Nmap Development mailing list archives
Re: How to interpret following nmap's traceroute output.
From: Karel Gardas <karel.gardas () centrum cz>
Date: Tue, 23 Jun 2020 15:37:34 +0200
On 6/23/20 3:25 PM, Robin Wood wrote:
I can't answer the nmap question but I'm curious, what does standard traceroute to the two IPs show? What IP are you on and what is the subnet? Is 10.0.30.138 the default gateway defined on the host?
Indeed, I should consult traceroute, but well, then it looks like nmap tracerouting bug IMHO: traceroute to 10.111.0.99 (10.111.0.99), 30 hops max, 60 byte packets 1 _gateway (10.0.30.138) 0.253 ms 0.340 ms 0.320 ms 2 10.0.10.14 (10.0.10.14) 1.160 ms 1.146 ms 1.124 ms 3 10.1.0.12 (10.1.0.12) 2.911 ms 3.014 ms 2.999 ms 4 10.11.0.26 (10.11.0.26) 4.120 ms 4.108 ms 4.089 ms 5 10.111.0.99 (10.111.0.99) 4.191 ms 4.176 ms 4.154 ms BTW: do not wonder about network, it's combination of real and virtual built just for testing purposes. Thanks, Karel
Robin On Tue, 23 Jun 2020 at 14:21, Karel Gardas <karel.gardas () centrum cz <mailto:karel.gardas () centrum cz>> wrote: Hello, I'm experimenting with nmap for network topology scanning and discovery and sometime it surprises me with what I find in its trace records. Currently I'm not able to interpret this record: Nmap scan report for 10.111.0.99 [...] 1 0.89 ms _gateway (10.0.30.138) 2 1.47 ms 10.0.10.14 3 ... 4 5 2.26 ms 10.111.0.99 [...] while record for 10.0.10.14 looks as: Nmap scan report for 10.0.10.14 [...] 1 0.31 ms 10.0.10.14 so I'm not sure how to interpret hop 3 and 4 of 10.111.0.99 above when 10.0.10.14 is reachable only with one hop hence does not provide any hop 3 and 4. The nmap is version 7.60 as distributed and run on Ubuntu 18.04.x LTS with root privileges and with command-line parameters: -T4 10.1.0.0/24 <http://10.1.0.0/24> 10.0.10.0/24 <http://10.0.10.0/24> 10.0.20.0/24 <http://10.0.20.0/24> 10.0.30.0/24 <http://10.0.30.0/24> 10.0.60.0/24 <http://10.0.60.0/24> 10.11.0.0/24 <http://10.11.0.0/24> 10.111.0.0/24 <http://10.111.0.0/24> 10.112.0.0/24 <http://10.112.0.0/24> 10.111.1.0/24 <http://10.111.1.0/24> 10.111.2.0/24 --stats-every <http://10.111.2.0/24--stats-every> 5s --traceroute Any idea? Thanks! Karel _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Arturo 'Buanzo' Busleiman (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Arturo 'Buanzo' Busleiman (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
- Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)
- Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)