Re: traceroute using tcp to a port?
If I understand correctly, traceroute works by sending pings with ttl=1, ttl=2,ttl=3 etc and records the names of the routers where the ttl reaches zero. No, traceroute send UDP messages by default. Doing a traceroute with TCP (it has an option, -P tcp) can be really useful if you can use a fixed port. I made a trivial change to traceroute that allows you to specify a fixed port by using a negative number. For example, traceroute -P tcp -p -80 will do a "TCP SYN traceroute" for port 80. Comparing this output with a normal traceroute to the same destination (or a traceroute for a different TCP port) you can detect HTTP transparent proxies, man-in-the-middle attacks, policy routing, etc. I sent a patch to the traceroute development team but received no answer :-(. Perhaps it could be committed to FreeBSD? I work for an ISP and the feature has proved to be really useful! Borja. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
traceroute using tcp to a port?
If I understand correctly, traceroute works by sending pings with ttl=1, ttl=2,ttl=3 etc and records the names of the routers where the ttl reaches zero. However, an increasing number of sites believes in security by obscurity, and blocks for pings. Would the same technique work for making a telnet to port 80 with ttl=1, ttl=2 etc? Leif To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: traceroute using tcp to a port?
On Tue, Sep 19, 2000 at 11:00:57AM +0200, Leif Neland wrote: If I understand correctly, traceroute works by sending pings with ttl=1, ttl=2,ttl=3 etc and records the names of the routers where the ttl reaches zero. However, an increasing number of sites believes in security by obscurity, and blocks for pings. traceroute doesn't use pings. mtr does. Would the same technique work for making a telnet to port 80 with ttl=1, ttl=2 etc? traceroute currently uses UDP in a similar way, and a SYN ping (like nmap does) should be possible too, yes. The problem is that those sites hinder traceroutes by blocking certain kinds of *outgoing* ICMP traffic, and there's no way we can work around that. Greetz, Peter. -- [ircoper][EMAIL PROTECTED] - Peter van Dijk / Hardbeat [student]Undernet:#groningen/wallops | IRCnet:/#alliance [developer] EFnet:#qmail _ [disbeliever - the world is backwards](__VuurWerk__(--*- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: traceroute using tcp to a port?
On Tue, 19 Sep 2000, Leif Neland wrote: If I understand correctly, traceroute works by sending pings with ttl=1, ttl=2,ttl=3 etc and records the names of the routers where the ttl reaches zero. However, an increasing number of sites believes in security by obscurity, and blocks for pings. Would the same technique work for making a telnet to port 80 with ttl=1, ttl=2 etc? Leif Of course it works, and very well. You should try hping (http://www.kyuzz.org/antirez/hping/) which is a _very cool_ tool developped by Antirez. With it you could do (among many things) traceroute over tcp. regards, -- Yann BERTHIER [EMAIL PROTECTED] Network Security Consultant Herve Schauer Consultant To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: traceroute using tcp to a port?
Of course it works, and very well. You should try hping (http://www.kyuzz.org/antirez/hping/) which is a _very cool_ tool developped by Antirez. With it you could do (among many things) traceroute over tcp. Ah, you mean just like FreeBSD's "traceroute -P tcp" does? Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: traceroute using tcp to a port?
On Tue, 19 Sep 2000, [EMAIL PROTECTED] wrote: Of course it works, and very well. You should try hping (http://www.kyuzz.org/antirez/hping/) which is a _very cool_ tool developped by Antirez. With it you could do (among many things) traceroute over tcp. Ah, you mean just like FreeBSD's "traceroute -P tcp" does? No, I mean something like : # ./hping2 -S -p 80 -T -t 1 www.whatever.tld (with -S setting the syn flag, -t the initial ttl, -p the destination port, and -T for traceroute mode). For sure other tools could do the same, I talked about hping 'cause it's my ip swiss knife :) regards, Yann To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message