Re: Host status recording with traceroutes

[David Fifield <david () bamsoftware com>]

On Fri, Sep 25, 2009 at 09:40:31AM +0100, Felix Ingram wrote:
> I'm trying to do some fairly large pings and traceroutes with nmap 5. When
> trying to --resume the scans I noticed a couple of things.
>
> 1. Resuming off the gnmap file gave me the: "WARNING: No targets were
> specified..." error. A quick google suggested that I should remove the
> already scanned hosts from my target file and all would be well.
>
> 2. While extracting the already scanned targets I noticed that none of the
> "down" hosts had been recorded. I tracked this down to the --traceroute
> option.
>
> Without --traceroute (greppable):
> # Ports scanned: TCP(0;) UDP(0;) SCTP(0;) PROTOCOLS(0;)
> Host: xxx.xxx.0.16 ()       Status: Down
> Host: xxx.xxx.0.78 ()     Status: Up
> Host: xxx.xxx.0.85 ()     Status: Up
>
> With --traceroute  (greppable)
> # Ports scanned: TCP(0;) UDP(0;) SCTP(0;) PROTOCOLS(0;)
> Host: xxx.xxx.0.78 ()     Status: Up
> Host: xxx.xxx.0.85 ()     Status: Up
>
> So my question is: is this the expected behaviour?
>
> My command line was:
> nmap -sP -PE -T5 -vvvvvvvv -oA pings_and_trs -iL targets.txt --traceroute

I can confirm that it works this way. I was surprised by it too at
first. It is not limited to traceroute. Down hosts are not included in
the output whenever a scan does anything past host discovery, including
port scanning, script scanning, and traceroute. These commands will omit
down hosts too:

nmap -PE -T5 -vvvvvvvv -oA pings_and_trs -iL targets.txt
nmap -sP -sC -PE -T5 -vvvvvvvv -oA pings_and_trs -iL targets.txt

The reason is that there is special code that handles "port scan only."
For all other scans, down hosts are removed after host discovery. Doing
it this way simplifies the internal logic but it could conceivably be
changed.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org