Force TCP traceroute

[Jochen Bartl <jochenbartl () mailbox org>]

Hi *,

is there a way to have Nmap traceroute to a host via TCP even though the
destination port is filtered and the host scan was intentionally disabled?

After searching the mailinglist archive and having had a look at traceroute.cc I
couldn't find a solution. In traceroute.cc [1] it seems like that an ICMP/echo
traceroute is implicitly chosen if the host scan is disabled. My impression of
"nmap -sS -n -Pn -p 443 --traceroute w.x.y.z" was that if the host scan is
disabled,
Nmap would just use TCP syn packets to get to the destination.

I would like to be able to trace the path via TCP-syn packets to figure out,
which firewall in the path is most likely filtering the packets.

If that's not possible right now, maybe you could add it to the feature requests
queue ;-) I thought about an --ignore-probe-result option, but
didn't make a patch, because I'm neither familiar with c nor c++ and would like
to spare you my copy&paste coding results.

Thanks and best regards,

Jochen

1) https://github.com/nmap/nmap/blob/master/traceroute.cc#L616-L622
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/