Nmap Development mailing list archives

Re: TCP traceroute with different hop counts

From: Fyodor <fyodor () nmap org>
Date: Tue, 13 Jan 2015 16:10:00 -0800

On Mon, Jan 12, 2015 at 11:10 PM, Sriram Rajan <sriram.r () vit in> wrote:

Hi Dev,

Why does the same nmap command give single hop entry on successive
execution ?


In your first execution the output says:

TRACEROUTE (using port 8080/tcp)


And the second says:

TRACEROUTE (using port 113/tcp)

Hi Sriram.  So it seems like port 8080 goes all the way to Amazon whereas

you must have a router or something one hop away (it's
probably 180.179.168.99) which responds to port 113 packets with forged
responses.  If you take 113 out of your -p list, Nmap won't choose that one
and so you should always get the proper results.

Cheers,
Fyodor

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

TCP traceroute with different hop counts Sriram Rajan (Jan 12)
- Re: TCP traceroute with different hop counts Fyodor (Jan 13)