version 1, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
TCPTRACEROUTE |
|
|
2 |
!!!TCPTRACEROUTE |
|
|
3 |
NAME |
|
|
4 |
SYNOPSIS |
|
|
5 |
DESCRIPTION |
|
|
6 |
OPTIONS |
|
|
7 |
EXAMPLES |
|
|
8 |
BUGS |
|
|
9 |
AUTHOR |
|
|
10 |
AVAILABILITY |
|
|
11 |
SEE ALSO |
|
|
12 |
---- |
|
|
13 |
!!NAME |
|
|
14 |
|
|
|
15 |
|
|
|
16 |
tcptraceroute - A traceroute implementation using TCP packets |
|
|
17 |
!!SYNOPSIS |
|
|
18 |
|
|
|
19 |
|
|
|
20 |
__tcptraceroute [[-nFE] [[ -i__ ''interface'' __] [[ |
|
|
21 |
-f__ ''first ttl'' __] |
|
|
22 |
[[ -l__ ''length'' __] [[ -q__ ''number of |
|
|
23 |
queries'' __] [[ -t__ ''tos'' __] |
|
|
24 |
[[ -m__ ''max ttl'' __] [[ -p__ ''source port'' |
|
|
25 |
__] [[ -s__ ''source address'' __] |
|
|
26 |
[[ -w__ ''wait time'' __]__ ''host'' __[[__ |
|
|
27 |
''destination port'' __] [[__ ''length'' |
|
|
28 |
__]__ |
|
|
29 |
!!DESCRIPTION |
|
|
30 |
|
|
|
31 |
|
|
|
32 |
__tcptraceroute__ is a traceroute implementation using |
|
|
33 |
TCP packets. |
|
|
34 |
|
|
|
35 |
|
|
|
36 |
The more traditional traceroute(8) sends out either |
|
|
37 |
UDP or ICMP ECHO packets with a TTL of one, and increments |
|
|
38 |
the TTL until the destination has been reached. By printing |
|
|
39 |
the gateways that generate ICMP time exceeded messages along |
|
|
40 |
the way, it is able to determine the path packets are taking |
|
|
41 |
to reach the destination. |
|
|
42 |
|
|
|
43 |
|
|
|
44 |
The problem is that with the widespread use of firewalls on |
|
|
45 |
the modern Internet, many of the packets that |
|
|
46 |
traceroute(8) sends out end up being filtered, making |
|
|
47 |
it impossible to completely trace the path to the |
|
|
48 |
destination. However, in many cases, these firewalls will |
|
|
49 |
permit inbound TCP packets to specific ports that hosts |
|
|
50 |
sitting behind the firewall are listening for connections |
|
|
51 |
on. By sending out TCP SYN packets instead of UDP or ICMP |
|
|
52 |
ECHO packets, __tcptraceroute__ is able to bypass the |
|
|
53 |
most common firewall filters. |
|
|
54 |
|
|
|
55 |
|
|
|
56 |
It is worth noting that __tcptraceroute__ never |
|
|
57 |
completely establishes a TCP connection with the destination |
|
|
58 |
host. If the host is not listening for incoming connections, |
|
|
59 |
it will respond with an RST indicating that the port is |
|
|
60 |
closed. If the host instead responds with a SYN|ACK, the |
|
|
61 |
port is known to be open, and an RST is sent by the kernel |
|
|
62 |
__tcptraceroute__ is running on to tear down the |
|
|
63 |
connection without completing three-way handshake. This is |
|
|
64 |
the same half-open scanning technique that nmap(1) |
|
|
65 |
uses when passed the __-sS__ flag. |
|
|
66 |
!!OPTIONS |
|
|
67 |
|
|
|
68 |
|
|
|
69 |
-n |
|
|
70 |
|
|
|
71 |
|
|
|
72 |
Display numeric output, rather than doing a reverse DNS |
|
|
73 |
lookup for each hop. Reverse lookups are never attempted on |
|
|
74 |
RFC1918 address space, regardless of the -n |
|
|
75 |
flag. |
|
|
76 |
|
|
|
77 |
|
|
|
78 |
-f |
|
|
79 |
|
|
|
80 |
|
|
|
81 |
Set the initial TTL used in the first outgoing packet. The |
|
|
82 |
default is 1. |
|
|
83 |
|
|
|
84 |
|
|
|
85 |
-m |
|
|
86 |
|
|
|
87 |
|
|
|
88 |
Set the maximum TTL used in outgoing packets. The default is |
|
|
89 |
30. |
|
|
90 |
|
|
|
91 |
|
|
|
92 |
-p |
|
|
93 |
|
|
|
94 |
|
|
|
95 |
Use the specified local TCP port in outgoing packets. The |
|
|
96 |
default is to obtain a free port from the kernel using |
|
|
97 |
bind(2). Unlike with traditional |
|
|
98 |
traceroute(8), this number will not increase with |
|
|
99 |
each hop. |
|
|
100 |
|
|
|
101 |
|
|
|
102 |
-s |
|
|
103 |
|
|
|
104 |
|
|
|
105 |
Set the source address for outgoing packets. See also the -i |
|
|
106 |
flag. |
|
|
107 |
|
|
|
108 |
|
|
|
109 |
-i |
|
|
110 |
|
|
|
111 |
|
|
|
112 |
Use the specified interface for outgoing |
|
|
113 |
packets. |
|
|
114 |
|
|
|
115 |
|
|
|
116 |
-q |
|
|
117 |
|
|
|
118 |
|
|
|
119 |
Set the number of probes to be sent to each hop. The default |
|
|
120 |
is 3. |
|
|
121 |
|
|
|
122 |
|
|
|
123 |
-t |
|
|
124 |
|
|
|
125 |
|
|
|
126 |
Set the IP type of service to be used in outgoing packets. |
|
|
127 |
The default is to not set any type of service |
|
|
128 |
option. |
|
|
129 |
|
|
|
130 |
|
|
|
131 |
-F |
|
|
132 |
|
|
|
133 |
|
|
|
134 |
Set the |
|
|
135 |
|
|
|
136 |
|
|
|
137 |
-E |
|
|
138 |
|
|
|
139 |
|
|
|
140 |
Send ECN SYN packets, as described in RFC2481. |
|
|
141 |
|
|
|
142 |
|
|
|
143 |
-w |
|
|
144 |
|
|
|
145 |
|
|
|
146 |
Set the timeout, in seconds, to wait for a response for each |
|
|
147 |
probe. The default is 3. |
|
|
148 |
|
|
|
149 |
|
|
|
150 |
-l |
|
|
151 |
|
|
|
152 |
|
|
|
153 |
Set the total packet length to be used in outgoing packets. |
|
|
154 |
If the length is greater than the minimum size required to |
|
|
155 |
assemble the necessary probe packet headers, this value is |
|
|
156 |
automatically increased. |
|
|
157 |
|
|
|
158 |
|
|
|
159 |
-d |
|
|
160 |
|
|
|
161 |
|
|
|
162 |
Enable debugging, which may or may not be |
|
|
163 |
useful. |
|
|
164 |
!!EXAMPLES |
|
|
165 |
|
|
|
166 |
|
|
|
167 |
Please see the ''examples.txt'' file included in the |
|
|
168 |
__tcptraceroute__ distribution for a few real world |
|
|
169 |
examples. |
|
|
170 |
|
|
|
171 |
|
|
|
172 |
To trace the path to a web server listening for connections |
|
|
173 |
on port 80: |
|
|
174 |
|
|
|
175 |
|
|
|
176 |
__tcptraceroute webserver__ |
|
|
177 |
|
|
|
178 |
|
|
|
179 |
To trace the path to a mail server listening for connections |
|
|
180 |
on port 25: |
|
|
181 |
|
|
|
182 |
|
|
|
183 |
__tcptraceroute mailserver 25__ |
|
|
184 |
!!BUGS |
|
|
185 |
|
|
|
186 |
|
|
|
187 |
No error checking is performed on the source address |
|
|
188 |
specified by the -s flag, and it is therefore possible for |
|
|
189 |
__tcptraceroute__ to send out TCP SYN packets for which |
|
|
190 |
it has no chance of seeing a response to. |
|
|
191 |
|
|
|
192 |
|
|
|
193 |
Complete portability to other Unix systems has not been |
|
|
194 |
tested; specifically, __tcptraceroute__ will not function |
|
|
195 |
on systems which modify the IP ID field of packets written |
|
|
196 |
to a raw socket. As of the time of this writing, |
|
|
197 |
__tcptraceroute__ is known to compile and function |
|
|
198 |
properly on Linux, OpenBSD, and FreeBSD systems. If you run |
|
|
199 |
into complications on another platform, please let me |
|
|
200 |
know. |
|
|
201 |
!!AUTHOR |
|
|
202 |
|
|
|
203 |
|
|
|
204 |
Michael C. Toren |
|
|
205 |
!!AVAILABILITY |
|
|
206 |
|
|
|
207 |
|
|
|
208 |
For updates, please see: |
|
|
209 |
|
|
|
210 |
|
|
|
211 |
http://michael.toren.net/code/tcptraceroute/ |
|
|
212 |
!!SEE ALSO |
|
|
213 |
|
|
|
214 |
|
|
|
215 |
traceroute(8), ping(8), |
|
|
216 |
nmap(1) |
|
|
217 |
---- |