Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: erronous sorting of traceroute path

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 27 Apr 2017 22:49:49 -0500
Chris,

nnposter has answered the second question pretty well already. I'll only
add that the responses are sorted according to the outgoing TTL of the
packet that prompted the result, meaning that it's not a time-distance but
a discrete number of hops distant from your network position.

Regarding the first question, I notice that in the one case where the
router is not shown, the probe used for traceroute is ICMP Echo Request. In
the other, where the router IS shown, the probe used is port 80 TCP. So
maybe there is something in how your router handles ICMP packets; I can't
think of what that might be, but it would be a good place to start looking.
Can you get a reliable distinction between the two behaviors by using -PE
(ICMP) and -PS80 (TCP) separately?

Dan

On Wed, Apr 26, 2017 at 3:38 PM, C H <hahnchr () gmail com> wrote:


hi there,

i am using nmap with the zenmap frontend. I regularly get results for the
'quick traceroute' that i do not understand:

















*Starting Nmap 7.01 ( https://nmap.org <https://nmap.org> ) at 2017-04-26
22:15 CESTNmap scan report for www.heise.de <http://www.heise.de>
(193.99.144.85)Host is up (0.025s latency).Other addresses for www.heise.de
<http://www.heise.de> (not scanned):
2a02:2e0:3fe:1001:7777:772e:2:85TRACEROUTE (using proto 1/icmp)HOP RTT
ADDRESS1   18.94 ms 217.0.117.1302   18.72 ms 217.0.117.1303   20.11 ms
87.186.194.664   35.35 ms f-ed2-i.F.DE.NET.DTAG.DE
<http://f-ed2-i.F.DE.NET.DTAG.DE> (62.154.15.250)5   29.42 ms
62.157.251.386   ...7   26.97 ms 212.19.61.138   25.07 ms www.heise.de
<http://www.heise.de> (193.99.144.85)Nmap done: 1 IP address (1 host up)
scanned in 3.62 seconds*


*Q1: Why does my router not appear in this nmap output (it should be
hop#1)?*
*Q2: Why is the output not sorted according to the timestamps as stated in
collumn#2?*

This only happens for some websites, while others produce 'normal' results
(see below):














*Starting Nmap 7.01 ( https://nmap.org <https://nmap.org> ) at 2017-04-26
22:09 CESTNmap scan report for www.spiegel.de <http://www.spiegel.de>
(128.65.210.181)Host is up (0.025s latency).Other addresses for
www.spiegel.de <http://www.spiegel.de> (not scanned): 128.65.210.182
128.65.210.184 128.65.210.180 128.65.210.183 128.65.210.185TRACEROUTE
(using port 80/tcp)HOP RTT      ADDRESS1   3.30 ms  fritz.box
(192.168.178.1)2   18.67 ms 217.0.117.1303   22.31 ms 87.186.194.704
30.28 ms 217.239.51.65   25.37 ms 194.25.210.106   25.95 ms 128.65.210.181*

Regards
Chris

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: