Nmap Development mailing list archives
Re: Zenmap topology
From: David Fifield <david () bamsoftware com>
Date: Mon, 14 Dec 2009 11:19:46 -0700
On Mon, Dec 14, 2009 at 11:03:49AM -0600, Blader, Robert G CIV NSWCDD, W51 wrote:
I'm not sure if this is a bug or just me not making sense of Zenmap's topology feature, but I need some help understanding what I'm seeing. I ran a traceroute scan on 2 subnets using version 5 Nmap/Zenmap. The topology tab shows a node whose IP is 0.0.0.0 (separate from local host) and shows connections to other hosts (other than the 2 networks I listed in the "targets" field). The DNS lookups of these IP's point all other place - literally. They are depicted by "intermediate nodes" (white circles) and are connected by dotted blue lines.
If you can, paste in the part of the output that refers to 0.0.0.0. What do you mean by "the DNS lookups of these IPs point all other places"--that they seem to be completely random domain names? It's possible that a firewall is spoofing ICMP TTL exceeded messages from random addresses. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Zenmap topology Blader, Robert G CIV NSWCDD, W51 (Dec 14)
- Re: Zenmap topology David Fifield (Dec 14)
- <Possible follow-ups>
- Zenmap Topology David Maynor (Dec 23)
- Re: Zenmap Topology David Fifield (Dec 23)
- RE: Zenmap Topology David Maynor (Dec 23)
- Re: Zenmap Topology David Fifield (Dec 23)
- Re: Zenmap Topology David Fifield (Dec 23)