Nmap Development mailing list archives
Re: [PATCH] Reorder Traceroute UDP port selection
From: "Eddie Bell" <ejlbell () gmail com>
Date: Fri, 15 Feb 2008 19:27:05 +0000
Looks like a good idea. It was originally done this way as open udp ports provide more reliable ttl estimates. I didn't think about speed :o On 15/02/2008, Kris Katterjohn <katterjohn () gmail com> wrote:
Hey everyone! I've attached a patch to reorder --traceroute's UDP port selection. Before, an open port was checked for, then a closed one, then filtered (if not TCP). The problem is the vast majority of the time a UDP port is considered open only because of version detection.. so when Traceroute sends a probe the an open port, it won't get a response back. This patch makes it so that for UDP, it checks for closed, then open, then filtered. For everything else it's the way it was. Consider this host: PORT STATE SERVICE VERSION 111/udp open rpcbind 2 (rpc #100000) 112/udp closed mcidas 113/udp closed auth Port 111 is only open because I ran -sV against it (was open|filtered). So --traceroute, using the open port, doesn't get a response and results in this: TRACEROUTE (using port 111/udp) HOP RTT ADDRESS ! maximum TTL reached (50) But with the patch, it uses the closed port first: TRACEROUTE (using port 112/udp) HOP RTT ADDRESS 1 1.58 gateway (192.168.10.1) <snip> 14 44.80 xhost (w.x.y.z) Any comments or suggestions are appreciated. Thanks, Kris Katterjohn _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Reorder Traceroute UDP port selection Kris Katterjohn (Feb 15)
- Re: [PATCH] Reorder Traceroute UDP port selection Eddie Bell (Feb 15)
- Re: [PATCH] Reorder Traceroute UDP port selection Fyodor (Feb 15)