From 9e81835ccb70e0fc23e0009819eb27f27d539d81 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 15 Apr 2017 03:30:27 +0000
Subject: [PATCH] Ignore ICMP Time Exceeded for the purpose of host discovery.

http://seclists.org/nmap-dev/2015/q2/68
From: David Fifield <david () bamsoftware com>
Date: Wed, 29 Apr 2015 10:13:40 -0700

Previously, a Time Exceeded message meant the host was immediately
marked down, even if there were other probes still in transit. Now it
gets treated the same as no-response.

I found that a concurrent ICMP traceroute was interfering with host
discovery. Nmap was receiving and acting on the Time Exceeded messages
produced by the traceroute process. This caused it to mark a host as
down that actually was up.
---
 scan_engine_raw.cc | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/scan_engine_raw.cc b/scan_engine_raw.cc
index 20eb20ef2..5559e5ec0 100644
--- a/scan_engine_raw.cc
+++ b/scan_engine_raw.cc
@@ -721,10 +721,6 @@ int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
                    || (hdr.proto == IPPROTO_ICMPV6 && ping->type == 3)) {
           if (o.debugging)
             log_write(LOG_STDOUT, "Got Time Exceeded for %s\n", hss->target->targetipstr());
-          goodone = 1;
-          newstate = HOST_DOWN;
-          /* I don't want anything to do with timing this. */
-          adjust_timing = false;
         } else if (hdr.proto == IPPROTO_ICMP && ping->type == 4) {
           if (o.debugging)
             log_write(LOG_STDOUT, "Got ICMP source quench\n");