Nmap Development mailing list archives
[PATCH] Report ICMP TTL Exceeded messages
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 5 Jan 2008 02:22:36 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Developers, Attached is a patch to detect when probes are lost to the abyss because their TTL was exceeded. I wrote this patch to detect route loops on our network but I figure it will be useful in general. The output looks something like: ICMP TTL Exceeded message when sending to X.Y.147.215, possible network loop, try increasing TTL with --ttl Right now the patch requires either verbose or debugging output to be on but it may be desirable to print the message regardless of these. The message is limited to 1 per host even if the error is received for every probe against that host. This patch doesn't do anything with the port state but I can see it doing a 'newstate = PORT_FILTERED;' if others think that's accurate or useful. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHfunsqaGPzAsl94IRAtmRAKDGmmOiAe15bhVxrOjTqiYQPJdE/QCgvFoC UCzqqxv/gjLVd0m2UXl8yXk= =OpdU -----END PGP SIGNATURE-----
Attachment:
icmpttl.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Report ICMP TTL Exceeded messages Brandon Enright (Jan 04)
- Re: [PATCH] Report ICMP TTL Exceeded messages Fyodor (Jan 04)
- Re: [PATCH] Report ICMP TTL Exceeded messages Brandon Enright (Jan 04)
- Re: [PATCH] Report ICMP TTL Exceeded messages Fyodor (Jan 04)