From f4b222c056bac0937cb78b288365bc19e3a7e8de Mon Sep 17 00:00:00 2001
From: Phil <phil@secdev.org>
Date: Sun, 13 Jan 2008 19:55:06 +0100
Subject: [PATCH] Fixed traceroute filters (ticket #69, patch from P. Lalet)

---
 scapy.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/scapy.py b/scapy.py
index 2975af66..acb2da37 100755
--- a/scapy.py
+++ b/scapy.py
@@ -11289,13 +11289,18 @@ traceroute(target, [maxttl=30,] [dport=80,] [sport=80,] [verbose=conf.verb]) ->
     if verbose is None:
         verbose = conf.verb
     if filter is None:
-        filter="(icmp and icmp[0]=11) or (tcp and (tcp[13] & 0x16 > 0x10))"
+        # we only consider ICMP error packets and TCP packets with at
+        # least the ACK flag set *and* either the SYN or the RST flag
+        # set
+        filter="(icmp and (icmp[0]=3 or icmp[0]=4 or icmp[0]=5 or icmp[0]=11 or icmp[0]=12)) or (tcp and (tcp[13] & 0x16 > 0x10))"
     if l4 is None:
         a,b = sr(IP(dst=target, id=RandShort(), ttl=(minttl,maxttl))/TCP(seq=RandInt(),sport=sport, dport=dport),
                  timeout=timeout, filter=filter, verbose=verbose, **kargs)
     else:
+        # this should always work
+        filter="ip"
         a,b = sr(IP(dst=target, id=RandShort(), ttl=(minttl,maxttl))/l4,
-                 verbose=verbose, timeout=timeout, **kargs)
+                 timeout=timeout, filter=filter, verbose=verbose, **kargs)
 
     a = TracerouteResult(a.res)
     if verbose:
-- 
GitLab