Er Amit Tripathi
Number of posts : 37
Age : 38
Location : Lucknow
Job/hobbies : Software Engeener
What U like To do ? : I Rocks With Computer System.
Registration date : 2008-01-09
 |  Subject: TRACEROOT (SCANNING AND FOOTPRINTING) 5  2/10/2008, 2:31 am | |
| - Quote :
The traceroute utility is used to determine the path to a target computer.
Just as with nslookup, traceroute is available on Windows and UNIX platforms.
In Windows, it is known as tracert because of 8.3 legacy filename constraints
remaining from DOS. Traceroute was originally developed by Van Jacobson
to view the path a packet follows from its source to its destination.
Traceroute owes its functionality to the IP header time-to-live (TTL)
field. You might remember from the discussion in Chapter 2, "The
Technical Foundations of Hacking," that the TTL field is used to
limit IP datagram's. Without a TTL, some IP datagram's might travel the
Internet forever as there would be no means of timeout. TTL functions
as a decrementing counter. Each hop that a datagram passes through reduces
the TTL field by one. If the TTL value reaches 0, the datagram is discarded
and a time exceeded in transit Internet Control Message Protocol (ICMP)
message is created to inform the source of the failure. Linux tracer-oute
is based on UDP, whereas Windows uses ICMP. To get a better idea of how
this works, let's take a look at how Windows would process a tracer-oute.
For this example, say that the target is three hops away. Windows would
send out a packet with a TTL of 1. Upon reaching the first router, the
packet TTL value would be decremented to 0, which would illicit a time
exceeded in transit error message. This message would be sent back to
the sender to indicate that the packet did not reach the remote host.
Receipt of the message would inform Windows that it had yet to reach
its destination, and the IP of the device in which the datagram timed
out would be displayed. Next, Windows would increase the TTL to a value
of 2. This datagram would make it through the first router, where the
TTL value would be decremented to 1. Then it would make it through the
second router; at which time, the TTL value would be decremented to 0
and the packet would expire. Therefore, the second router would create
a time exceeded in transit error message and forward it to the original
source. The IP address of this device would next be displayed on the
user's computer. Finally, the TTL would be increased to 3. This datagram
would easily make it past the first and second hop and arrive at the
third hop. Because the third hop is the last hop before the target, the
router would forward the packet to the destination and the target would
issue a normal ICMP ping response. The output of this traceroute can
be seen here: C:\>tracert 192.168.1.200
Tracing route to 192.168.1.200:
1 10 ms <10 ms <10 ms
2 10 ms 10 ms 20 ms
3 20 ms 20 ms 20 ms 192.168.1.200
Trace complete. Linux-based versions of traceroute work much the same way but use UDP.
Traceroute sends these UDP packets targeted to high order port numbers
that nothing should be listening on. Just as described previously, the
TTL is increased until the target device is reached. Because traceroute
is using a high order UDP port, typically 33434, the host should ignore
the packets after generating port unreachable messages. These ICMP port
unreachable messages are used by traceroute to notify the source that
the destination has been reached.
It's advisable to check out more than one version of traceroute if you
don't get the required results. Some techniques can also be used to try
and slip traceroute passed a firewall or filtering device.
When UDP and
ICMP are not allowed on the remote gateway, TCPTraceroute can be used.
Another unique technique was developed by Michael Schiffman, who created
a patch called traceroute.diff that allows you to specify the port that
traceroute will use. With this handy tool, you could easily direct traceroute
to use UDP port 53. Because that port is used for DNS queries, there's
a good chance that it could be used to slip past the firewall. | |
|
