NAME
nttlscan - network topology scanner
SYNOPSIS
nttlscan [-uh ] [-m
total-probes ] [-M max-active-probes ]
[-i device ] [-d dst-address-range ]
addresses...
DESCRIPTION
Nttlscan is a quick network topology
scanner and functions as a highly parallel traceroute(8).
It randomly picks destination IP addresses and send TCP or UDP
probes. Returing ICMP messages are interpreted to reconstruct the
route that packets take to their respective destination.
Nttlscan can be used to construct virtual routing
topologies for honeyd(8).
The options are as follows:
- -u
- Uses UDP probes instead of TCP probes.
- -h
- Outputs usage information.
- -m total-probes
- Specifies the total number of addresses to probe. The addresses
are taken randomly from the specified destination address range.
- -M max-active-probes
- The number of probes that can be active at any given time.
Although, nttlscan does not require much state if it is used
behind a NAT device, the state tables of the NAT can quickly run
out of space. This flag can be used to slow down the scanning
speed.
- -i device
- Specifies the network device that should be used to listen for
return packets.
- -d dst-address-range
- Specifies a range of destination addresses that should be
probed. The address is specified in CIDR notation.
The output from nttlscan contains the destination IP
addresses followed by a list of router IP addresses or stars if no
response was received for a certain TTL.
EXAMPLES
The following command reconstructs routes for 1000
random IP addresses in the 10/8 network.
nttlscan -m 1000 10.0.0.0/8
AUTHORS
Niels Provos Aq provos@citi.umich.edu