Nmap Development mailing list archives
Re: Patch: better selection of traceroute probes
From: David Fifield <david () bamsoftware com>
Date: Fri, 5 Sep 2008 23:05:46 -0600
On Fri, Sep 05, 2008 at 06:09:48PM -0600, David Fifield wrote:
In http://seclists.org/nmap-dev/2008/q3/0539.html I observed that Nmap's traceroute doesn't work like it should for ping scans. Instead of using the ping probe that got a response as the traceroute probe, it just picks an arbitrary one of the ping probes that were used. I attached a patch to fix this. It makes traceroute use whatever probe was used as a timing ping during host discovery and port scanning. The timing probe promotes itself: whenever a response is received to a "better" probe than the current timing probe, the better probe becomes the new timing probe. So the timing probe is the best probe Nmap knows of to reach a given target. The caching and promotion of timing probes is summarized at http://seclists.org/nmap-dev/2008/q3/0647.html. I decided to use the cached timing probe for all traceroute types, not just ping scans. That's why I'm posting the patch to the list, because it's a bigger change than it would have been and I think it deserves a little testing. A bonus is that this change allows the elimination of a lot code from traceroute.cc. Now the complexity of port selection is isolated in scan_engine.cc.
I committed the patch. With the release impending it needs a few days to settle in the repository. Plus it's more of a bug fix than a new feature. I still ask that you give it a try. Run a traceroute with many types of ping scans and port scans. I wasn't able to find a machine that responded to IP protocol probes other than ICMP, TCP, and UDP (that's not on my local LAN), so if you could test that or send me the address of a responsive machine I would appreciate it. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Patch: better selection of traceroute probes David Fifield (Sep 05)
- Re: Patch: better selection of traceroute probes David Fifield (Sep 05)