Nmap Development mailing list archives
Ignore ICMP Time Exceeded during host discovery (protect against concurrent traceroute)
From: David Fifield <david () bamsoftware com>
Date: Wed, 29 Apr 2015 10:35:02 -0700
When Nmap receives an ICMP Time Exceeded message during host discovery, it immediately marks the host as down. It does this even though there may be other probes still pending. If the host discovery includes any ICMP probes, then the only response validation done is matching of the source and dest addresses in the reply's encapsulated header. I noticed that my host discovery was failing because I was running a traceroute at the same time. Nmap was receiving and acting on the Time Exceeded packets that traceroute was causing. Try running these commands at the same time. I'm using www.auckland.ac.nz because it's far away and the extra latency makes it easier for the Time Exceeded to win the race with the Echo Reply. sudo traceroute -q 10 -N 5 -I www.auckland.ac.nz sudo nmap -n -PE -sn --reason -d www.auckland.ac.nz This gives me: Nmap scan report for www.auckland.ac.nz (130.216.159.127) [host down, received time-exceeded] But if I run it without the simultaneous traceroute: Host is up, received echo-reply ttl 237 (0.16s latency). The attached patch removes the HOST_DOWN handling of Time Exceeded messages, so they have no effect other than being logged at debug level.
Attachment:
0001-Ignore-ICMP-Time-Exceeded-for-the-purpose-of-host-di.patch
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ignore ICMP Time Exceeded during host discovery (protect against concurrent traceroute) David Fifield (Apr 29)