Re: [nmap-svn] r15501 - nmap-exp/david/nmap-traceroute

[Fyodor <fyodor () insecure org>]

On Wed, Sep 16, 2009 at 07:04:21PM -0700, commit-mailer () insecure org wrote:
> Log:
> Use ICMP echo for hosts that have ARP as their ping probe type.

If we can reach the host directly on the local network by its MAC
address, it seems reasonable to just mark it as 1 hop away and avoid
the waste of sending "traceroute" probes to all the machines on the
local network.  I guess there is a slim possibility that some machine
in the middle (proxy-arp host, bridge, switch, whatever) might
decrement the TTL for some reason and respond with a TTL exceeded, but
that seems like a long shot.  I'm sending this to nmap-dev anyway in
case someone can think of a good reason for doing traceroute against
machines which seem to be on the local network.  If the scenario is
super-obscure, perhaps they should do it with nping and Nmap should go
with the 99.9% case and avoid sending out the superfluous packets.  If
we get an ARP response from the host, I think there is a good argument
that "1" is the correct number of hops in any case.  Similarly, we
always treat localhost as 0 hops away for traceroute purposes.

By the way, the new --traceroute system is looking superb!

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org