Home page logo
/
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

File firewalk

Script types: hostrule
Categories: safe, discovery
Download: http://nmap.org/svn/scripts/firewalk.nse

User Summary

Tries to discover firewall rules using an IP TTL expiration technique known as firewalking.

To determine a rule on a given gateway, the scanner sends a probe to a metric located behind the gateway, with a TTL one higher than the gateway. If the probe is forwarded by the gateway, then we can expect to receive an ICMP_TIME_EXCEEDED reply from the gateway next hop router, or eventually the metric itself if it is directly connected to the gateway. Otherwise, the probe will timeout.

It starts with a TTL equals to the distance to the target. If the probe timeout, then it is resent with a TTL decreased by one. If we get an ICMP_TIME_EXCEEDED, then the scan is over for this probe.

Every "no-reply" filtered TCP and UDP ports are probed. As for UDP scans, this process can be quite slow if lots of ports are blocked by a gateway close to the scanner.

Scan parameters can be controlled using the firewalk.* optional arguments.

From an original idea of M. Schiffman and D. Goldsmith, authors of the firewalk tool.

Script Arguments

firewalk.max-probed-ports

maximum number of ports to probe per protocol. Set to -1 to scan every filtered port.

firewalk.max-retries

the maximum number of allowed retransmissions.

firewalk.recv-timeout

the duration of the packets capture loop (in milliseconds).

firewalk.max-active-probes

maximum number of parallel active probes.

firewalk.probe-timeout

validity period of a probe (in milliseconds).

Example Usage

  • nmap --script=firewalk --traceroute <host>
    
  • nmap --script=firewalk --traceroute --script-args=firewalk.max-retries=1 <host>
    
  • nmap --script=firewalk --traceroute --script-args=firewalk.probe-timeout=400ms <host>
    
  • nmap --script=firewalk --traceroute --script-args=firewalk.max-probed-ports=7 <host>
    
    

Script Output

| firewalk:
| HOP HOST         PROTOCOL  BLOCKED PORTS
| 2   192.168.1.1  tcp       21-23,80
|                  udp       21-23,80
| 6   10.0.1.1     tcp       67-68
| 7   10.0.1.254   tcp       25
|_                 udp       25

Requires


Author: Henri Doreau

License: Same as Nmap--See http://nmap.org/book/man-legal.html

action

action (host)

firewalk entry point

Parameters

  • host:

hostrule

hostrule (host)

host rule, check for requirements before to launch the script

Parameters

  • host:

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]