nmap doesn't allow tracing of blocked ports

[Neil Mayhew <neil () neil mayhew name>]

My use-case is public WiFi networks that block port 22. I need to find
out where the blocking is occurring so that I can submit an unblocking
request to the appropriate administrator.

My problem is that nmap's traceroute can't be used with TCP ports that
are blocked, because nmap refuses to run a trace to closed ports even
when I request it explicitly. For example,

$ sudo nmap --traceroute -PS22 -sn gitlab.com
...
TRACEROUTE (using port 22/tcp)

$ sudo nmap --traceroute -PS2200 -sn gitlab.com
...
Note: Host seems down. If it is really up, but blocking our ping probes,
try -Pn

$ sudo nmap --traceroute -PS2200 -sn -Pn gitlab.com
...
TRACEROUTE (using proto 1/icmp)

This is a catch-22 situation: the port is closed because it's being
blocked but I then can't run a TCP traceroute to it to find out where.

I can of course use the regular traceroute utility but I need to have
the local WiFi administrator run the test before he'll talk to people
upstream, and he's a Windows user. nmap is the friendliest option for a
Windows user, and I think it should be able to do what the regular Linux
traceroute can do. [tracetcp][1] is a TCP traceroute specially for
Windows, but it's obscure compared with nmap, and administrators are
understandably cautious about installing random utilities suggested by
someone they don't know.

[1]: http://simulatedsimian.github.io/tracetcp.html

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/