Re: Force TCP traceroute

[Jacek Wielemborek <d33tah () gmail com>]

W dniu 16.10.2015 o 15:35, Jochen Bartl pisze:
> Hi *,
>
> is there a way to have Nmap traceroute to a host via TCP even though the
> destination port is filtered and the host scan was intentionally disabled?
>
> After searching the mailinglist archive and having had a look at traceroute.cc I
> couldn't find a solution. In traceroute.cc [1] it seems like that an ICMP/echo
> traceroute is implicitly chosen if the host scan is disabled. My impression of
> "nmap -sS -n -Pn -p 443 --traceroute w.x.y.z" was that if the host scan is
> disabled,
> Nmap would just use TCP syn packets to get to the destination.
>
> I would like to be able to trace the path via TCP-syn packets to figure out,
> which firewall in the path is most likely filtering the packets.
>
> If that's not possible right now, maybe you could add it to the feature requests
> queue ;-) I thought about an --ignore-probe-result option, but
> didn't make a patch, because I'm neither familiar with c nor c++ and would like
> to spare you my copy&paste coding results.
>
> Thanks and best regards,
>
> Jochen
>
> 1) https://github.com/nmap/nmap/blob/master/traceroute.cc#L616-L622

To the best of my knowledge, Nmap is trying to use the best probe it
found during host discovery. Perhaps adding -PS443 would make it use
this protocol?

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/