Nmap mtrace NSE Script


This page contains detailed information about how to use the mtrace NSE script. For list of all NSE scripts, visit the Nmap NSE Library.

Select:
Overview
Error Messages

Script Overview

Script source code: https://github.com/nmap/nmap/tree/master/scripts/mtrace.nse
Script categories: discovery, safe, broadcast
Target service / protocol: -
Target network port(s): -
List of CVEs: -

Script Description

The mtrace.nse script queries for the multicast path from a source to a destination host.

This works by sending an IGMP Traceroute Query and listening for IGMP Traceroute responses. The Traceroute Query is sent to the first hop and contains information about source, destination and multicast group addresses. First hop defaults to the multicast All routers address. The default multicast group address is 0.0.0.0 and the default destination is our own host address. A source address must be provided. The responses are parsed to get interesting information about interface addresses, used protocols and error codes.

This is similar to the mtrace utility provided in Cisco IOS.

Mtrace NSE Script Arguments

This is a full list of arguments supported by the mtrace.nse script:

mtrace.firsthop

Host to which the query is sent. If not set, the query will be sent to 224.0.0.2.

mtrace.fromip

Source address from which to traceroute.

mtrace.group

Multicast group address for the traceroute. Defaults to 0.0.0.0 which represents all group addresses.

mtrace.timeout

Time to wait for responses. Defaults to 7s.

mtrace.toip

Destination address to which to traceroute. Defaults to our host address.

- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:

nmap --script=mtrace --script-args mtrace.firsthop=value,mtrace.fromip=value <target>

Mtrace NSE Script Example Usage

Here's an example of how to use the mtrace.nse script:

nmap --script mtrace --script-args 'mtrace.fromip=172.16.45.4'

Mtrace NSE Script Example Output

Here's a sample output from the mtrace.nse script:

Pre-scan script results:
| mtrace:
|   Group 0.0.0.0 from 172.16.45.4 to 172.16.0.1
|   Source: 172.16.45.4
|     In address: 172.16.34.3
|       Out address: 172.16.0.3
|       Protocol: PIM
|     In address: 172.16.45.4
|       Out address: 172.16.34.4
|       Protocol: PIM
|   Source: 172.16.45.4
|     In address: 172.16.13.1
|       Out address: 172.16.0.2
|       Protocol: PIM / Static
|     In address: 172.16.34.3
|       Out address: 172.16.13.3
|       Protocol: PIM
|     In address: 172.16.45.4
|       Out address: 172.16.34.4
|_      Protocol: PIM

Mtrace NSE Script Example XML Output

There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.

Author

  • Hani Benhabiles

References

See Also

Visit Nmap NSE Library for more scripts.

The mtrace.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.

Couldn't get interface for %s

Here is a relevant code snippet related to the "Couldn't get interface for %s" error message:

325:	    interface = nmap.get_interface_info(interface)
326:	  else
327:	    interface = getInterface(firsthop)
328:	  end
329:	  if not interface then
330:	    return stdnse.format_output(false, ("Couldn't get interface for %s"):format(firsthop))
331:	  end
332:	
333:	  -- Destination defaults to our own host
334:	  toip = toip or interface.address
335:

Error code:

Here is a relevant code snippet related to the "Error code: " error message:

363:	        else
364:	          table.insert(outblock, "Protocol: Unknown")
365:	        end
366:	        -- Error Code, we ignore NO_ERROR which is the normal case.
367:	        if FWD_CODE[block.code] and block.code ~= 0x00 then
368:	          table.insert(outblock, "Error code: " .. FWD_CODE[block.code])
369:	        elseif block.code ~= 0x00 then
370:	          table.insert(outblock, "Error code: Unknown")
371:	        end
372:	        table.insert(outresp, outblock)
373:	      end

Error code: Unknown

Here is a relevant code snippet related to the "Error code: Unknown" error message:

365:	        end
366:	        -- Error Code, we ignore NO_ERROR which is the normal case.
367:	        if FWD_CODE[block.code] and block.code ~= 0x00 then
368:	          table.insert(outblock, "Error code: " .. FWD_CODE[block.code])
369:	        elseif block.code ~= 0x00 then
370:	          table.insert(outblock, "Error code: Unknown")
371:	        end
372:	        table.insert(outresp, outblock)
373:	      end
374:	      table.insert(output, outresp)
375:	    end

Version

This page has been created based on Nmap version 7.92.

Go back to menu.