Lab

Tcptraceroute:-

Is a traceroute implementation using TCP packets. Normal traceroute command uses ICMP or UDP protocol ECHO packet with TTL. But now a days most modern machine has firewall configured which blocks the ICMP & UDP protocol , so its not possible to trace out destination path. However firewall allowes inbound TCP packets , so with tcptraceroute utility it is possible to trace destination path.

It is worth noting that tcptraceroute never completely establishes a TCP connection with the destination host. If the host is not listening for incoming connections, it will respond with an RST indicating that the port is closed. If the host instead responds with a SYN|ACK, the port is known to be open, and an RST is sent by the kernel tcptraceroute is running on to tear down the connection without completing three-way handshake. This is the same half-open scanning technique.

Usage:-

tcptraceroute [-nNFSAE] [-i ] [-f ] [-l ] [-q ] [-t ] [-m ] [-pP] ] [-s ] [-w ] [destination port] [packet length]

Options:-

1. tcptreaceroute IP_addr/domain_server

ex. tcptraceroute www.google.com

It gives the route information to reach destination address using TCP packets. 1

2. tcptraceroute -n IP_addr/domain_name

ex. tcptraceroute -n www.google.com

It gives information in numerical form it dont display FQDN information associated with hosts. 2

3. tcptraceroute –f [first_ttl] domain_name/IP_addr

ex. tcptraceroute -f 4 www.google.com

It specifies from which ttl to start routing , by default it start from 1.

4. tcptraceroute -s [source_addr] domain_name/IP_addr

ex. tcptraceroute -s 192.168.2.5 www.google.com

we can set source address from which packets send to destination address to trace route from.

5. tcptraceroute –m count domain_name/IP_addr

ex. tcptraceroute -m count 3 www.google.com

We know maximunm hop count is 30 we can limit that with this command with option m & providing count along with it,so it only show that no of hops. It count from starting incremental manner.

6. tcptraceroute –i [interface] domain_name/IP_addr

We can mention interface so that from which interface tcptraceroute should send packets. By default it is selected according to routing table.

7. tcptraceroute [-w timeout_time] domain_addr/IP_addr

It is used to set time to respond for each probe . By default it is 3 sec.

8. tcptraceroute –F domain_name/IP_addr

ex. tcptraceroute -F www,google.com

It means do not fragments or splits the original probes packet.

9. tcptraceroute domain_name/IP_addr

ex. tcptraceroute www.google.com 110

Set the total packet length to be used in outgoing packets. If the length is greater than the minimum size required to assemble the necessary probe packet headers, this value is automatically increased.

10. tcptraceroute -S domain_name/IP_addr

Set the TCP SYN flag in outgoing packets. This is the default, if neither -S or -A is specified.

11. tcptraceroute -A domain_name/IP_addr

Set the TCP ACK flag in outgoing packets. By doing so, it is possible to trace through stateless firewalls which permit out‐ going TCP connections.

12. tcptraceroute -E domain_name/IP_addr

Send ECN SYN packets, as described in RFC2481.