bypassing

Printable View

February 22nd, 2004, 11:53 PM
Hazarawood

bypassing

Hi Every one,
What i a m trying to do is to trace route a site like www.yahoo.com to know from where my packets will be routed.
I am using a dialup. When i try to trace route the systems after the default gateways is droping packet and not does not reply with destination unreachable. the default gateways is replying but other after that dont. so i cannt trace the route. i have tried udp to port 53 it is also droped , when i try -I for tcp the !X is returned by the default gateway mean restricted. udp can pass through gateways , so how can i detect the other system there ip address after the gateway to trace the route .Thanks for help . or if you know of any software that can do that. Thanks.
February 23rd, 2004, 12:08 AM
nihil

I am sorry, I do not fully understand your question.

Try Sam Spade 1.14 http://www.samspade.org

Read the instructions or you will get toasted and well deserve it.............there are certain etiquette rules on the net :)

Be careful......and respect others

EDIT: the link does not seem to be working..try a google search, it is on several mirror sites AFAIK :)
February 23rd, 2004, 05:06 PM
avenger_jcc

may try neotrace... not quite sure if that will do it
http://www.tucows.com/preview/194046.html
February 24th, 2004, 03:51 AM
Hazarawood

Well let telll you again ,
e.g. my default gateway is 192.168.0.1
so when i trace route like "#traceroute www.yahoo.com"
the output is
1.192.168.0.1. ..........
2. *** ***********
3.***************
what i want to say that the systems after default gateway is not replying and just droping the packet or the are blocked by the default gateway . is there any i can find the other system i mean their ip address which are after default gateway.
And is there any way i can specify any other gateway to traceroute program. Thanks.
February 24th, 2004, 01:42 PM
nihil

Hazarawood,

I suggest that we approach this from a "troubleshooting" angle?

1. Go into google and type in "sam spade"
2. About five entries down you will see the PC World site
3. Go there and download the software (it is free) and save it to your HDD
4. Open the folder you have saved it to and run the executable
5. Open the program and type http://www.yahoo.com in the box in the top left corner

You should now find that the icons down the left side have lit up to indicate that they have been activated?

6. Click the one called "trace"

I have just done all of the above and got to yahoo in 13 steps (about 20 seconds)

Please let me know what happens...........I am trying to determine if the problem is happening inside your environment or somewhere outside :)

Cheers
February 25th, 2004, 01:48 AM
Hazarawood

Hi nihil ,
I did what you had told me todo i downloaded the sam spade and run it.
Gave www.yahoo.com and clicked trace . And It started traceing .
it scan the the same default gateway and tried the second one but could not get through
the send system which was the main gateway although it found the main gateway. which it think is running some firewall or have some iptables prolicies set. although the main gateway is router and the second is pc not responding to packets with 0 ttl. Although it found the main system which was stopping the packets . Last time when i posted i was using linux and traceroute could not find that pc with firewall but before reading your post i used the windows2000's tracert and it worked the same way as sam spade . so what you think. about it . how can i trace the route behind that blocking pc. Thanks alot for helping me out. Although it is one step more to find the real prob. Thanks again.
February 25th, 2004, 01:55 AM
slick8790

ah, i think i may know what is going on. how long do you let these traces go on? when i try to traceroute yahoo, i get the stars too. i think these may be private IP addresses that your packets get routed through, i.e your packet gets sent through anotherperson's private computer.
February 25th, 2004, 02:00 AM
Hazarawood

Beside all that i dont know how sam spade was trying to figure out the prob .
but when it found the first . let me show you the out put.
1 192.168.0.1 150ms 130ms 170ms TTL: 0 (ds1.some.net bogus rDNS: host not found [authoritative])
2 192.168.0.130 150ms 231ms 140ms TTL: 0 (com.net ok)
3 192.168.0.130 201ms * * TTL: 0 (ok)
4 192.168.0.130 * 160ms 230ms TTL: 0 ( ok)
5 No Response * * *
6 192.168.0.130 160ms * * TTL: 0 ( ok)
7 No Response * * *
8 192.168.0.130 * 140ms 151ms TTL: 0 (ok)
9 192.168.0.130 160ms * * TTL: 0 ( ok)
10 No Response * * *
11 192.168.0.130 240ms * * TTL: 0 ( ok)
.................................................................................
29 192.168.0.130 220ms 140ms * TTL: 0 ( ok)

this was the output i have changed the ips and hostnames. suppose i have 192.168.0.1 is my default gateway and 192.168.0.130 is the pc some time with response and some time dont and replying with unreachable destinations it will show the tracert's output too.
c:\tracert www.yahoo.com
Tracing route to www.yahoo.com [192.168.0.56]
over a maximum of 30 hops:

1 451 ms 470 ms 481 ms ds1.some.net. [192.168.0.1]
2 431 ms 461 ms 360 ms [192.168.0.130]
3 net-.some.net [192.168.0.130] reports: Destination net unreachable.

i have changed the address again .check them and then what you suggest. Thanks alot.
February 25th, 2004, 02:43 AM
nihil

I am afraid I am not an expert in this area so I am guessing that you are hitting a computer with a firewall that does not allow traceroute or has IP policies that block yahoo?

1. Have you tried any other sites like http://www.microsoft.com for example?

2. Can you actually get to the yahoo site with your browser?

Cheers
February 25th, 2004, 04:17 AM
Hazarawood

Every thing work fine even emule and kazaa every thing is smooth but what i think is they have the prolicies to stop traceroute and other kind enumerations . i think they have installed any intrusion detection systems. to avoid such attacks with leaks info. As you have asked i have tried different site to trace but it dont work the same response packets dropped. Thanks
February 25th, 2004, 04:12 PM
nihil

Hazarawood,

I am giving you positive antipoints for this thread..............you helped me solve something I have been working on for the past 10 days!!!!!! :D

I tried Sam Spade on the machine and got all stars!................some kind of firewall conflict/corruption, because I had Sam Spade in the "trusted, let it do what it wants" list.....

I had a problem with replacing Java (MS ) with Sun, and was getting some funny results from websites such as AO (smilies gone, no page forwarding etc) MSupdate just showed a blank page!!!

Given that you can get to the actual sites OK , just like I could, I think that you are routing through a machine with the same problem? I replaced the firewall, and it works fine now.

If you know the administrator of the machine you get stuck at, I would suggest that you speak to them and advise them that they might have a firewall corruption problem......this is a potential security threat, as you don't know what it will or will not do?

I was using the Agnitum firewall, which had worked perfectly (I think) up to then.

Hope this helps

Weird?.............I try to help you, and you end up helping me without even knowing..........I guess that is AO for you :D

Thanks again!
February 25th, 2004, 05:20 PM
SirDice

If you cannot traceroute and/or ping beyond your own gateway it could mean a couple of things:

1) Your NAT isn't working
2) Your firewall blocks outgoing icmp echo request
3) Your firewall blocks incoming icmp echo reply and/or icmp time exceeded