Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 24-Hour Beta: Nmap 4.69BETA1

From: David Fifield <david () bamsoftware com>
Date: Sun, 7 Sep 2008 16:03:22 -0600
On Sun, Sep 07, 2008 at 03:05:29PM -0500, Alan Jones wrote:

Here is a nmap scan to scanme.inscure.org

TRACEROUTE (using port 80/tcp)
HOP RTT  ADDRESS
1   2.00 home (192.168.1.254)
2   2.00 scanme.nmap.org (64.13.134.52)


If the same thing happens with Nmap 4.68, there may be a network device
mangling the TTL value of packets that pass through it. It would be
whatever your first hop to the Internet is. If I do this:

# iptables -t mangle -I OUTPUT -o eth0 -j TTL --ttl-set 64

then I get

# nmap scanme.nmap.org --traceroute

Starting Nmap 4.69BETA1 ( http://nmap.org ) at 2008-09-07 16:00 MDT
Interesting ports on scanme.nmap.org (64.13.134.52):
Not shown: 994 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
25/tcp  closed smtp
53/tcp  open   domain
70/tcp  closed gopher
80/tcp  open   http
113/tcp closed auth

TRACEROUTE (using port 113/tcp)
HOP RTT   ADDRESS
1   84.42 scanme.nmap.org (64.13.134.52)

Nmap done: 1 IP address (1 host up) scanned in 8.57 seconds

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: