Layer Four Traceroute

简介: If you are using the one bundled with your distro you are probably missing out some of the more interesting and new features.

If you are using the one bundled with your distro you are probably missing out some of the more interesting and new features.

From the site:

"LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? LFT is the all-in-one traceroute tool because it can launch a variety of different probes using ICMP, UDP, and TCP protocols, or the RFC1393 trace method."

Its been useful for me to locate more systems between me and the target host as well as identifying gateways/web firewalls that organization's send all (or some)web traffic through.

It also handy that you can throw it some switches to show the AS and network routes with the scan as well.

Old Traceroute:

cg@meh:~/evil/lft-3.1$ traceroute www.microsoft.com
traceroute to www.microsoft.com (65.55.21.250), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 4.681 ms 5.794 ms 14.193 ms
2-8 Local Stuff

9 pos-0-0-0-0-pe01.ashburn.va.ibone.comcast.net (68.86.86.26) 35.743 ms 36.391 ms 37.102 ms

10 as8075-1.ashburn.va.ibone.comcast.net (75.149.230.42) 173.747 ms 174.136 ms 175.054 ms

11 209.240.199.162 (209.240.199.162) 32.762 ms 33.703 ms 37.096 ms

12 ge-6-1-0-0.bl2-64c-1a.ntwk.msn.net (207.46.43.5) 17.652 ms 28.151 ms 24.033 ms

13 ge-0-0-0-0.bl2-64c-1b.ntwk.msn.net (207.46.43.85) 24.864 ms 25.951 ms 26.485 ms

14 ge-3-1-0-0.co2-64c-1a.ntwk.msn.net (207.46.43.101) 109.384 ms 109.615 ms 110.180 ms

15 ge-7-0-0-0.co2-64c-1b.ntwk.msn.net (207.46.43.197) 106.607 ms 107.401 ms 110.382 ms

16 207.46.46.92 (207.46.46.92) 112.458 ms 118.682 ms 106.207 ms

17 10.22.8.14 (10.22.8.14) 107.323 ms 107.552 ms 107.789 ms
18 * * *

19 * * *

20 * * *

21 * * *

22 * * *
23 * * *
24 * * *
25 * * *
26 * * *

27 * * *

28 * * *

29 * * *
30 * * *


Layer Four Traceroute

cg@meh:~/evil/lft-3.1$ sudo lft -rNS www.microsoft.com -d 80
TTL LFT trace to 65.55.21.250:80/tcp

1 [33657] [CMCS] 192.168.1.1 2.3/1.5ms
** [neglected] no reply packets received from TTLs
2 through
-8 local stuff
9 [7922] [COMCAST-7922] pos-0-0-0-0-pe01.ashburn.va.ibone.comcast.net (68.86.86.26) 27.2/26.6ms

10 [8075] [MICROSOFT-CORP---MSN-AS-BLOCK] as8075-1.ashburn.va.ibone.comcast.net (75.149.230.42) 25.9/24.3ms
11 [8075] [MICROSOFT-CORP---MSN-AS-BLOCK] 209.240.199.162 15.8/24.3ms

12 [8075] [MICROSOFT-CORP---MSN-AS-BLOCK] ge-6-1-0-0.bl2-64c-1a.ntwk.msn.net (207.46.43.5) 34.1/14.8ms

13 [8075] [MICROSOFT-CORP---MSN-AS-BLOCK] ge-0-0-0-0.bl2-64c-1b.ntwk.msn.net (207.46.43.85) 16.0/15.9ms

14 [8075] [MICROSOFT-CORP---MSN-AS-BLOCK] ge-3-1-0-0.co2-64c-1a.ntwk.msn.net (207.46.43.101) 121.3/98.2ms

15 [8075] [MICROSOFT-CORP---MSN-AS-BLOCK] ge-7-0-0-0.co2-64c-1b.ntwk.msn.net (207.46.43.197) 114.1/97.3ms
16 [6067] [ONYX] 207.46.46.92 101.6/99.9ms
17 [8075] [MICROSOFT-CORP---MSN-AS-BLOCK] 10.22.8.14 99.5/109.5ms

18 [AS?] [Net?] [target open] 65.55.21.250:80 98.5/109.4ms

目录
相关文章
|
4月前
|
缓存 网络协议 网络架构
网络抓包分析【IP,ICMP,ARP】以及 IP数据报,MAC帧,ICMP报和ARP报的数据报格式
本文详细介绍了如何使用网络抓包工具Wireshark进行网络抓包分析,包括以太网v2 MAC帧、IP数据报、ICMP报文和ARP报文的格式,以及不同网络通信的过程。文章通过抓包分析展示了IP数据报、ICMP数据报和ARP数据报的具体信息,包括MAC地址、IP地址、ICMP类型和代码、以及ARP的硬件类型、协议类型、操作类型等。通过这些分析,可以更好地理解网络协议的工作机制和数据传输过程。
网络抓包分析【IP,ICMP,ARP】以及 IP数据报,MAC帧,ICMP报和ARP报的数据报格式
|
8月前
|
网络协议 Linux 网络架构
【Cisco Packet Tracer】运输层端口与TCP的作用
【Cisco Packet Tracer】运输层端口与TCP的作用
105 0
|
8月前
|
网络协议 Linux 网络架构
【Cisco Packet Tracer】运输层端口与DHCP的作用
【Cisco Packet Tracer】运输层端口与DHCP的作用
117 0
|
网络协议 网络架构
什么是 ICMP ?ping和ICMP之间有啥关系?
Internet 控制消息协议 (ICMP) 是 TCP/IP 的实用协议,负责提供有关 TCP/IP 网络上的设备、服务或路由的可用性的信息,大多数网络故障排除技术和工具都以常见的 ICMP 消息类型为中心,最著名的就是ping,主要用于测试设备之间的通信。
860 0
什么是 ICMP ?ping和ICMP之间有啥关系?