You are reading:
Secrets of Network Cartography: A Comprehensive Guide to nmap
Like the online e-book? You'll love the downloadable version! Buy it here!Chapter 8: Tuning and Timing Options
Eventually, a network propeller-head will need to modify the bits and bytes of frames used during an nmap session. Fortunately, nmap provides extensive tweaking and tuning capabilities to perfectly match the desires of the enterprising security manager.
This tutorial has separated these tweaks into two categories; packet tuning, and timing options. Nmap packet tuning relates to the information contained in the network packets, and nmap's timing options relate to the intricate tweaks that affect the speed and delay associated with the scanning process.
Nmap Packet Tuning
Nmap's packet tuning options can customize individual header values, the total number of packet fragments, or the size of the frames used in an nmap scan. If the packets need to be altered, these tweaks will provide many options!
Time to Live (--ttl <value>)
The time to live (TTL) value is a one-byte field in the IP header that is used to limit the time and distance a packet can travel through the network. As an IP frame traverses a gateway, the time to live value is decreased by one. Once the TTL reaches zero, it is dropped by the gateway and an ICMP Time Exceeded message is sent to the originating station.
The TTL field provides a valuable service by dropping frames that may be circling the network due to a routing loop or a routing table misconfiguration. Without the TTL process, these packets would circle the network indefinitely!
The TTL value can be any number between 0 and 255. Most stations set their TTL to a relatively large number, such as 32 or 64. There's no standard value, and rarely do workstations need to modify TTL settings.
In nmap, the TTL option (--ttl) can be used to administratively limit the distance that a packet can travel. If nmap's scanning process should stay on the local network instead of traversing a wide area network link, the TTL can be changed to a value low enough to remain off of the WAN. This low TTL value would cause the IP gateway to drop the packet before it's sent across the slower WAN link.
Using a TTL of zero will ensure that no packets leave the immediate IP subnet!