Nmap Development mailing list archives
Behavior of traceroute with a non-responsive probe
From: David Fifield <david () bamsoftware com>
Date: Wed, 29 Jul 2009 13:18:09 -0600
Hi, With the new ability to combine the -PN and -sP options, it has become possible to run -PN -sP --traceroute. Traceroute gets its probe from the ping and port scan results, and in this case there are none. It would just quite with the message "no responsive probes." Fyodor asked me to make it guess a probe in this case. I did this in r14647, using the ICMP echo, the probe most likely to get a response in the absence of additional information. There is a problem with this when the target does not respond respond to the echo. The traceroute sends probes with TTLs all the way up to its built-in maximum of 50, taking a long time. www.microsoft.com is one host that doesn't respond to pings. nmap -PN -sP --traceroute www.microsoft.com -n TRACEROUTE (using proto 1/icmp) HOP RTT ADDRESS 1 0.77 192.168.0.1 2 38.76 206.81.73.81 3 38.65 206.81.73.82 4 39.28 66.54.149.185 5 39.73 63.211.250.17 6 39.15 4.68.107.190 7 40.05 4.69.132.37 8 59.33 4.69.132.106 9 54.55 4.69.145.208 10 ... 11 ... [Lots more lines] 49 ... 50 ... ! maximum TTL reached (50) Nmap done: 1 IP address (1 host up) scanned in 2201.79 seconds I propose the attached patch, which gives up after three or more probe timeouts have occurred with hosts that don't respond to the probe. It changes to above to TRACEROUTE (using proto 1/icmp) HOP RTT ADDRESS 1 0.76 192.168.0.1 2 37.99 206.81.73.81 3 38.39 206.81.73.82 4 37.86 66.54.149.185 5 178.66 63.211.250.17 6 42.03 4.68.107.190 7 39.11 4.69.132.37 8 59.65 4.69.132.106 9 53.16 4.69.145.208 10 ... 11 ... 12 ... 13 ... ! destination not reached (207.46.19.190) Nmap done: 1 IP address (1 host up) scanned in 300.51 seconds This would give false results if there was a long string of hosts in the route that don't send time exceeded messages. David Fifield
Attachment:
traceroute-unknown-limit.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Behavior of traceroute with a non-responsive probe David Fifield (Jul 29)