Nmap Development mailing list archives
[SCRIPT] traceroute tools: 0trace and RecordRoute + nsock source port specification
From: majek04 <majek04+nmap-dev () gmail com>
Date: Sat, 18 Aug 2007 05:18:43 +0200
Good news everyone! I'm really happy to see my code being included in mainline. It's a good time to reveal more NSE scripts. This time two traceroute-related scripts: * 0trace is implementation of Lcamtuf's 0trace[1] idea. The basic idea, is to inject packets with small TTLs into established tcp/ip connection. If the packet will be dropped by some firewall after NAT we'll receive Icmp error message, and there will be different destination ip inside the icmp payload. * Ip RecordRoute is an option at IP level. It records up to nine hops in the packets way. The advantage is that it's done using single ip packet. As a bonus, I provided support for specifying source port to nsock library. The discussion is in [2]. After applying my patch you can select source port for the connection. For example in lua it could be like this: conn:connect(host.ip, port.number, "udp", 53) Changes: - source port support for nsock and NSE - new 0trace script - new recordroute script - (old) updated p0f and promiscuous scripts - fixes to current nse-pcap (for example fix for garbage collector) - some packet parsing functions are exported to lualib/packet.lua - new "unregister" function included in nse-pcap api - new interface for sending raw ip packets dnet.ip_send() Sample use of 0trace and recordroute: # ./nmap -n -sS -p22 --script=0trace.nse,recordroute.nse reddit.com Starting Nmap 4.22SOC3 ( http://insecure.org ) Interesting ports on 208.96.53.70: PORT STATE SERVICE 22/tcp open ssh |_ ip RR: X.X.32.57 X.X.32.20 X.X.32.233 64.125.23.5 64.125.23.14 64.125.0.166 64.125.0.165 64.125.0.172 64.125.0.179 |_ 0trace: X.X.167.252 X.X.32.1 X.X.32.1 213.186.32.234 213.186.32.34 213.186.32.234 64.125.23.6 64.125.23.9 64.125.27.225 64.125.31.186 64.125.30.226 64.125.26.33 64.125.30.217 64.124.196.6 208.96.31.16 ack:208.96.53.70 Patch against 4.22SOC4 can be found at [3]. Patch was successfully tested on WinXP and Linux. Can anyone confirm it's working on Mac? [1] http://seclists.org/fulldisclosure/2007/Jan/0145.html [2] http://seclists.org/nmap-dev/2007/q2/index.html#311 [3] http://ai.pjwstk.edu.pl/~majek/private/nmap/nse-pcap/nmap-4.22S4-nsepcap-update2.diff I'm waiting for feedback! Cheers! Marek Majkowski _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [SCRIPT] traceroute tools: 0trace and RecordRoute + nsock source port specification majek04 (Aug 17)