Script `mtrace`

Script types: prerule
Categories: discovery, safe, broadcast
Download: https://svn.nmap.org/nmap/scripts/mtrace.nse

Script Summary

Queries for the multicast path from a source to a destination host.

This works by sending an IGMP Traceroute Query and listening for IGMP Traceroute responses. The Traceroute Query is sent to the first hop and contains information about source, destination and multicast group addresses. First hop defaults to the multicast All routers address. The default multicast group address is 0.0.0.0 and the default destination is our own host address. A source address must be provided. The responses are parsed to get interesting information about interface addresses, used protocols and error codes.

This is similar to the mtrace utility provided in Cisco IOS.

Script Arguments

mtrace.fromip: Source address from which to traceroute.
mtrace.group: Multicast group address for the traceroute. Defaults to 0.0.0.0 which represents all group addresses.
mtrace.timeout: Time to wait for responses. Defaults to 7s.
mtrace.firsthop: Host to which the query is sent. If not set, the query will be sent to 224.0.0.2.
mtrace.toip: Destination address to which to traceroute. Defaults to our host address.

Example Usage

nmap --script mtrace --script-args 'mtrace.fromip=172.16.45.4'

Script Output

Pre-scan script results:
| mtrace:
|   Group 0.0.0.0 from 172.16.45.4 to 172.16.0.1
|   Source: 172.16.45.4
|     In address: 172.16.34.3
|       Out address: 172.16.0.3
|       Protocol: PIM
|     In address: 172.16.45.4
|       Out address: 172.16.34.4
|       Protocol: PIM
|   Source: 172.16.45.4
|     In address: 172.16.13.1
|       Out address: 172.16.0.2
|       Protocol: PIM / Static
|     In address: 172.16.34.3
|       Out address: 172.16.13.3
|       Protocol: PIM
|     In address: 172.16.45.4
|       Out address: 172.16.34.4
|_      Protocol: PIM

Requires

Author:

Hani Benhabiles