本节书摘来自异步社区《Nmap渗透测试指南》一书中的第2章2.15节路由跟踪，作者 商广明,更多章节内容可以访问云栖社区“异步社区”公众号查看。

2.15　路由跟踪
表2.14所示为本章节所需Nmap命令表，表中加粗命令为本小节所需命令——路由跟踪。

使用--traceroute选项即可进行路由跟踪，使用路由跟踪功能可以帮助用户了解网络的同行情况，通过此选项可以轻松地查出从本地计算机到目标之间所经过的网络节点，并可以看到通过各个节点的时间。

root@Wing:~# nmap --traceroute -v www.163.comStarting Nmap 6.47 ( http://nmap.org ) at 2015-06-27 21:04 CST
Initiating Ping Scan at 21:04
Scanning www.163.com (112.253.19.198) [4 ports]　　#此处解析出网易服务器地址
Completed Ping Scan at 21:04, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:04
Completed Parallel DNS resolution of 1 host. at 21:04, 0.02s elapsed
Initiating SYN Stealth Scan at 21:04
Scanning www.163.com (112.253.19.198) [1000 ports]
Discovered open port 80/tcp on 112.253.19.198
Discovered open port 8080/tcp on 112.253.19.198
Discovered open port 443/tcp on 112.253.19.198
Discovered open port 8888/tcp on 112.253.19.198
Discovered open port 88/tcp on 112.253.19.198
Discovered open port 3000/tcp on 112.253.19.198
Discovered open port 9080/tcp on 112.253.19.198
Discovered open port 8085/tcp on 112.253.19.198
adjust_timeouts2: packet supposedly had rtt of 9022009 microseconds.　Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 9022009 microseconds.　Ignoring time.
Discovered open port 8383/tcp on 112.253.19.198
SYN Stealth Scan Timing: About 30.05% done; ETC: 21:05 (0:01:12 remaining)
Discovered open port 7001/tcp on 112.253.19.198
Discovered open port 8088/tcp on 112.253.19.198
Discovered open port 3030/tcp on 112.253.19.198
SYN Stealth Scan Timing: About 62.28% done; ETC: 21:05 (0:00:37 remaining)
Discovered open port 8082/tcp on 112.253.19.198
Discovered open port 20000/tcp on 112.253.19.198
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Completed SYN Stealth Scan at 21:06, 114.52s elapsed (1000 total ports)
Initiating Traceroute at 21:06
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Completed Traceroute at 21:06, 0.03s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 21:06
Completed Parallel DNS resolution of 2 hosts. at 21:06, 0.01s elapsed
Nmap scan report for www.163.com (112.253.19.198)
Host is up (1.1s latency).
Other addresses for www.163.com (not scanned): 218.58.206.54
Not shown: 980 closed ports
PORT　　　STATE　　 SERVICE
80/tcp　　open　　　http
88/tcp　　open　　　kerberos-sec
135/tcp　 filtered msrpc
139/tcp　 filtered netbios-ssn
443/tcp　 open　　　https
445/tcp　 filtered microsoft-ds
514/tcp　 filtered shell
593/tcp　 filtered http-rpc-epmap
3000/tcp　open　　　ppp
3030/tcp　open　　　arepa-cas
4444/tcp　filtered krb524
7001/tcp　open　　　afs3-callback
8080/tcp　open　　　http-proxy
8082/tcp　open　　　blackice-alerts
8085/tcp　open　　　unknown
8088/tcp　open　　　radan-http
8383/tcp　open　　　m2mservices
8888/tcp　open　　　sun-answerbook
9080/tcp　open　　　glrpc
20000/tcp open　　　dnpTRACEROUTE (using port 80/tcp)　　#经过网易服务器的80端口
HOP RTT　　 ADDRESS
1　 0.13 ms 192.168.239.2
2　 0.13 ms 112.253.19.198Nmap done: 1 IP address (1 host up) scanned in 114.74 secondsRaw packets sent: 1098 (48.240KB) | Rcvd: 1091 (43.724KB)
root@Wing:~#