Tcptraceroute

From Wikipedia, the free encyclopedia

tcptraceroute is a traceroute implementation using TCP packets.

The more traditional traceroute sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets are taking to reach the destination.

The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.

tcptraceroute detects round-robin-loadbalancing and has options to detect DNAT.

Sample-output with DNAT-Detection:

gnoerz@h248498:~$ tcptraceroute --track-port --dnat www.wissen.de
Selected device eth0, address 85.214.17.152 for outgoing packets
Tracing the path to www.wissen.de (195.71.125.85) on TCP port 80 (www), 30 hops
 1  85.214.16.1  0.370 ms  0.288 ms  0.286 ms
 2  81.169.160.197  0.319 ms  0.312 ms  0.302 ms
 3  81.169.160.37  0.443 ms  0.359 ms  0.358 ms
 4  PC1.bln2-g.mcbone.net (194.97.172.145)  0.381 ms  0.272 ms  0.286 ms
 5  lo0-0.lpz2-j2.mcbone.net (62.104.191.208)  4.399 ms  4.523 ms  4.335 ms
 6  ge-2-0-0-0.ffm4-j2.mcbone.net (62.104.191.199)  12.501 ms  12.399 ms  12.476
 7  L0.ffm5-g.mcbone.net (62.104.191.150)  12.517 ms  12.509 ms  12.585 ms
 8  rmws-frnk-de16.nw.telefonica.de (80.81.193.89)  12.550 ms  12.545 ms  12.559
 9  rmwc-frnk-de02-pos-1-2.nw.mediaways.net (213.20.249.197)  12.976 ms  12.953
10  rmwc-frnk-de01-pos-7-0.nw.mediaways.net (195.71.254.105)  19.626 ms  19.608
11  rmwc-gtso-de01-pos-1-0.nw.mediaways.net (195.71.254.121)  19.459 ms  19.399
12  217.188.58.204  19.610 ms  19.640 ms  19.662 ms
      Detected DNAT to 10.228.16.37:81
13  195.71.125.68  19.573 ms
      Detected DNAT to 10.228.16.46:81
    195.71.125.68  19.551 ms
      Detected DNAT to 10.228.16.44:81
    195.71.125.68  19.909 ms
14  195.71.125.85 [open]  19.731 ms  19.751 ms  19.721 ms

[edit] External links

• Author's Website
• Online-Interface for tcptraceroute
• Windows Binary of Tcptraceroute 1.5beta6
• Website for "tracetcp" (Windows-Work-a-like)
• Simple tcptraceroute implementation in 60 lines long Python Script