Traceroute

Traceroute

More topological information may be gathered using traceroute.
Traceroute identifies each device a packet must pass through en route
to its final destination through the use of packets with incremental
TTL’s.
Hosts that failed to respond to ping should be tracerouted to establish
where the path to the host fails. If the final successful hop is one of the
previously identified routers or gateways, that gateway may well be
filtering inbound traffic. We will examine other techniques for
identifying live hosts despite the presence of such filtering in a later
section.
Traceroute Variations
Both ICMP and UDP traceroutes are common - UDP originated on
UN*X systems, whereas the NT tracert command used an ICMP
variant. Both are useful in network enumeration, as filters may block
only one of these two IP protocols, and dual-homed intermediate
devices may return different interfaces IP’s based on the source packet
protocol. Both are available in many UN*X implementations - UDP is
the default and ICMP is available using the -I switch.
Routers
By examining the output from traceroute, we may establish key
upstream devices by simply analyzing the name assigned to it.
• ISP routers - These commonly follow naming conventions giving
away their geographical location and purpose.
• Customer routers and gateways - These frequently contain hints at
the company name or use generic names such as gateway or gw.
Routers R1 and R2 in the example represent the routers either end of
the serial connection between the ISP and the company. R2 may be
managed either by the ISP or the company.