Re: traceroute-like tool for UDP or TCP packets

• Previous message: Dave C: "Re: IE critical vulnerability"
• In reply to: Kent James: "traceroute-like tool for UDP or TCP packets"
• Next in thread: Chad: "RE: Web bots - blocking the bad"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 21 Aug 2003 17:26:26 -0500 (CDT)
To: Kent James <kent1@caspia.com>

Hi,

Have a look at tcptraceroute <http://michael.toren.net/code/tcptraceroute>.

<snip>

Description

tcptraceroute is a traceroute implementation using TCP packets.

The more traditional traceroute(8) sends out either UDP or ICMP ECHO
packets with a TTL of one, and increments the TTL until the destination
has been reached. By printing the gateways that generate ICMP time
exceeded messages along the way, it is able to determine the path packets
are taking to reach the destination.

The problem is that with the widespread use of firewalls on the modern
Internet, many of the packets that traceroute(8) sends out end up being
filtered, making it impossible to completely trace the path to the
destination. However, in many cases, these firewalls will permit inbound
TCP packets to specific ports that hosts sitting behind the firewall are
listening for connections on. By sending out TCP SYN packets instead of
UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common
firewall filters.

</snip>

Thanks,

-scm

KJ:Kent James

KJ>One of the local ISPs is having trouble getting DNS information from
KJ>Easydns. I suspect they have a misconfigured firewall or other security
KJ>block in their system. I can ping and traceroute the DNS servers but get no
KJ>response from UDP or TCP packets.
KJ>
KJ>Is there a tool that works like traceroute, only shows the route for TCP or
KJ>UDP packets instead of the ICMP packets that traceroute uses?
KJ>
KJ>+----------------+
KJ> Kent James, Ph.D, MCSE
KJ> Computer network support in Baku, Azerbaijan
KJ>+----------------+
KJ>
KJ>
KJ>---------------------------------------------------------------------------
KJ>----------------------------------------------------------------------------
KJ>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Dave C: "Re: IE critical vulnerability"
• In reply to: Kent James: "traceroute-like tool for UDP or TCP packets"
• Next in thread: Chad: "RE: Web bots - blocking the bad"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: icmp type 11 not go via nat POSTROUTING table ... everthing is working as it "should", there is no reason for a "ICMP ... I generated two test icmp packets ... This is how traceroute knows the IP of the ... If x.y.z.t is a private IP address, it cannot be tracerouted anyway, so ... (comp.os.linux.networking) Why some hosts in Internet not prefer to be traceroute-d ? ... i.e. not to send a TTL exceeded ICMP packet back to the host. ... like dropping TTL exceeded ICMP packets (dropping such packets in ... I used to traceroute in unprivileged user mode, ... What's the difference between a router and a endpoint host from ... (comp.os.linux.networking) RE: strange traceroute output ... traceroutes as opposed to using ICMP packets like windows. ... # traceroute replies with an icmp "time-exceeded". ... # packet coming from the outside with destination your servers. ... (Security-Basics) Re: How can traceroute fail, yet the site still open in a web browser? ... yet load in a web browser almost instantly? ... Some network hops along the path may not transmit ICMP requests/replies. ... The web sites transmit TCP packets and so connect properly. ... Broadly correct but UNIX/Linux traceroute sends its probes using UDP ... (comp.os.linux.networking) Re: traceroute ... > ICMP is utilized to some extent, ... The UDP packets with the small TTLs elicit ICMP "TTL expired" response ... traceroute, you must allow these packets back. ... (alt.os.linux)