Nmap Development mailing list archives
nmap doesn't allow tracing of blocked ports
From: Neil Mayhew <neil () neil mayhew name>
Date: Mon, 25 Sep 2017 12:18:23 -0600
My use-case is public WiFi networks that block port 22. I need to find out where the blocking is occurring so that I can submit an unblocking request to the appropriate administrator. My problem is that nmap's traceroute can't be used with TCP ports that are blocked, because nmap refuses to run a trace to closed ports even when I request it explicitly. For example, $ sudo nmap --traceroute -PS22 -sn gitlab.com ... TRACEROUTE (using port 22/tcp) $ sudo nmap --traceroute -PS2200 -sn gitlab.com ... Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn $ sudo nmap --traceroute -PS2200 -sn -Pn gitlab.com ... TRACEROUTE (using proto 1/icmp) This is a catch-22 situation: the port is closed because it's being blocked but I then can't run a TCP traceroute to it to find out where. I can of course use the regular traceroute utility but I need to have the local WiFi administrator run the test before he'll talk to people upstream, and he's a Windows user. nmap is the friendliest option for a Windows user, and I think it should be able to do what the regular Linux traceroute can do. [tracetcp][1] is a TCP traceroute specially for Windows, but it's obscure compared with nmap, and administrators are understandably cautious about installing random utilities suggested by someone they don't know. [1]: http://simulatedsimian.github.io/tracetcp.html
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap doesn't allow tracing of blocked ports Neil Mayhew (Sep 25)
- Re: nmap doesn't allow tracing of blocked ports Daniel Miller (Sep 25)
- Re: nmap doesn't allow tracing of blocked ports Daniel Miller (Sep 25)
- Re: nmap doesn't allow tracing of blocked ports Daniel Miller (Sep 25)