Friday, November 16, 2007

traceroute made easy...

The traceroute applications, which have traditionally been used by hackers to trace the path to a certain computer, use UDP packets or ICMP echo request packets to that computer, by using a TTL of 1, and then incrementing the TTL value, so that the packet ultimately reaches the destination.

Here, I am going to explain how this works, for the newbies. The TTL value in IP packets, defines how long the lifetime is, in the network, during the transmission. It is called the Time To Live of the packet. Every computer that comes in the path of the packet, reduces the TTL value by 1, and forwards the packet to the next computer in the path. Thus, ultimately, the packet reaches the destination. But, if the packet has TTL, which does not suffice to reach the destination computer, the computer, which sets the TTL to zero, sends an ICMP time exceeded message(ICMP is used to communicate error messages in the Internet), to the sender computer, so that it can send another copy of the packet.

But unfortunately, in this world of firewalls, this method hardly works today, as the packets get filtered in the path, and the packet never reaches the destination. So, the trace remains incomplete.

But, fortunately, for the people like me, hackers have devised a new technique, with lesses chances of getting filtered, wherein a TCP packet is sent, with increasing TTL. So, the trace is not stopped in the middle, and the packets do trace the whole path for us.


No comments: