Nmap Development mailing list archives
Patch: better selection of traceroute probes
From: David Fifield <david () bamsoftware com>
Date: Fri, 5 Sep 2008 18:09:48 -0600
Hi, In http://seclists.org/nmap-dev/2008/q3/0539.html I observed that Nmap's traceroute doesn't work like it should for ping scans. Instead of using the ping probe that got a response as the traceroute probe, it just picks an arbitrary one of the ping probes that were used. So for example if you ran nmap -sP -PE -PS22 --traceroute google.com the traceroute would fail after a long time (about 100 seconds for me) with "! maximum TTL reached (50)". Traceroute just picked the SYN probe to port 22, even though that doesn't get a response and the ping probe does. I attached a patch to fix this. It makes traceroute use whatever probe was used as a timing ping during host discovery and port scanning. The timing probe promotes itself: whenever a response is received to a "better" probe than the current timing probe, the better probe becomes the new timing probe. So the timing probe is the best probe Nmap knows of to reach a given target. The caching and promotion of timing probes is summarized at http://seclists.org/nmap-dev/2008/q3/0647.html. I decided to use the cached timing probe for all traceroute types, not just ping scans. That's why I'm posting the patch to the list, because it's a bigger change than it would have been and I think it deserves a little testing. A bonus is that this change allows the elimination of a lot code from traceroute.cc. Now the complexity of port selection is isolated in scan_engine.cc. Incidentally, combining ping scan with traceroute is a great way to try out the new Zenmap topology visualization. Try the "Quick traceroute" profile and run it against a bunch of scattered Internet hosts. You don't even have to list all the targets in advance. Just run one scan after another in the same window and all the results will be combined together. David Fifield
Attachment:
traceroute-probe-selection.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Patch: better selection of traceroute probes David Fifield (Sep 05)
- Re: Patch: better selection of traceroute probes David Fifield (Sep 05)