Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
tcptraceroute(8)
Edit
PageHistory
Diff
Info
LikePages
TCPTRACEROUTE !!!TCPTRACEROUTE NAME SYNOPSIS DESCRIPTION OPTIONS EXAMPLES BUGS AUTHOR AVAILABILITY SEE ALSO ---- !!NAME tcptraceroute - A traceroute implementation using TCP packets !!SYNOPSIS __tcptraceroute [[-nFE] [[ -i__ ''interface'' __] [[ -f__ ''first ttl'' __] [[ -l__ ''length'' __] [[ -q__ ''number of queries'' __] [[ -t__ ''tos'' __] [[ -m__ ''max ttl'' __] [[ -p__ ''source port'' __] [[ -s__ ''source address'' __] [[ -w__ ''wait time'' __]__ ''host'' __[[__ ''destination port'' __] [[__ ''length'' __]__ !!DESCRIPTION __tcptraceroute__ is a traceroute implementation using TCP packets. The more traditional traceroute(8) sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets are taking to reach the destination. The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that traceroute(8) sends out end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, __tcptraceroute__ is able to bypass the most common firewall filters. It is worth noting that __tcptraceroute__ never completely establishes a TCP connection with the destination host. If the host is not listening for incoming connections, it will respond with an RST indicating that the port is closed. If the host instead responds with a SYN|ACK, the port is known to be open, and an RST is sent by the kernel __tcptraceroute__ is running on to tear down the connection without completing three-way handshake. This is the same half-open scanning technique that nmap(1) uses when passed the __-sS__ flag. !!OPTIONS -n Display numeric output, rather than doing a reverse DNS lookup for each hop. Reverse lookups are never attempted on RFC1918 address space, regardless of the -n flag. -f Set the initial TTL used in the first outgoing packet. The default is 1. -m Set the maximum TTL used in outgoing packets. The default is 30. -p Use the specified local TCP port in outgoing packets. The default is to obtain a free port from the kernel using bind(2). Unlike with traditional traceroute(8), this number will not increase with each hop. -s Set the source address for outgoing packets. See also the -i flag. -i Use the specified interface for outgoing packets. -q Set the number of probes to be sent to each hop. The default is 3. -t Set the IP type of service to be used in outgoing packets. The default is to not set any type of service option. -F Set the -E Send ECN SYN packets, as described in RFC2481. -w Set the timeout, in seconds, to wait for a response for each probe. The default is 3. -l Set the total packet length to be used in outgoing packets. If the length is greater than the minimum size required to assemble the necessary probe packet headers, this value is automatically increased. -d Enable debugging, which may or may not be useful. !!EXAMPLES Please see the ''examples.txt'' file included in the __tcptraceroute__ distribution for a few real world examples. To trace the path to a web server listening for connections on port 80: __tcptraceroute webserver__ To trace the path to a mail server listening for connections on port 25: __tcptraceroute mailserver 25__ !!BUGS No error checking is performed on the source address specified by the -s flag, and it is therefore possible for __tcptraceroute__ to send out TCP SYN packets for which it has no chance of seeing a response to. Complete portability to other Unix systems has not been tested; specifically, __tcptraceroute__ will not function on systems which modify the IP ID field of packets written to a raw socket. As of the time of this writing, __tcptraceroute__ is known to compile and function properly on Linux, OpenBSD, and FreeBSD systems. If you run into complications on another platform, please let me know. !!AUTHOR Michael C. Toren !!AVAILABILITY For updates, please see: http://michael.toren.net/code/tcptraceroute/ !!SEE ALSO traceroute(8), ping(8), nmap(1) ----
One page links to
tcptraceroute(8)
:
Man8t
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.