Re: UDP traceroute does not work to google.com

[Daniel Miller <bonsaiviking () gmail com>]

On Tue, Jan 6, 2015 at 5:23 AM, <sriram.r () vit in> wrote:

> Hi All,
>
> I need to replicate traceroute functionality using nmap. However, I find
> that nmap fails when used with UDP protocol.
>
> Here is the command output for a trace to google.com.
>
> Despite root escalation, I get the warning: Traceroute has to be run as
> root, disabling...
>
> Please advice.
>
> Thanks,
>
> Sriram R
> -------
<snip>

> # nmap -u --traceroute -sP 74.125130.101
>
> Sriram,

Nmap does not have a "-u" option. Because of the way GNU getopt works, this
is translated into the only long option starting with a "u", namely
"--unprivileged". This option tells Nmap to behave as though it did NOT
have root permission, regardless of whether it actually does. That is why
you get the message that traceroute requires root privilege.

Instead, what you probably want is the "-PU" option, which tells Nmap to
use a UDP packet for host discovery. The traceroute engine uses the "best"
port or protocol available from previous stages, so you must limit previous
stages (host discovery, in this case) to use UDP only. By default, this
uses port 40125, but you can specify a different port by appending it to
the option: -PU123 for example.

One final note: Nmap 5.21 is 5 years old. The current version is 6.47.

Dan

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/