PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-04 05:39:01 +00:00
Code Issues Projects Releases Wiki Activity

added Eddie Bell's traceroute patch, with only minor changes

Browse Source
This commit is contained in:
fyodor
2007-03-13 08:02:19 +00:00
parent 68c94c5cfd
commit e882edf484
12 changed files with 238 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
docs/nmap.1
View File

@@ -2,7 +2,7 @@
.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
.\" Instead of manually editing it, you probably should edit the DocBook XML
.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
.TH "NMAP" "1" "03/11/2007" "" "Nmap Reference Guide"
.TH "NMAP" "1" "03/12/2007" "" "Nmap Reference Guide"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -669,6 +669,25 @@ option.
By default, Nmap randomizes the scanned port order (except that certain commonly accessible ports are moved near the beginning for efficiency reasons). This randomization is normally desirable, but you can specify
\fB\-r\fR
for sequential port scanning instead.
.TP
\fB\-\-traceroute\fR (Trace path to host)
Traceroutes are performed post\-scan and they uses information from the scan results to determines a valid responsive port and protocol to trace to. It works with all scan types apart from connect scans (\-sT) and idle scans (\-sI). All traces use nmap's dynamic timing model and are performed in parallel.
.sp
Traceroute works by sending packets with a low TTL (time\-to\-live) in an attempt to illicit ICMP TTL_EXCCEDED messages from intermediate hops between the scanner and the target host. Standard traceroute implementation start with a TTL of 1 and increment the TTL until the destination host is reached. Nmap's traceroute starts with a high TTL and then decrements the TTL until it reaches 0. Doing it backwards means nmap can employ clever caching algorithms to speed up traces over multiple hosts. On average nmap sends 5\-10 less packet per host, depending on network condition. If a related subnet is being scanned (I.E 192.168.0.0/24) nmap may only have to send a single packet to the majority of hosts.
.sp
The output from each trace is consolidated to save space, There are two type of consolidation timed out and reference trace. A reference trace can be considered a cache of hops nmap has seen so far.
Example\ 14.2.\ Timeout consolidation.sp
.nf
1 ... Hop 1 timed out
1 ... 6 Hop 1 to 6 timed out
.fi
Example\ 14.3.\ Reference consolidation (hop cache).sp
.nf
1 \-\- Hop 1 has been taken from the reference trace
1 \-\-> 6 Hop 1 to 6 have been taken from the reference trace
.fi
.SH "SERVICE AND VERSION DETECTION"
.PP
Point Nmap at a remote machine and it might tell you that ports 25/tcp, 80/tcp, and 53/udp are open. Using its