Ignore ICMP Time Exceeded during host discovery (protect against concurrent traceroute)

[David Fifield <david () bamsoftware com>]

When Nmap receives an ICMP Time Exceeded message during host discovery,
it immediately marks the host as down. It does this even though there
may be other probes still pending. If the host discovery includes any
ICMP probes, then the only response validation done is matching of the
source and dest addresses in the reply's encapsulated header.

I noticed that my host discovery was failing because I was running a
traceroute at the same time. Nmap was receiving and acting on the Time
Exceeded packets that traceroute was causing.

Try running these commands at the same time. I'm using
www.auckland.ac.nz because it's far away and the extra latency makes it
easier for the Time Exceeded to win the race with the Echo Reply.

sudo traceroute -q 10 -N 5 -I www.auckland.ac.nz
sudo nmap -n -PE -sn --reason -d www.auckland.ac.nz

This gives me:
Nmap scan report for www.auckland.ac.nz (130.216.159.127) [host down, received time-exceeded]
But if I run it without the simultaneous traceroute:
Host is up, received echo-reply ttl 237 (0.16s latency).

The attached patch removes the HOST_DOWN handling of Time Exceeded
messages, so they have no effect other than being logged at debug level.

Attachment: 0001-Ignore-ICMP-Time-Exceeded-for-the-purpose-of-host-di.patch
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/