Re : Traceroute feature test

[Ionreflex <ionreflex () gmail com>]

Hi all,

This is my first posting, I'm not used to this mailing list system so paleez
if I do something wrong, say it so i don't do it again! Also, beside the
numerous praises you're going to find in this post, I'm going to start with
a little introduction - I'll try to be as brief as possible - trying to
explain my situation for which I believe nmap can be a life saver with a
traceroute feature...

I'm no pro network admin, but I'm working on it; then again, I'm kinda
network admin at my job and the primary tool I'm using is - you guessed it!
- nmap for every possible network trouble; my company has access to an
external private network ( 10.0.0.0/8) under the control of a government
agency. For security reason, access to this network is done by a solution
delivered by Juniper Networks, which kind of create a VPN tunnel on the PC
via the loopback address range ( 127.0.0.0/8). It's really tricky, a recent
technology I know nothing about...

Amongst other things you should know :

the client for this system is available only for Windows system;
the VPN agent is configured to "trap" connection attempts based on service
or application (ie if telnet is configured for a given IP address, the
connection will pass through the VPN agent; if not, the connection will go
through the normal gateway)

To my surprise, nmap is the only tool that worked with this technology; I
also tried LFT once compiled with Cygwin, even "tracetcp" - or was it
"tcptrace" ? - to no avail : to a destination:port properly configured, the
agent ignored those program so they went through the default gateway...

So, with nmapwin, it's possible to know if a service is available through
the agent or if it's not; in the case the destination:port is in "filtered"
state - most probably by a firewall - nmap cannot say where the connection
is blocked... but if a traceroute feature was implement in nmap, the
troubleshooting would be so much faster it would be perfect!

Enough with the story, I'm pretty sure you get the idea.

Like I said, I'm a Windows XP user, always up-to-date, so if I could help
you with the testing just let me know - but I'll probably need some help to
set it up!


Oups, about the praise... The nmap project is one of the best example how an
open project should be developed : well documented, open-minded
collaborators, any platform compatibility are all key ingredients of this
success story... Take care, and keep up the good work everybody!



-- 
ion][reflex
[reflexion]



 From: Eddie Bell
<ejlbell_at_gmail.com<ejlbell_at_gmail.com?Subject=Re:%20Traceroute%20feature%20test>>

Date: Thu, 3 Aug 2006 14:42:38 +0200

Hi everyone,
I have been working on a parallel, multiple protocol, traceroute patch over
the last month. I should have the final version finished in a couple of
weeks but, for now, you may try a cut down alpha patch. There are a few
missing features and it needs some optimisation/profiling but the main
functionality is there. The patch hasn't been tested on windows yet but next

week I should have access to a XP box.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev