Nmap Development mailing list archives

Re: Traceroute failure from SVN 15553 on OSX 10.5.8

From: David Fifield <david () bamsoftware com>
Date: Thu, 24 Sep 2009 08:55:49 -0600

On Thu, Sep 24, 2009 at 06:13:00AM -0500, Tom Sellers wrote:

David Fifield wrote:

On Wed, Sep 23, 2009 at 11:08:22AM -0500, Chris Clements wrote:

Receiving a failure message when traceroute starts from the following 
 command:

nmap -Avv -T5 192.168.0.0/24 (FYI, all machines in this range are on  
local layer 2 subnet)

Failure message:

Initiating Traceroute at 11:07
Stats: 0:02:46 elapsed; 232 hosts completed (24 up), 24 undergoing   
Traceroute
Traceroute Timing: About 1.39% done; ETC: 11:07 (0:00:00 remaining)
Assertion failed: (current_ttl > 0), function next_ttl, file   
traceroute.cc, line 397.
Abort trap


Thank you for this report. Does the attached patch fix the problem? It
may be that OS detection is wrongly detecting a distance of 0 for one of
the hosts (whichever follows 192.168.0.253). The traceroute should
always start with a TTL of 1 at the minimum.


David - The only host with a legitimate 0 value should be localhost right?


Yes, but, it's possible for the OS detection distance estimation to be
fooled when intermediate devices fool with TTLs or when routes are not
parallel. For example, if you send a UDP probe with a TTL of 50, and and
you get back an ICMP port unreachable containing the UDP packet with a
TTL of 45, we estimate that there are five hops to the target. That's
assuming that every router decrements the TTL as it should. If one of
them doesn't, or if it resets it to some fixed value, the calculation
will be off. If the ICMP port unreachable comes back with an
encapsulated TTL of 50, it will look like a distance of 0.

We used to get OS fingerprint submissions with negative claimed
distances until we made such fingerprints invalid. If you look at recent
OS fingerprints you'll see that they have a DC (for "distance
calculation") test that indicates how much to trust the distance. The
possibilities are DC=L for localhost, DC=D for a direct subnet
connection, DC=I for an ICMP TTL calculation, and DC=T for a traceroute
count.

Chris - What is the IP the scanning machine?


According to the packet trace it's 192.168.86.3, but I don't think being
localhost is the cause. The traceroute code doesn't even run for
localhost, and localhost is not put in a hostgroup with non-localhost
hosts.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Traceroute failure from SVN 15553 on OSX 10.5.8 Chris Clements (Sep 23)
- Re: Traceroute failure from SVN 15553 on OSX 10.5.8 David Fifield (Sep 23)
  - Re: Traceroute failure from SVN 15553 on OSX 10.5.8 Tom Sellers (Sep 24)
    - Re: Traceroute failure from SVN 15553 on OSX 10.5.8 David Fifield (Sep 24)
    - Re: Traceroute failure from SVN 15553 on OSX 10.5.8 Tom Sellers (Sep 25)
    - Message not available
    - Re: Traceroute failure from SVN 15553 on OSX 10.5.8 David Fifield (Sep 27)