Nmap Development mailing list archives
Traceroute scripts and their output
From: Jacek Wielemborek <d33tah () gmail com>
Date: Sun, 28 Sep 2014 14:22:25 +0200
List, Take a look at the following output: $ nmap --script traceroute-geolocation --script firewalk scanme.Nmap.org -p 25,24,80 --traceroute Starting Nmap 6.46 ( http://nmap.org ) at 2014-09-28 14:09 CEST Nmap scan report for scanme.Nmap.org (74.207.244.221) Host is up (0.18s latency). rDNS record for 74.207.244.221: scanme.nmap.org PORT STATE SERVICE 24/tcp closed priv-mail 25/tcp filtered smtp 80/tcp open http Host script results: | firewalk: | HOP HOST PROTOCOL BLOCKED PORTS |_1 172.16.1.1 tcp 25 | traceroute-geolocation: | HOP RTT ADDRESS GEOLOCATION | 1 0.58 172.16.1.1 - ,- | 2 11.90 10.200.0.2 - ,- | 3 ... | 4 ... | 5 11.93 10.44.10.2 - ,- | 6 ... | 7 13.67 henet.plix.pl (195.182.218.197) 52,20 Poland (Unknown) | 8 27.65 10ge1-2.core1.prg1.he.net (184.105.213.241) 37,-121 United States (California) | 9 30.81 10ge15-3.core1.fra1.he.net (184.105.213.233) 37,-121 United States (California) | 10 40.02 100ge5-2.core1.par2.he.net (72.52.92.13) 37,-121 United States (California) | 11 123.28 10ge15-1.core1.ash1.he.net (184.105.213.93) 37,-121 United States (California) | 12 178.67 10ge9-2.core1.pao1.he.net (184.105.213.177) 37,-121 United States (California) | 13 183.55 10ge4-4.core3.fmt2.he.net (184.105.222.89) 37,-121 United States (California) | 14 183.57 router3-fmt.linode.com (65.49.10.218) 37,-122 United States (California) |_ 15 178.38 scanme.nmap.org (74.207.244.221) 37,-121 United States (California) TRACEROUTE (using port 24/tcp) HOP RTT ADDRESS 1 0.58 ms 172.16.1.1 2 11.90 ms 10.200.0.2 3 ... 4 5 11.93 ms 10.44.10.2 6 ... 7 13.67 ms henet.plix.pl (195.182.218.197) 8 27.65 ms 10ge1-2.core1.prg1.he.net (184.105.213.241) 9 30.81 ms 10ge15-3.core1.fra1.he.net (184.105.213.233) 10 40.02 ms 100ge5-2.core1.par2.he.net (72.52.92.13) 11 123.28 ms 10ge15-1.core1.ash1.he.net (184.105.213.93) 12 178.67 ms 10ge9-2.core1.pao1.he.net (184.105.213.177) 13 183.55 ms 10ge4-4.core3.fmt2.he.net (184.105.222.89) 14 183.57 ms router3-fmt.linode.com (65.49.10.218) 15 178.38 ms scanme.nmap.org (74.207.244.221) Nmap done: 1 IP address (1 host up) scanned in 62.92 seconds In addition to my previous post about enhancing port scanning output with NSE-defined columns (http://seclists.org/nmap-dev/2014/q3/500), I would like to suggest a change in the output format here as well: TRACEROUTE (using port 24/tcp): HOP RTT ADDRESS GEOLOCATION 1 0.58 ms 172.16.1.1 - ,- |_firewalk: blocked ports: 25 2 11.90 ms 10.200.0.2 - ,- 3 ... 4 5 11.93 ms 10.44.10.2 - ,- 6 ... 7 13.67 ms henet.plix.pl (195.182.218.197) 52,20 Poland (Unknown) 8 27.65 ms 10ge1-2.core1.prg1.he.net (184.105.213.241) 37,-121 United States (California) 9 30.81 ms 10ge15-3.core1.fra1.he.net (184.105.213.233) 37,-121 United States (California) 10 40.02 ms 100ge5-2.core1.par2.he.net (72.52.92.13) 37,-121 United States (California) 11 123.28 ms 10ge15-1.core1.ash1.he.net (184.105.213.93) 37,-121 United States (California) 12 178.67 ms 10ge9-2.core1.pao1.he.net (184.105.213.177) 37,-121 United States (California) 13 183.55 ms 10ge4-4.core3.fmt2.he.net (184.105.222.89) 37,-121 United States (California) 14 183.57 ms router3-fmt.linode.com (65.49.10.218) 37,-121 United States (California) 15 178.38 ms scanme.nmap.org (74.207.244.221) 37,-121 United States (California) This would make it more readable because instead of reading three traceroute lists, user would have to run through just one. What do you think about this suggestion? Jacek
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Traceroute scripts and their output Jacek Wielemborek (Sep 28)