mirror of
https://github.com/nmap/nmap.git
synced 2025-12-06 04:31:29 +00:00
43f5db6ce4
DiabloHorn on #nmap noticed that Nmap was ignoring ICMP Time Exceeded messages while trying to map firewall rules using --ttl. get_pcap_result() was handling ICMP type 3 (Destination Unreachable), but not type 11 (Time Exceeded). Now ports that elicit this response will be marked filtered (to be consistent with existing Connect scan behavior) and will report time-exceeded from (IP) for the reason. This was not a common issue, since host discovery already accounted for it. Port scans would only be affected when skipping host discovery.
218 KiB
218 KiB