Nmap Development mailing list archives
Re: Force TCP traceroute
From: Jochen Bartl <jochenbartl () mailbox org>
Date: Sat, 17 Oct 2015 00:25:52 +0200
Is this port actually responding (closed/open)? What does --packet-trace say?
The port is actually in the "filtered" state, because the firewall in front of it is just dropping the packets on port tcp/3389. I have access to the server and the firewall. My intention was to use Nmap and see how close I can get with the tcp destination port to the target and be able to spot where the firewall could be in the path. I've used Scapy, lft and tcptrace for that and thought it would be nice to be able to do that with Nmap too. Here is the packet-trace including -vvv and -ddd: nmap -sS -n -Pn -PS3389 --traceroute -p 3389 --packet-trace -vvv -ddd w.x.y.z Starting Nmap 6.47 ( http://nmap.org ) at 2015-10-16 23:56 CEST Fetchfile found /usr/bin/../share/nmap/nmap-services Fetchfile found /usr/bin/../share/nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Fetchfile found /usr/bin/../share/nmap/nmap-payloads Initiating Ping Scan at 23:56 Scanning www.example.com (w.x.y.z) [1 port] Packet capture filter (device eth0): dst host y.y.y.y and (icmp or icmp6 or ((tcp or udp or sctp) and (src host w.x.y.z))) SENT (0.1699s) TCP [y.y.y.y:38182 > w.x.y.z:3389 S seq=2143877242 ack=0 off=6 res=0 win=1024 csum=0xCB44 urp=0 <mss 1460>] IP [ver=4 ihl=5 tos=0x00 iplen=44 id=59112 foff=0 ttl=56 proto=6 csum=0xeda8] **TIMING STATS** (0.1700s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1 Current sending rates: 13.98 packets / s, 615.11 bytes / s. Overall sending rates: 13.98 packets / s, 615.11 bytes / s. SENT (1.1710s) TCP [y.y.y.y:38183 > w.x.y.z:3389 S seq=2143942779 ack=0 off=6 res=0 win=1024 csum=0xCB41 urp=0 <mss 1460>] IP [ver=4 ihl=5 tos=0x00 iplen=44 id=14557 foff=0 ttl=50 proto=6 csum=0xa1b4] **TIMING STATS** (1.1712s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1 Current sending rates: 1.86 packets / s, 82.03 bytes / s. Overall sending rates: 1.86 packets / s, 82.03 bytes / s. **TIMING STATS** (2.1720s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 0/*/*/*/*/* 10.00/75/* 1000000/-1/-1 Current sending rates: 0.96 packets / s, 42.44 bytes / s. Overall sending rates: 0.96 packets / s, 42.44 bytes / s. ultrascan_host_probe_update called for machine w.x.y.z state UNKNOWN -> HOST_DOWN (trynum 1 time: 1003560) Moving w.x.y.z to completed hosts list with 1 outstanding probe. Completed Ping Scan at 23:56, 2.08s elapsed (1 total hosts) Overall sending rates: 0.96 packets / s, 42.39 bytes / s. pcap stats: 0 packets received by filter, 0 dropped by kernel. Nmap scan report for www.example.com (w.x.y.z) [host down, received no-response] Read from /usr/bin/../share/nmap: nmap-payloads nmap-services. Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 2.22 seconds Raw packets sent: 2 (88B) | Rcvd: 0 (0B)
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Force TCP traceroute Jochen Bartl (Oct 16)
- Re: Force TCP traceroute Jacek Wielemborek (Oct 16)
- Re: Force TCP traceroute Jochen Bartl (Oct 16)
- Re: Force TCP traceroute Jacek Wielemborek (Oct 16)
- Re: Force TCP traceroute Jochen Bartl (Oct 16)
- Re: Force TCP traceroute Jochen Bartl (Oct 16)
- Re: Force TCP traceroute Jacek Wielemborek (Oct 16)
- Re: Force TCP traceroute Fyodor (Oct 17)
- Re: Force TCP traceroute Jochen Bartl (Oct 18)