Re: [PATCH] Report ICMP TTL Exceeded messages

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 4 Jan 2008 23:13:07 -0800
Fyodor <fyodor () insecure org> wrote:

> On Sat, Jan 05, 2008 at 02:22:36AM +0000, Brandon Enright wrote:
> > The output looks something like:
> >
> > ICMP TTL Exceeded message when sending to X.Y.147.215, possible
> > network loop, try increasing TTL with --ttl
>
> Have you (or other people) actually seen many cases where increasing
> the TTL with --ttl resolves the problem?  If so, we could increase the
> default Nmap TTL.  But I figured it was high enough that TTL exceeded
> notices are probably due to loops which would simply loop more with a
> higher TTL.
>
> Cheers,
> -F

I have re-worked this patch (attached) to reduce the verbiage printed
to just:

Got ICMP TTL Exceeded when sending to 1.2.3.4, possible network loop!

The error() message is limited to one printing per host so that the
screen isn't flooded with useless information.

The patch applies cleanly against SVN.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkggzQ4ACgkQqaGPzAsl94LIRQCdFtLAbIOtv23DodglPqSwZ5+8
PaMAn3S+ejC7IXfY8xH7gjjeprJ4UYVq
=wa+x
-----END PGP SIGNATURE-----

Attachment: ttlpatch.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org