Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Zenmap topology

From: David Fifield <david () bamsoftware com>
Date: Mon, 14 Dec 2009 11:19:46 -0700
On Mon, Dec 14, 2009 at 11:03:49AM -0600, Blader, Robert G CIV NSWCDD, W51 wrote:

 I'm not sure if this is a bug or just me not making sense of Zenmap's
 topology feature, but I need some help understanding what I'm seeing.
 
 I ran a traceroute scan on 2 subnets using version 5 Nmap/Zenmap.
 The topology tab shows a node whose IP is 0.0.0.0 (separate from
 local host) and shows connections to other hosts (other than the 2
 networks I listed in the "targets" field).  The DNS lookups of these
 IP's point all other place - literally.  They are depicted by
 "intermediate nodes" (white circles) and are connected by dotted blue
 lines.  


If you can, paste in the part of the output that refers to 0.0.0.0. What
do you mean by "the DNS lookups of these IPs point all other
places"--that they seem to be completely random domain names? It's
possible that a firewall is spoofing ICMP TTL exceeded messages from
random addresses.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: