Penguin
Recent Changes
Blame: tcptraceroute(8)
EditPageHistoryDiffInfoLikePages
Annotated edit history of tcptraceroute(8) version 1, including all changes. View license author blame.
Rev Author # Line
1 perry 1 TCPTRACEROUTE
2 !!!TCPTRACEROUTE
3 NAME
4 SYNOPSIS
5 DESCRIPTION
6 OPTIONS
7 EXAMPLES
8 BUGS
9 AUTHOR
10 AVAILABILITY
11 SEE ALSO
12 ----
13 !!NAME
14
15
16 tcptraceroute - A traceroute implementation using TCP packets
17 !!SYNOPSIS
18
19
20 __tcptraceroute [[-nFE] [[ -i__ ''interface'' __] [[
21 -f__ ''first ttl'' __]
22 [[ -l__ ''length'' __] [[ -q__ ''number of
23 queries'' __] [[ -t__ ''tos'' __]
24 [[ -m__ ''max ttl'' __] [[ -p__ ''source port''
25 __] [[ -s__ ''source address'' __]
26 [[ -w__ ''wait time'' __]__ ''host'' __[[__
27 ''destination port'' __] [[__ ''length''
28 __]__
29 !!DESCRIPTION
30
31
32 __tcptraceroute__ is a traceroute implementation using
33 TCP packets.
34
35
36 The more traditional traceroute(8) sends out either
37 UDP or ICMP ECHO packets with a TTL of one, and increments
38 the TTL until the destination has been reached. By printing
39 the gateways that generate ICMP time exceeded messages along
40 the way, it is able to determine the path packets are taking
41 to reach the destination.
42
43
44 The problem is that with the widespread use of firewalls on
45 the modern Internet, many of the packets that
46 traceroute(8) sends out end up being filtered, making
47 it impossible to completely trace the path to the
48 destination. However, in many cases, these firewalls will
49 permit inbound TCP packets to specific ports that hosts
50 sitting behind the firewall are listening for connections
51 on. By sending out TCP SYN packets instead of UDP or ICMP
52 ECHO packets, __tcptraceroute__ is able to bypass the
53 most common firewall filters.
54
55
56 It is worth noting that __tcptraceroute__ never
57 completely establishes a TCP connection with the destination
58 host. If the host is not listening for incoming connections,
59 it will respond with an RST indicating that the port is
60 closed. If the host instead responds with a SYN|ACK, the
61 port is known to be open, and an RST is sent by the kernel
62 __tcptraceroute__ is running on to tear down the
63 connection without completing three-way handshake. This is
64 the same half-open scanning technique that nmap(1)
65 uses when passed the __-sS__ flag.
66 !!OPTIONS
67
68
69 -n
70
71
72 Display numeric output, rather than doing a reverse DNS
73 lookup for each hop. Reverse lookups are never attempted on
74 RFC1918 address space, regardless of the -n
75 flag.
76
77
78 -f
79
80
81 Set the initial TTL used in the first outgoing packet. The
82 default is 1.
83
84
85 -m
86
87
88 Set the maximum TTL used in outgoing packets. The default is
89 30.
90
91
92 -p
93
94
95 Use the specified local TCP port in outgoing packets. The
96 default is to obtain a free port from the kernel using
97 bind(2). Unlike with traditional
98 traceroute(8), this number will not increase with
99 each hop.
100
101
102 -s
103
104
105 Set the source address for outgoing packets. See also the -i
106 flag.
107
108
109 -i
110
111
112 Use the specified interface for outgoing
113 packets.
114
115
116 -q
117
118
119 Set the number of probes to be sent to each hop. The default
120 is 3.
121
122
123 -t
124
125
126 Set the IP type of service to be used in outgoing packets.
127 The default is to not set any type of service
128 option.
129
130
131 -F
132
133
134 Set the
135
136
137 -E
138
139
140 Send ECN SYN packets, as described in RFC2481.
141
142
143 -w
144
145
146 Set the timeout, in seconds, to wait for a response for each
147 probe. The default is 3.
148
149
150 -l
151
152
153 Set the total packet length to be used in outgoing packets.
154 If the length is greater than the minimum size required to
155 assemble the necessary probe packet headers, this value is
156 automatically increased.
157
158
159 -d
160
161
162 Enable debugging, which may or may not be
163 useful.
164 !!EXAMPLES
165
166
167 Please see the ''examples.txt'' file included in the
168 __tcptraceroute__ distribution for a few real world
169 examples.
170
171
172 To trace the path to a web server listening for connections
173 on port 80:
174
175
176 __tcptraceroute webserver__
177
178
179 To trace the path to a mail server listening for connections
180 on port 25:
181
182
183 __tcptraceroute mailserver 25__
184 !!BUGS
185
186
187 No error checking is performed on the source address
188 specified by the -s flag, and it is therefore possible for
189 __tcptraceroute__ to send out TCP SYN packets for which
190 it has no chance of seeing a response to.
191
192
193 Complete portability to other Unix systems has not been
194 tested; specifically, __tcptraceroute__ will not function
195 on systems which modify the IP ID field of packets written
196 to a raw socket. As of the time of this writing,
197 __tcptraceroute__ is known to compile and function
198 properly on Linux, OpenBSD, and FreeBSD systems. If you run
199 into complications on another platform, please let me
200 know.
201 !!AUTHOR
202
203
204 Michael C. Toren
205 !!AVAILABILITY
206
207
208 For updates, please see:
209
210
211 http://michael.toren.net/code/tcptraceroute/
212 !!SEE ALSO
213
214
215 traceroute(8), ping(8),
216 nmap(1)
217 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.