From owner-freebsd-hackers Wed Sep 20 23:53:42 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from polaris.we.lc.ehu.es (polaris.we.lc.ehu.es [158.227.6.43]) by hub.freebsd.org (Postfix) with ESMTP id 212F337B422 for ; Wed, 20 Sep 2000 23:53:30 -0700 (PDT) Received: from sol.we.lc.ehu.es (sol [158.227.6.42]) by polaris.we.lc.ehu.es (8.9.1/8.9.1) with ESMTP id IAA05765 for ; Thu, 21 Sep 2000 08:53:20 +0200 (MET DST) From: Borja Marcos Received: (from borjam@localhost) by sol.we.lc.ehu.es (8.9.1/8.9.1) id IAA03944 for hackers@freebsd.org; Thu, 21 Sep 2000 08:53:19 +0200 (MET DST) Message-Id: <200009210653.IAA03944@sol.we.lc.ehu.es> Subject: Re: traceroute using tcp to a port? To: leif@neland.dk Date: Wed, 20 Sep 100 16:25:39 +0200 (MET DST) In-Reply-To: <00ac01c02218$7f91e080$0e00a8c0@neland.dk> from "Leif Neland" at Sep 19, 0 11:00:57 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > If I understand correctly, traceroute works by sending pings with ttl=1, > ttl=2,ttl=3 etc and records the names of the routers where the ttl reaches > zero. No, traceroute send UDP messages by default. Doing a traceroute with TCP (it has an option, -P tcp) can be really useful if you can use a fixed port. I made a trivial change to traceroute that allows you to specify a fixed port by using a negative number. For example, traceroute -P tcp -p -80 will do a "TCP SYN traceroute" for port 80. Comparing this output with a normal traceroute to the same destination (or a traceroute for a different TCP port) you can detect HTTP transparent proxies, man-in-the-middle attacks, policy routing, etc. I sent a patch to the traceroute development team but received no answer :-(. Perhaps it could be committed to FreeBSD? I work for an ISP and the feature has proved to be really useful! Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message