Nmap Development mailing list archives
Re: How to interpret following nmap's traceroute output.
From: Karel Gardas <karel.gardas () centrum cz>
Date: Tue, 23 Jun 2020 15:49:15 +0200
On 6/23/20 3:40 PM, Robin Wood wrote:
Is 10.0.10.14 on the same box as you are scanning from, i.e. a VM? If so, then it may just be caused by the VM networking stack knowing about the second subnet and so short-cutting the routing.
Yes, 10.0.10.14 is enter to virtual network and yes, it's routable directly from the host. But 10.111.0.99 is deep inside the virtual network and the 10.0.10.14 short-cut does not explain un-clear traceroute to 10.111.0.99 as reported by nmap IMHO. Or am I missing anything here? Thanks! Karel
On Tue, 23 Jun 2020 at 14:37, Karel Gardas <karel.gardas () centrum cz <mailto:karel.gardas () centrum cz>> wrote: On 6/23/20 3:25 PM, Robin Wood wrote: > I can't answer the nmap question but I'm curious, what does standard > traceroute to the two IPs show? > > What IP are you on and what is the subnet? Is 10.0.30.138 the default > gateway defined on the host? > Indeed, I should consult traceroute, but well, then it looks like nmap tracerouting bug IMHO: traceroute to 10.111.0.99 (10.111.0.99), 30 hops max, 60 byte packets 1 _gateway (10.0.30.138) 0.253 ms 0.340 ms 0.320 ms 2 10.0.10.14 (10.0.10.14) 1.160 ms 1.146 ms 1.124 ms 3 10.1.0.12 (10.1.0.12) 2.911 ms 3.014 ms 2.999 ms 4 10.11.0.26 (10.11.0.26) 4.120 ms 4.108 ms 4.089 ms 5 10.111.0.99 (10.111.0.99) 4.191 ms 4.176 ms 4.154 ms BTW: do not wonder about network, it's combination of real and virtual built just for testing purposes. Thanks, Karel > Robin > > On Tue, 23 Jun 2020 at 14:21, Karel Gardas <karel.gardas () centrum cz <mailto:karel.gardas () centrum cz> > <mailto:karel.gardas () centrum cz <mailto:karel.gardas () centrum cz>>> wrote: > > > Hello, > > I'm experimenting with nmap for network topology scanning and discovery > and sometime it surprises me with what I find in its trace records. > Currently I'm not able to interpret this record: > > Nmap scan report for 10.111.0.99 > [...] > 1 0.89 ms _gateway (10.0.30.138) > 2 1.47 ms 10.0.10.14 > 3 ... 4 > 5 2.26 ms 10.111.0.99 > [...] > > while record for 10.0.10.14 looks as: > Nmap scan report for 10.0.10.14 > [...] > 1 0.31 ms 10.0.10.14 > > so I'm not sure how to interpret hop 3 and 4 of 10.111.0.99 above when > 10.0.10.14 is reachable only with one hop hence does not provide any hop > 3 and 4. > > The nmap is version 7.60 as distributed and run on Ubuntu 18.04.x LTS > with root privileges and with command-line parameters: > > -T4 10.1.0.0/24 <http://10.1.0.0/24> <http://10.1.0.0/24> 10.0.10.0/24 <http://10.0.10.0/24> > <http://10.0.10.0/24> 10.0.20.0/24 <http://10.0.20.0/24> <http://10.0.20.0/24> > 10.0.30.0/24 <http://10.0.30.0/24> <http://10.0.30.0/24> 10.0.60.0/24 <http://10.0.60.0/24> <http://10.0.60.0/24> > 10.11.0.0/24 <http://10.11.0.0/24> <http://10.11.0.0/24> 10.111.0.0/24 <http://10.111.0.0/24> > <http://10.111.0.0/24> 10.112.0.0/24 <http://10.112.0.0/24> <http://10.112.0.0/24> > 10.111.1.0/24 <http://10.111.1.0/24> <http://10.111.1.0/24> 10.111.2.0/24 <http://10.111.2.0/24> > --stats-every <http://10.111.2.0/24--stats-every> 5s --traceroute > > Any idea? > > Thanks! > Karel > _______________________________________________ > Sent through the dev mailing list > https://nmap.org/mailman/listinfo/dev > Archived at http://seclists.org/nmap-dev/ > > > _______________________________________________ > Sent through the dev mailing list > https://nmap.org/mailman/listinfo/dev > Archived at http://seclists.org/nmap-dev/ >
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Arturo 'Buanzo' Busleiman (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Arturo 'Buanzo' Busleiman (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)
- Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)