Nmap Development mailing list archives
Re : Traceroute feature test
From: Ionreflex <ionreflex () gmail com>
Date: Mon, 7 Aug 2006 23:56:00 -0400
Hi all, This is my first posting, I'm not used to this mailing list system so paleez if I do something wrong, say it so i don't do it again! Also, beside the numerous praises you're going to find in this post, I'm going to start with a little introduction - I'll try to be as brief as possible - trying to explain my situation for which I believe nmap can be a life saver with a traceroute feature... I'm no pro network admin, but I'm working on it; then again, I'm kinda network admin at my job and the primary tool I'm using is - you guessed it! - nmap for every possible network trouble; my company has access to an external private network ( 10.0.0.0/8) under the control of a government agency. For security reason, access to this network is done by a solution delivered by Juniper Networks, which kind of create a VPN tunnel on the PC via the loopback address range ( 127.0.0.0/8). It's really tricky, a recent technology I know nothing about... Amongst other things you should know : the client for this system is available only for Windows system; the VPN agent is configured to "trap" connection attempts based on service or application (ie if telnet is configured for a given IP address, the connection will pass through the VPN agent; if not, the connection will go through the normal gateway) To my surprise, nmap is the only tool that worked with this technology; I also tried LFT once compiled with Cygwin, even "tracetcp" - or was it "tcptrace" ? - to no avail : to a destination:port properly configured, the agent ignored those program so they went through the default gateway... So, with nmapwin, it's possible to know if a service is available through the agent or if it's not; in the case the destination:port is in "filtered" state - most probably by a firewall - nmap cannot say where the connection is blocked... but if a traceroute feature was implement in nmap, the troubleshooting would be so much faster it would be perfect! Enough with the story, I'm pretty sure you get the idea. Like I said, I'm a Windows XP user, always up-to-date, so if I could help you with the testing just let me know - but I'll probably need some help to set it up! Oups, about the praise... The nmap project is one of the best example how an open project should be developed : well documented, open-minded collaborators, any platform compatibility are all key ingredients of this success story... Take care, and keep up the good work everybody! -- ion][reflex [reflexion] From: Eddie Bell <ejlbell_at_gmail.com<ejlbell_at_gmail.com?Subject=Re:%20Traceroute%20feature%20test>> Date: Thu, 3 Aug 2006 14:42:38 +0200 Hi everyone, I have been working on a parallel, multiple protocol, traceroute patch over the last month. I should have the final version finished in a couple of weeks but, for now, you may try a cut down alpha patch. There are a few missing features and it needs some optimisation/profiling but the main functionality is there. The patch hasn't been tested on windows yet but next week I should have access to a XP box. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Re : Traceroute feature test Ionreflex (Aug 07)
- Re: Re : Traceroute feature test Eddie Bell (Aug 08)