Re: [PATCH] Reorder Traceroute UDP port selection

["Eddie Bell" <ejlbell () gmail com>]

Looks like a good idea. It was originally done this way as open udp
ports provide more reliable ttl estimates. I didn't think about speed
:o

On 15/02/2008, Kris Katterjohn <katterjohn () gmail com> wrote:
> Hey everyone!
>
>  I've attached a patch to reorder --traceroute's UDP port selection.
>
>  Before, an open port was checked for, then a closed one, then filtered
>  (if not TCP).  The problem is the vast majority of the time a UDP port
>  is considered open only because of version detection.. so when
>  Traceroute sends a probe the an open port, it won't get a response back.
>
>  This patch makes it so that for UDP, it checks for closed, then open,
>  then filtered.  For everything else it's the way it was.
>
>  Consider this host:
>
>  PORT    STATE  SERVICE VERSION
>  111/udp open   rpcbind  2 (rpc #100000)
>  112/udp closed mcidas
>  113/udp closed auth
>
>
>  Port 111 is only open because I ran -sV against it (was open|filtered).
>   So --traceroute, using the open port, doesn't get a response and
>  results in this:
>
>  TRACEROUTE (using port 111/udp)
>  HOP RTT ADDRESS
>  ! maximum TTL reached (50)
>
>
>  But with the patch, it uses the closed port first:
>
>  TRACEROUTE (using port 112/udp)
>  HOP RTT   ADDRESS
>  1   1.58  gateway (192.168.10.1)
>  <snip>
>  14  44.80 xhost (w.x.y.z)
>
>
>  Any comments or suggestions are appreciated.
>
>  Thanks,
>
> Kris Katterjohn
>
>
>  _______________________________________________
>  Sent through the nmap-dev mailing list
>  http://cgi.insecure.org/mailman/listinfo/nmap-dev
>  Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org