Below description is about how to use nmap to perform firewalking. Some of the scripts arguments are also listed below for your reference.
firewalk.max-probed-ports
maximum number of ports to probe per protocol. Set to -1 to scan every filtered port.
firewalk.max-retries
the maximum number of allowed retransmissions.
firewalk.recv-timeout
the duration of the packets capture loop (in milliseconds).
firewalk.max-active-probes
maximum number of parallel active probes.
firewalk.probe-timeout
validity period of a probe (in milliseconds).
Example Usage
- nmap --script=firewalk --traceroute
- nmap --script=firewalk --traceroute --script-args=firewalk.max-retries=1
- nmap --script=firewalk --traceroute --script-args=firewalk.probe-timeout=400ms
- nmap --script=firewalk --traceroute --script-args=firewalk.max-probed-ports=7
Sample output is shown below.
$nmap --script=firewalk --traceroute 10.168.0.11
Starting Nmap 6.46 ( http://nmap.org ) at 2014-08-11 17:25 IST
Nmap scan report for 10.168.0.11
Host is up (0.0033s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
8009/tcp open ajp13
8080/tcp open http-proxy
TRACEROUTE (using port 1025/tcp)
HOP RTT ADDRESS
1 2.63 ms 192.168.2.1
2 2.20 ms 10.168.0.11
Nmap done: 1 IP address (1 host up) scanned in 0.58 seconds
Reference:
http://nmap.org/nsedoc/scripts/firewalk.html
0 comments:
Post a Comment