Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: tcp-traceroute

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: tcp-traceroute
Date: Tue, 26 Oct 2004 08:02:22 -0400
At 12:52 PM 10/26/2004 +0200, Thomas Springer wrote: 
hi,

nessus does a traceroute, it says its an udp-trace.
isn't this really an icmp-trace?

and is there a chance make nessus do a tcp-traceroute like michael torens tcptraceroute (see http://michael.toren.net/code/tcptraceroute/ )does?

Thomas Springer
TUEV ICS - IT-Security


The traceroute script for Nessus starts with a TCP packet
as a probe, then uses UDP then uses ICMP if no responses
are returned.

The issue is much more complex than firewalls blocking
TCP packets. For example, a firewall will likely block a
TCP packet with a destination port that is being filtered
just as likely as it will block a UDP packet. In the
examples they showed, one had to specific the destination
port to traceroute on and in most cases that was port 80.

You should be getting similar results to the tcptraceroute
tool (sans DNS lookups) with the Nessus traceroute plugin,
however, the destination port is chosen at random, so if
port 80, 25, 53, .etc is the magic port which will let you
bypass a firewall to do TTL knocking, the Nessus script
will give you slightly less accurate results.

Ron Gula, CTO
Tenable Network Security
http://www.tenablesecurity.com






_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: checking plugins are up to date, George Theall
Next by Date:  Re: tcp-traceroute, Renaud Deraison
Previous by Thread:  Re: tcp-traceroute, George Theall
Next by Thread:  Re: tcp-traceroute, Renaud Deraison
Indexes:  [Date] [Thread] [Top] [All Lists]