Nmap Development mailing list archives

Locating filtering hosts

From: Bill Moseley <moseley () hank org>
Date: Mon, 27 Sep 2004 09:00:46 -0700

Is there a way to have nmap find the host that may be filtering
ports between two machines?

I have a remote host that looks like this:

    (The 1656 ports scanned but not shown below are in state: filtered)
    PORT   STATE  SERVICE
    21/tcp open   ftp
    22/tcp open   ssh
    53/tcp closed domain
    80/tcp open   http

The remote machine is not dropping/filtering, but some host along the
way.  

I used tcptraceroute to port 80 and the compared that result with a
tcptraceroute to a port that is dropping the SYN packets to figure out
what host is filtering.  I looked over the nmap man page again and
didn't see where nmap could do this.  I see there's a -ttl option
which might be useful.

Could nmap, perhaps, change the ttl to locate where the filtering is
happening?





-- 
Bill Moseley
moseley () hank org


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

Locating filtering hosts Bill Moseley (Sep 27)
- Re: Locating filtering hosts Arturo "Buanzo" Busleiman (Sep 27)