Traceroute with Nmap

Chưa phân loại

Brief introduction to Traceroute and Traceroute with Nmap

When we interact with other devices within a network, such as the Internet, the information or packets are sent through a number of network devices such as routers until reaching the destination. If we connect two computers directly with a UTP cable the packets are sent directly from a computer to another, this does not happen normally when routers, hubs and similar devices route packets through the network. Let’s take the internet as an example, if I access a website the traffic first will pass through my local router or device, then it will probably pass through my ISP routing devices, probably neutral routers or devices related to my and destination local devices.

The transference of the packets between routing devices is called “hop”, so if I ping a website the first hop will be my local router and next hops will be each router through which the packets pass until reaching the web server.

Tracerouting as its name says consists in gathering information on the intermediating routers through which the traffic pass from a point to another. Most OS (operating systems) already bring this functionality through the command “traceroute”. Nmap also brings additional tools included in the Nmap NSE (Nmap Scripting Engine) suite  for tracerouting which will be described below.

Example of regular traceroute with Linux (no Nmap).The following example shows how traceroute is carried out through Linux Hint without aid of Nmap.


Traceroute examples with Nmap

In the following example we are tracing the route from my device to, the option -sn instructs Nmap to omit the default port scan, since we aren’t interested to scan ports but only the route, the option or flag -Pn instructs Nmap to avoid the host discovery since we know the host is alive. The option –traceroute is used to trace all hops or intermediating routers.

nmap -sn -Pn –traceroute

As you can see in the results above, there are 16 devices (hops) between my computer and server, it is specified in the column HOP. The column RTT (Round Trip Time or latency) shows the speed in milliseconds for each hop including return from that HOP, this is especially useful to diagnose connection issues. The column ADDRESS shows the address of each routing device or hop.

In this case you see the first hop is my router with address, then it goes to 7 routers, the eight router is located in Buenos Aires, Argentina, and belongs to the telecommunication company Claro which sends the traffic to the next hop located in Mexico, then it goes to Miami, to a router to end at liquidweb hosting service. 16 hops in total. Of course, as farer the router the RTT increases.

Inserting traceroute hops into the Nmap scan with NSE

Nmap Scripting Engine includes scripts to manage tracerouting adding great functionalities. In this case we only use Nmap NSE to port scan all hops intermediating to reach

nmap –script targets-traceroute –script-args newtargets –traceroute

You can see in contrast to the first example Nmap checked for ports state.

Let’s try to traceroute all hops until reaching the site

nmap –script targets-traceroute –script-args newtargets –traceroute

Note: some screenshots were omitted since was too much useless examples for descriptive purpose.

As you can see Nmap throws information on ports for discovered hops.

Geolocation of each hop in a traceroute using NSE (Incompatible with Google Earth/Maps)

The following NSE script allows us to geographically locate each hop through which the traffic goes (only country). This script used to allow to save results in a KML file which we could import to Google Earth and Google maps but the format is unreadable for new versions of Google Earth and Google maps since the format is obsolete (3 different alternatives for geolocation from the Nmap Scripting Engine suite are mentioned below).

nmap –traceroute –script traceroute-geolocation

As you see some of the hops countries are listed as Argentinians.

nmap –traceroute –script traceroute-geolocation –script-args

As you can see some hops are identified as Argentinians and one American but not all hops were geolocated, this functionality is to geolocate hops, if you want to geolocate devices you have additional scripts like the  ip-geolocation-geoplugin, ip-geolocation-maxmind and ip-geolocation-ipinfodb, you can manually geolocate each hop you discovered while tracerouting both with Nmap or the regular Linux

traceroute command

Conclusion on Nmap traceroute

Nmap traceroute is a great tool to diagnose connectivity problems such as delays or lack of access, if a specific hop is blocking you, through Nmap traceroute you can even discover your target hosting service or identify additional targets according to your goals. It is important to highlight when tracerouting results may vary depending on  available and closer hops, also there is not really an advantage for Nmap traceroute over regular Linux traceroute command if you don’t need additional functions to traceroute, despite this Nmap continues being one of the best tools for offensive and defensive security when attacking or diagnosing security measures even if its tracerouting functions aren’t considerably advantageous as you can confirm reading additional articles on the Related Articles section.

I hope you found this tutorial useful as introduction to Nmap traceroute, keep following LinuxHint for more tips and updates on Linux and networking.

Related articles:
ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

How to Use the mkdir Command in Linux

The mkdir command is used to make new directories in Linux.  In this article, I am going to show you how to use the mkdir...

7 tips on how to secure your Linux Desktop

Arе уоu running Linux juѕt bесаuѕе уоu think it’ѕ ѕаfеr thаn Windоwѕ? Think аgаin. Sесuritу...

Install Docker on Raspberry Pi

Docker is a containerization system for Linux. It is used to run lightweight Linux containers on top of another Linux host...
Bài Viết

Bài Viết Mới Cập Nhật

mua Proxy riêng ở đâu, và nó đem lại lợi ích gì cho người sử dụng

Hướng dẫn sử dụng Proxy Helper Fakeip khi thuê proxy


Mua Proxy Nuôi Zalo Giá Rẻ Tại