Results 1 to 10 of 10

Thread: TraceRoute (do you know where your packets are?)

  1. #1

    Post TraceRoute (do you know where your packets are?)

    Well, it is 10:30am on New Years Eve and I am stuck sitting at work wishing I was dead. So, I'll make you all suffer with me by writting these tutorials

    What!? No protocol? I figured you guys would enjoy hearing the details behind using a very common function called TraceRoute. TraceRoute is achieved by using ICMP (we have read the other turorial right?). Regardless, this tools man job is to simply determine the path an IP packet takes from source to destination. How is this helpful? From a technical viewpoint it allows us to determine if a main path went down and you are stuck using the redundant backups that are usually slower (let's say the main router to the ISP blew up). A TraceRoute would give you piece of mind as well as evidence in case the ISP is not keeping up with the CIR. On a security side of things.....we can view TraceRoutes to determine the last hop before a proposed site (such as a router) and in a good guy scenerio....focus our attention to securing that box. After all, the last system to the demarc that we are actually in control of should be both monitored and rock hard with security. Ok, so here goes the details with TraceRoute.

    TraceRoute uses ICMP packets to determine addressing and positioning of hops along a path to a destination. It starts of by setting the TTL (time to live) value at 1 and letting it fly. When the router at the first hop detects that the value would be set to 0 it drops the packet and sends an ICMP reply which includes the routers IP in the header. After this, the original machine bumps up the TTL value to 2 which allows the packet to pass by the first router and stop at the second (this router in turn does the same thing with dropping the packet and sending a reply). This process continues until the destination IP is reached. Awhile back I always thought that TraceRoute was a single continuous motion that simply had a flag that prompted routers to reply when pinged....but in reality it is a sequential order of pings with adjusted TTY values that determine the destination. Neat right? Well, hope it helps....any questions...let me know

    Cordially,

    Sp1d3r

  2. #2
    two of the handiest things when setting up a network are ping and traceroute. The first lets you know that you have connectivity and the second lets you know how far you can go before running into problems, to help localize the fault. I had my old network firewall setup with pmfirewall and portsentry, so when someone tried to connect to a monitored port on my puter, it played a startrek wav file, ran traceroute on the offending ip and put it in a file on my desktop.
    Bolt actions speak louder than words.

  3. #3

    Post

    Logging the IP would be a good idea if somebody actually tries to connect to the port. On the other hand....monitoring the fact somebody is just pinging a port would be a bad idea. Well...at least with the sound wav. I know a lot of admins that changed those features once they computer was to busy playing wav then anything else. A lot of people out there will ping an entire subnet looking for hosts that have a particular port listening...hell, most have tools that automate this process. Logging is not bad but for sanity reasons I would not suggest playing a wav or doing anything memory intensive. You could end of creating your own DoS that way

    Cordially,

    Sp1d3r

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    319

    Thumbs up

    I have to give kudos to spider for his informative posts. some things i knew, some things i didn't. but i usually have a slightly better understanding after reading his posts.

  5. #5
    Its not really a big deal. I havent been able to break into IT yet. I am a field tech for Lockheed Martin right now. It was on my home network on a dialup, so no biggie as far as overhead.
    Bolt actions speak louder than words.

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    If your running Windows 2K (possibly in others but I haven't), there is a tool called PathPing. This essentially performs both a traceroute and pings every hop that it traverses.. its quite a usefull tool, although it does take quite a while...


    There is probably a *nix equivilant, but I don't know *nix..

    Thats enuff from me.. just thought I'd share coz its kinda related...
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

  7. #7
    Junior Member
    Join Date
    Nov 2001
    Posts
    4
    Great post.. I didn't know about pathping til I read this. ping and tracert in one command!

    Is there any new commands like this for XP?

  8. #8
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    I don't know if there are any more of them included by defualt in XP, as I don't use XP. You can find out the TCP/IP commands in the Windows Help.

    Additionally, Microsoft has many utilities available to download which are quite usefull.
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

  9. #9
    Senior Member
    Join Date
    Dec 2001
    Posts
    243
    Originally posted by gmulrain
    Great post.. I didn't know about pathping til I read this. ping and tracert in one command!

    Is there any new commands like this for XP?
    pathping works for me on xp home should work fine
    maybe you should have tried... lol
    Search First Ask Second. www.google.com

  10. #10
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    636

    CyberKit

    There is an excellent free tool on CNet called 'CyberKit' that has a heap of nice tools...Ping, TraceRoute, WhoIs, NSLookUp, Finger, etc...

    Very handy, and almost fully customizable.

    Ouroboros
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •