For those who are aware of trace route please skip the first two paragraphs.
When we execute traceroute command , our machine sends out 3 UDP packets with a TTL (Time-to-Live) of 1. When those packets reach the next hop router, it will decrease the TTL to 0 and thus reject the packet. It will send an ICMP Time-to-Live Exceeded (Type 11), TTL equal 0 during transit (Code 0) back to our machine - with a source address of itself, therefore we now know the address of the first router.
Next our machine will send 3 UDP packets with a TTL of 2, thus the first router that we already know passes the packets on to the next router after reducing the TTL by 1 to 1.The next router decreases the TTL to 0, thus rejecting the packet and sending the same ICMP Time-to-Live Exceeded with its address as the source back to our machine. Thus we now know two paths. This keeps going until we reach the destination. Since we are sending UDP packets with the destination address of the host we are concerned with, once it gets to the destination the UDP packet is wanting to connect to the port that we have sent as the destination port, since it is an uncommon port, it will most like be rejected with an ICMP Destination Unreachable (Type 3), Port Unreachable (Code 3). This ICMP message is sent back to our machine, which will understand this as being the last hop, therefore trace route will exit.
The regular traceroute usually uses either ICMP or UDP protocols. Unfortunately firewalls and routers often block the ICMP protocol completely or disallow the ICMP echo requests (ping requests), and/or block various UDP ports.
When we execute traceroute using ICMP or UDP using commands
traceroute -I www.microsoft.com (ICMP)
traceroute -U www.microsoft.com (UDP)
after some couple of message exchanges we should be getting * * * as the firewall blocks our message.
So how do we get the actual address of destination host?
Using it over TCP.
To our surprise "traceroute -T -p 80 www.microsoft.com" returns the exact IP address.
Of-course there are lots of traceroute implementations and if your system doesn't
have the one as stated above please check http://michael.toren.net/code/tcptraceroute/
Courtesy : http://www.catonmat.net/blog/tcp-traceroute/
No comments:
Post a Comment