On 30/03/11 14:20, Jan de Groot wrote:
This is usually caused by a transparent proxy. When nmap hits port 80, it will get redirected to the proxy server. Try doing an nmap -sV and you'll see what software is running on the proxyserver.
While googling for ways of detecting transparent proxy the easy way :-D i came across this page. http://tracetcp.sourceforge.net/usage_proxy.html So i searched for GNU/Linux equivalent, found tcptraceroute from http://www.gnutoolbox.com/tcptraceroute/ and compiled and installed it. By default it uses tcp syn packet.The observation:
sudo tcptraceroute ftp.gnome.org http Selected device eth0, address 172.16.37.164, port 46375 for outgoing packets Tracing the path to ftp.gnome.org (130.239.18.173) on TCP port 80 (http), 30 hops max 1 napoleon.acc.umu.se (130.239.18.173) [open] 1.497 ms 2.010 ms 1.500 ms When using ftp
sudo tcptraceroute ftp.gnome.org ftp Selected device eth0, address 172.16.37.164, port 39535 for outgoing packets Tracing the path to ftp.gnome.org (130.239.18.163) on TCP port 21 (ftp), 30 hops max 1 172.16.37.129 2.307 ms 1.670 ms 1.774 ms 2 172.16.0.10 1.753 ms 1.496 ms 1.911 ms 3 203.171.242.17 2.773 ms 3.245 ms 2.176 ms 4 203.171.240.17 7.490 ms * 2.747 ms 5 203.171.240.1 6.358 ms 3.978 ms 4.870 ms 6 121.242.217.2.static-kolkata.vsnl.net.in (121.242.217.2) 3.915 ms 5.216 ms 6.892 ms 7 121.242.217.9.static-kolkata.vsnl.net.in (121.242.217.9) 41.771 ms 44.380 ms 41.794 ms 8 172.25.75.21 40.032 ms 40.094 ms 40.066 ms 9 172.31.17.13 41.524 ms 41.697 ms 41.873 ms 10 172.31.1.85 41.924 ms 41.847 ms 42.406 ms 11 59.163.55.149.static.vsnl.net.in (59.163.55.149) 41.753 ms 42.321 ms 44.446 ms 12 * * * 13 * Vlan704.icore1.LDN-London.as6453.net (80.231.130.10) 176.751 ms 177.973 ms 14 ldn-b5-link.telia.net (213.248.74.1) 170.663 ms 173.935 ms 169.595 ms 15 ldn-bb1-link.telia.net (80.91.246.144) 171.474 ms 172.571 ms 171.357 ms 16 hbg-bb1-link.telia.net (80.91.254.216) 190.353 ms 190.802 ms 190.443 ms 17 s-bb1-link.telia.net (213.155.130.6) 207.886 ms 206.998 ms 207.052 ms 18 s-b3-link.telia.net (80.91.249.220) 207.677 ms 207.136 ms 207.547 ms 19 nordunet-113055-s-b3.c.telia.net (213.248.97.18) 208.076 ms 207.249 ms 207.663 ms 20 t1fre.sunet.se (109.105.102.10) 208.246 ms 207.353 ms 207.793 ms 21 * * * 22 * * * 23 * * * 24 tutankhamon.acc.umu.se (130.239.18.163) [open] 215.384 ms 218.386 ms 220.146 ms So does this confirm that I am behind a transparent proxy ?