Re: Neotrace program snoops on me
From: Michael J. Pelletier (mjpelletier_at_mjpelletier.com)
Date: 02/02/05
- Previous message: Vanguard: "Re: Neotrace program snoops on me"
- In reply to: Vanguard: "Re: Neotrace program snoops on me"
- Next in thread: Vanguard: "Re: Neotrace program snoops on me"
- Reply: Vanguard: "Re: Neotrace program snoops on me"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 02 Feb 2005 01:02:31 -0800
Vanguard wrote:
> "Michael J. Pelletier" <mjpelletier@mjpelletier.com> wrote in message
> news:z4_Ld.16655$0u.175@fed1read04...
>> Vanguard wrote:
>>
>> So where did you think all that data came from on showing you a map of
>> the hops in the route when tracing to a target host? You could install
>> a packet sniffer, like Ethereal and actually take a look to see what was
>> in the traffic between you and the McAfee host.
>>
>> If you are talking about the DNS names, they should have come from his
>> DNS servers (queried by his DNS servers).
>>
>> Michael
>
>
> Yeah, so? That only gives him the IP address if he enters an IP name.
> How does that discover and provide the mapping info between his host and
> the target host?
Reverse DNS lookups
> Does doing a DNS lookup tell you anything about WHERE is
> that hop?
Traceroute has been around since about 1988. Here is my very, very basic
explanation:
1) A client starts a traceroute to some computer. It works by incrementing
the TTL field in the IP packet by one. Starting at 1
2) When a node, router, firewall (note that is not always the case) receives
the IP packet it will decrement it. The IP packet will result to zero when
"mapping" the furthest node at any given time. The furthest node will
discard the IP packet because it has been expired (TTL = 0). Note TTL
(means Time To Live). The packet is not silently discarded though, the node
that dropped the packet because the TTL resulted in a 0 value will send
back a message with it's IP address.
3) The client, who started the traceroute, will do a reverse DNS lookup on
the IP to get it's name (if it has a name in DNS that is).
Now, if you are using the command line version of traceroute (or tracert in
windows) you will get a line-by-line representation of the path from you to
the other node.
There have been some graphical clients I have seen in the past that add all
sorts of icons and graphics but the basics are the same.
On the command line try:
In windows try: tracert www.yahoo.com
In Linux/BSD/UNIX try: traceroute www.yahoo.com
> In a traceroute, do YOU see anything in the output that tells
> you WHERE is that hop? You'll have to get the mapping info for WHERE are
> those hops from McAfee's database.
>
First no need to yell man, chill. Second, not sure if McAfee would want to
provide reverse DNS mapping for everyone especially when we all get if for
free anyway.
Michael
- Previous message: Vanguard: "Re: Neotrace program snoops on me"
- In reply to: Vanguard: "Re: Neotrace program snoops on me"
- Next in thread: Vanguard: "Re: Neotrace program snoops on me"
- Reply: Vanguard: "Re: Neotrace program snoops on me"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
