Nmap Development mailing list archives

Re: [NSE] firewalking: NSE traceroute patch

From: David Fifield <david () bamsoftware com>
Date: Sat, 28 Aug 2010 09:52:15 -0600

On Sat, Aug 28, 2010 at 12:18:01PM +0200, Henri Doreau wrote:

Hello,

Thanks for the detailed advises. Attached is an updated version of the
patch, and the diff for scripting.xml too.


Excellent. I've committed it. I made a few changes. When building a Lua
array you have to start at index 1, not 0; the first hop was being
ignored. I stored the time.srtt value in seconds, not milliseconds,
because that matches how it works in host tables. When there is no
reverse DNS for a hop, I store no value instead of an empty string.

I tested it with the attached script that just prints out traceroute
results. It looks good! I hadly need to say that with this addition we
have everything we need to write a script that automatically adds
intermediate hops to the scanning queue, with Djalal's newtargets patch.

# ./nmap --datadir . -Pn -sn --traceroute scanme.nmap.org --script=traceroute

Starting Nmap 5.35DC18 ( http://nmap.org ) at 2010-08-28 09:45 MDT
Nmap scan report for scanme.nmap.org (64.13.134.52)
Host is up (0.065s latency).

Host script results:
| traceroute:
| 1   3.45 ms   192.168.0.1
| 2   42.82 ms  206.81.73.81
| 3   42.35 ms  206.81.73.82
| 4   41.15 ms  66.54.149.185
| 5   41.66 ms  ge-6-24-515.car1.denver1.level3.net (63.211.250.17)
| 6   40.75 ms  ae-31-53.ebr1.denver1.level3.net (4.68.107.94)
| 7   76.30 ms  ae-3-3.ebr2.sanjose1.level3.net (4.69.132.57)
| 8   67.18 ms  ae-62-62.csw1.sanjose1.level3.net (4.69.134.210)
| 9   66.71 ms  ae-22-69.car2.sanjose2.level3.net (4.68.18.12)
| 10  65.17 ms  layer42.car2.sanjose2.level3.net (4.59.4.78)
| 11  65.16 ms  xe6-2.core1.svk.layer42.net (69.36.239.221)
|_12  64.71 ms  scanme.nmap.org (64.13.134.52)

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   3.45 ms  192.168.0.1
2   42.82 ms 206.81.73.81
3   42.35 ms 206.81.73.82
4   41.15 ms 66.54.149.185
5   41.66 ms ge-6-24-515.car1.denver1.level3.net (63.211.250.17)
6   40.75 ms ae-31-53.ebr1.denver1.level3.net (4.68.107.94)
7   76.30 ms ae-3-3.ebr2.sanjose1.level3.net (4.69.132.57)
8   67.18 ms ae-62-62.csw1.sanjose1.level3.net (4.69.134.210)
9   66.71 ms ae-22-69.car2.sanjose2.level3.net (4.68.18.12)
10  65.17 ms layer42.car2.sanjose2.level3.net (4.59.4.78)
11  65.16 ms xe6-2.core1.svk.layer42.net (69.36.239.221)
12  64.71 ms scanme.nmap.org (64.13.134.52)

Nmap done: 1 IP address (1 host up) scanned in 2.97 seconds

David Fifield

Attachment: traceroute.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] firewalking Henri Doreau (Aug 10)
- Re: [NSE] firewalking Henri Doreau (Aug 17)
  - Re: [NSE] firewalking: NSE traceroute patch David Fifield (Aug 26)
    - Re: [NSE] firewalking: NSE traceroute patch Henri Doreau (Aug 28)
    - Re: [NSE] firewalking: NSE traceroute patch David Fifield (Aug 28)
  - Re: [NSE] firewalking David Fifield (Aug 26)
    - Re: [NSE] firewalking Henri Doreau (Aug 27)
    - Re: [NSE] firewalking David Fifield (Aug 27)
    - Re: [NSE] firewalking David Fifield (Aug 27)
    - Re: [NSE] firewalking David Fifield (Aug 27)
    - Re: [NSE] firewalking Henri Doreau (Aug 27)
    - Re: [NSE] firewalking Henri Doreau (Aug 28)
    - Re: [NSE] firewalking David Fifield (Aug 28)