmail com> wrote:


Will Cladek wrote:

Kris,

The host can be pinged as well, but you're right, there's no way of
knowing for sure if it's the host or an external firewall on its
behalf.  It does seem odd not to just be using a RST or simply ignoring
it completely.

The thing that drew my attention to this is that normally I throw in a
-PE flag to do a ping as well, and even though the host is pingable,
occasionally the scan will just end and say the host is down.  I haven't
been able to recreate this is a controlled fashion, or else *that* would
be what I'd post about.  Maybe the host is just being inconsistent in
replying to echo requests.  I was just kind of hoping changing this ICMP
port unreachable behavior would be a simpler solution.  I guess I'll
just wait and try to recreate the original situation and try to post
about that.

-Will



Hey,

A couple of things:

* Nmap has a --packet-trace option that might simplify your testing so
you don't have to use tcpdump (unless tcpdump offers more information
for your particular test).

* You might also want to experiment with this host using the timing
options (-T).  Some hosts respond differently based on time, so slowing
it down (like -T2) can affect things.  But be warned, -T2 can take a
while, so you should probably just use it separately for this host if
you're going to be scanning more than just a few.


Well, I hope that helps you.

Thanks,
Kris Katterjohn

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: