Nmap Development mailing list archives
Re: path inspection
From: Florin Andrei <florin () sgi com>
Date: 31 Oct 2003 15:56:55 -0800
Yes, i know, i mentioned that in the message. But it would be great to include this functionality in nmap, if possible. On Fri, 2003-10-31 at 12:04, phaseone () sio midco net wrote:
there is already a tool that does just what you described.it is called FIREWALK(mike/phaseone () sio midco net) ----- Original Message ----- From: "Florin Andrei" <florin () sgi com> To: <nmap-dev () insecure org> Sent: Friday, October 31, 2003 1:42 PM Subject: path inspectionSuppose you scan a host and find out that port 80 is "closed". Does that mean that there's no service running on it, or there's a packet filter right on that host itself? No, there might be a firewall somewhere in the path between you and the host. How can you tell where exactly port 80 gets dropped? Easy: just send out probes on port 80 with increasing TTL. When you get the "port closed" response, and if the TTL is smaller than the number of hops between you and the host, there you are, you stumbled upon a firewall. I would be _delighted_ to see this thing implemented in nmap. I'm aware that it's a "paradigm shift" from the functions normally provided by nmap, but it would be very useful. Currently, if i wanna see where exactly that packet gets dropped, i have to install some other software, which is kinda painful, especially when in a hurry. Or i have to use nmap and increase TTL manually, which is tedious and nmap is not designed to be used like that anyway (it doesn't print too much stuff that's useful in this scenario). Automating the TTL-increase process in nmap, and printing things that make sense in this scenario would help. Essentially, what i'm asking for is an "arbitrary-protocol traceroute": start with TTL=1, increase it by 1, and print what's going on at every step. Thank you, -- Florin Andrei http://florin.myip.org/ --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
-- Florin Andrei http://florin.myip.org/ --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- path inspection Florin Andrei (Oct 31)
- Re: path inspection phaseone (Oct 31)
- Re: path inspection Florin Andrei (Oct 31)
- <Possible follow-ups>
- path inspection testic (Oct 31)
- Re: path inspection Florin Andrei (Oct 31)
- Re: path inspection Max (Oct 31)
- Re: path inspection phaseone (Oct 31)