Tool 63: Traceroute on a specified IP protocol
Description:
This tool lists routers on the path to a computer.
How traceroute works: IP header contains a field named TTL indicating
the number of hops a packet can cross. Each router decreases TTL. When
it reaches 0, the router sends an ICMP Time Exceeded error back to the
IP source address. Traceroute works by slowly increasing TTL. So, we
obtain the list of successive routers because each one sends an ICMP
Time Exceeded.
This tool sends an IP only packet. There is no way to detect end (it
depends on protocol), so user has to interrupt tool at end.
Parameter --spoofip indicates how to generate link layer for spoofing.
Values 'best', 'link' or 'raw' are common choices for --spoofip. Here
is the list of accepted values:
- 'raw' means to spoof at IP4/IP6 level (it uses system IP stack). If
a firewall is installed, or on some systems, this might not work.
- 'linkf' means to spoof at link level (currently, only Ethernet is
supported). The 'f' means to Fill source Ethernet address.
However, if source IP address is spoofed, it might be impossible
to Fill it. So, linkf will not work: use linkb or linkfb instead.
- 'linkb' means to spoof at link level. The 'b' means to left a Blank
source Ethernet address (0:0:0:0:0:0, do not try to Fill it).
- 'linkfb' means to spoof at link level. The 'f' means to try to Fill
source Ethernet address, but if it is not possible, it is left
Blank.
- 'rawlinkf' means to try 'raw', then try 'linkf'
- 'rawlinkb' means to try 'raw', then try 'linkb'
- 'rawlinkfb' means to try 'raw', then try 'linkfb'
- 'linkfraw' means to try 'linkf', then try 'raw'
- 'linkbraw' means to try 'linkb', then try 'raw'
- 'linkfbraw' means to try 'linkfb', then try 'raw'
- 'link' is an alias for 'linkfb'
- 'rawlink' is an alias for 'rawlinkfb'
- 'linkraw' is an alias for 'linkfbraw'
- 'best' is an alias for 'linkraw'. It should work in all cases.
This tool may need to be run with admin privilege in order to sniff
and spoof.
Usage:
netwox 63 -i ip [-p uint32] [-D mixed_data] [-s spoofip] [-T uint32] [-t uint32] [-m uint32] [-r|+r]
Parameters:
| parameter |
description |
example |
| -i|--dst-ip ip |
destination IP address |
5.6.7.8 |
| -p|--protocol uint32 |
ip4 protocol |
1 |
| -D|--ip4-data mixed_data |
mixed data |
|
| -s|--spoofip spoofip |
IP spoof initialization type |
best |
| -T|--min-ttl uint32 |
min ttl |
1 |
| -t|--max-ttl uint32 |
max ttl |
30 |
| -m|--max-ms uint32 |
max millisecond wait |
1000 |
| -r|--resolve|+r|--no-resolve |
resolve hostname |
|
Examples:
netwox 63 -i "5.6.7.8"
netwox 63 --dst-ip "5.6.7.8"