Re: Re[2]: UDP traceroute does not work to google.com

[Daniel Miller <bonsaiviking () gmail com>]

Sriram,

ICMP is used as a fallback when Nmap doesn't know any better probes that
will elicit a response from the target. Your command line includes "-Pn",
which means "don't send any host discovery probes." This overrides the
"-PU" which would otherwise result in a UDP probe being used to determine
whether the host is alive. So the combination of '-Pn' and '-sn' means that
Nmap has sent no packets to the target by the time it initiates traceroute.
The traceroute engine needs to select a probe that will elicit a response
from the target, so it guesses at ICMP.

It is worth noting that it is very likely google.com will not reply to any
UDP probe. It does not reply to probes to closed ports (randomly-selected
high ports that are very unlikely to be open), and it is unlikely that it
offers any UDP services that respond to an empty packet. This means that
Nmap cannot use UDP to traceroute google.com. You should use a tool like
'traceroute -U' instead.

Dan

On Wed, Jan 7, 2015 at 7:05 AM, Sriram Rajan <sriram.r () vit in> wrote:

> Hi Daniel & Nmap-dev,
>
> You were right about the unprivileged option. However, I could not get the
> traceroute over UDP with these options below. It still does a traceroute
> over ICMP.  Any means of restricing this to UDP in nmap ?
>
> $ sudo nmap -v -n -PU -Pn -sn  --traceroute google.com
>
> Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-07 12:51 UTC
> ...(truncated)....
>
> TRACEROUTE (using proto 1/*icmp*)
> ...
> I have seen UDP here once. But the proto has been stuck at icmp since.
>
> Regards,
>
> Sriram
>
> On Tue, Jan 6, 2015 at 07:46 PM, Daniel Miller <bonsaiviking () gmail com>
> wrote:
>
>
>
> On Tue, Jan 6, 2015 at 5:23 AM, <sriram.r () vit in> wrote:
>
> Hi All,
>
> I need to replicate traceroute functionality using nmap. However, I find
> that nmap fails when used with UDP protocol.
>
> Here is the command output for a trace to google.com.
>
> Despite root escalation, I get the warning: Traceroute has to be run as
> root, disabling...
>
> Please advice.
>
> Thanks,
>
> Sriram R
> -------
>
> <snip>
>
>
> # nmap -u --traceroute -sP 74.125130.101
>
> Sriram,
>
> Nmap does not have a "-u" option. Because of the way GNU getopt works,
> this is translated into the only long option starting with a "u", namely
> "--unprivileged". This option tells Nmap to behave as though it did NOT
> have root permission, regardless of whether it actually does. That is why
> you get the message that traceroute requires root privilege.
>
> Instead, what you probably want is the "-PU" option, which tells Nmap to
> use a UDP packet for host discovery. The traceroute engine uses the "best"
> port or protocol available from previous stages, so you must limit previous
> stages (host discovery, in this case) to use UDP only. By default, this
> uses port 40125, but you can specify a different port by appending it to
> the option: -PU123 for example.
>
> One final note: Nmap 5.21 is 5 years old. The current version is 6.47.
>
> Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/