What is Traceroot?

What is Traceroot?

What is Traceroot? – Traceroute programs works on the concept of ICMP protocol and used the TTL field in the Header of ICMP packets to discover the routers on the path to a target host.

What is Traceroot?

Finding the route of the target host on the network is neccessary to test against to test against man-in-the-middle attacks and other related attacks. Most operating systems come with a Traceroute utility to perform the task. It traces the path or route through which the target host packets travel in the network.

Traceroute uses the ICMP protocol concept and Time to Live (TTL) field of IP header to find the path of the target host in the network.

The Traceroute utility can detail the path IP packets travel between two systems. The utility can trace the number of routers the packets travel through, the round trip time (duration in transiting between two routers), and if the routers have DNS entries, the names of the routers and their network affiliation. it can also trace geographic locations. It works by exploiting a feature of the Internet Protocol called TTL the TTL field indicates the maximum number of routers a packet may transit. Each router that handles a packet decrements the TTL count field in the ICMP header by one. When the count reaches zero, the router discards the packet and transmits an ICMP error message to the orginator of the packet.

The utility records the IP address and DNS name of that router, and sends out another packet with a TTL value of two. This packet makes it through the first router, then times-out at the next router in the path. This second router also sends an error message back to the originating host.

Traceroute continues to do this, and records the IP address and name each router until a packet finally reaches the target host or untill a packet finally reaches the target host or untill it decides that the host is unreachable. In the process, it records the time it look for each packet to travel round trip to each router. Finally, when it reaches the destination, the normal ICMP ping response will be send to the sender. The utility helps to reveal the IP address of the intemediate hops in the route to the target host from the source.

How to use the Tracert command?

Go to the command prompt and type the tracert command along with the destination IP address or domain name as follows:

C:\>tracert 216.239.36.10

Tracing route to ns3.google.com [216.239.36.10] over a maximum of 30 hops:

  1. 1262 ms 186 ms 124 ms 195.229.252.10
  2. 2796 ms 3061 ms 3436 ms 195.229.252.130
  3. 155 ms 217 ms 155 ms 195.229.252.114
  4. 2171 ms 1405 ms 1530 ms 194.170.2.57
  5. 2685 ms 1280 ms 655 ms dxb-emix-ra.ge6303.emix.ae [195.229.31.99]
  6. 202 ms 530 ms 999 ms dxb-emix-rb.so100.emix.ae [195.229.0.30]
  7. 609 ms 1124 ms 1748 ms iarl-so-3-2-0.Thamesside.cw.net [166.63.214.65]
  8. 1622 ms 2377 ms 2061 ms eqixva-google-gige.google.com [206.224.115.21]
  9. 2498 ms 968 ms 593 ms 216.239.48.193
  10. 3546 ms 3686 ms 3030 ms 216.239.48.89
  11. 1806 ms 1529 ms 812 ms 216.33.98.154
  12. 1108 ms 1683 ms 2062 ms ns3.google.com [216.239.36.10]

Trace Complete

What is Traceroot?

Traceroute Analysis

Attackers conduct traceroute to extract information about networking topology, trusted routers and firewall locations.

We have seen how the Traceroute utility helps to find the IP addresses of Intermediate devices such as routers, and firewalls presents between a source and its destination. After running several traceroutes, an attacker will be able to find the location of a hop in the target network. Consider the following traceroute results obtained:

  • traceroute 1.10.10.20, second to last hop is 1.10.10.1
  • traceroute 1.10.20.10, third to last hop is 1.10.10.1
  • traceroute 1.10.20.10, second to last hop is 1.10.10.50
  • traceroute 1.10.20.15, third to last hop is 1.10.10.1
  • traceroute 1.10.20.15, second to last hop is 1.10.10.50

By analyzing these results, an attacker can draw the network topology diagram of the target network as shown below.

What is Traceroot?

Traceroute Tools

Traceroute tools are useful in extracting information about the geographical location of routers, servers and IP devices in a network. Such tools help us to trace, identify, and monitor the network activity on a world map. Some of the features of these tools include:

  • Hop-by-Hop traceroutes
  • Ping plotting
  • Reverse tracing
  • Historical analysis
  • Packet loss reporting
  • Port probing
  • Detect network problems
  • Packet loss reporting
  • Reverse DNS
  • Performance metrics analysis
  • Network performance monitoring

Similar to Traceroute, Path anallyzer pro and VisualRoute Pro are two tools that trace the target host in a network.

Path Analyzer Pro

Source: Click Here

Path Analyzer Pro devices network route tracing with performance tests, DNS, whois, and network resolution to investigate network issues. It shows the route from source to destination graphically. It also provides information such as the hop number, its IP address, hostname, ASN, network name, pecentage loss, latency, average latency, and standard deviation for each hop in the path.

Path Analyzer Pro Can:

  • Reasearch IP Address, email address and network paths
  • Troubleshoot network availability and performance issues
  • Determine what ISP router or server is responsible for a network problem
  • Locate firewalls and other filters that may be impacting connections.

VisualRoute

Source : Click Here

Visual Route is a traceroute and network diagnostic tool. it identifies the geographical location of routers, servers and other IP devices. It provides the tracing information in three forms.

  • Hop-by-Hop traceroutes
  • Packet loss reporting
  • Reverse Tracing
  • Historical Analysis
  • Reverse DNS
  • Ping plotting

For More Hacking Content Click Here

Related posts

Leave a Comment