nmap --traceroute ... how to force it to do a specific protocol?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
nmap --traceroute ... how to force it to do a specific protocol?
The nmap man page describes:
Code:
--traceroute (Trace path to host) .
Traceroutes are performed post-scan using information from the scan results to determine the port and
protocol most likely to reach the target. It works with all scan types except connect scans (-sT) and
idle scans (-sI). All traces use Nmap's dynamic timing model and are performed in parallel.
I want to specifically do the traceroute in the SCTP protocol. The objective is NOT to reveal the full route to the host (I have that), but to reveal where along the route that SCTP is being filtered.
Or is there a better tool available to do the trace in the SCTP protocol?
looks like you want the -sY flag according to the manpage. The combined request for a traceroute AND an SCTP INIT scan suggests it will do what you want.
looks like you want the -sY flag according to the manpage. The combined request for a traceroute AND an SCTP INIT scan suggests it will do what you want.
I did use -sY and also -sZ. It apparently did scans in SCTP. It could not reach the target in SCTP (blocked in or out I do not know). So when it came to the step to do a traceroute, it did it in TCP, instead, and even stated that it was doing it in TCP because that was more likely to reach the target. That design seems to be intended to answer "What is the path to my target by whatever means that can work" whereas my question is "Where along the path to my target does a specific protocol fail".
And the man page section even says this, so I suspect Nmap may not be able to do what I want. ... "using information from the scan results to determine the port and protocol most likely to reach the target" ... not what I want. I want to specify the port and protocol.
I don't even need to do the scans Nmap does. I just need to do traceroute alone. But I need to do it specifically in SCTP. Apparently the -s options only specify what the scans are done in.
marconi/root/x0 /root 63# nmap -sY -p 9900 --traceroute XX.XX.XX.XX
Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-27 12:28 EST
Interesting ports on XX.XX.XX.XX:
PORT STATE SERVICE
9900/sctp filtered iua
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
Then it did a traceroute to the target and got there in TCP.
Another annoyance about Nmap is it does not always do the same thing, even though executed with the same exact options. A 2nd run of the above didn't even do a traceroute. Previous runs have chosen other ports in TCP.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.