diff options
-rw-r--r-- | astraceroute.8 | 98 |
1 files changed, 49 insertions, 49 deletions
diff --git a/astraceroute.8 b/astraceroute.8 index 1714634..d006281 100644 --- a/astraceroute.8 +++ b/astraceroute.8 @@ -1,83 +1,83 @@ .\" netsniff-ng - the packet sniffing beast .\" Copyright 2013 Daniel Borkmann. .\" Subject to the GPL, version 2. - +.PP .TH ASTRACEROUTE 8 "03 March 2013" "Linux" "netsniff-ng toolkit" .SH NAME astraceroute \- autonomous system trace route utility - +.PP .SH SYNOPSIS - +.PP \fB astraceroute\fR [\fIoptions\fR] - +.PP .SH DESCRIPTION astraceroute is a small utility to retrieve path information in a traceroute like way, but with additional geographical location information. It tracks the route of a packet from the local host to the remote host by sucessively increasing the IP's TTL field in the hope, that the intermediate node sends a ICMP TIME_EXCEEDED notification back to us. - +.PP astraceroute supports IPv4 and IPv6 queries and will display country and city information, if available, as well as the AS number the hop belongs to and its ISP name. astraceroute also displays timing information and reverse DNS data. - +.PP Due to astraceroute's configurability it is also possible to gather some more useful information about the hop regarding what it does and doesn't pass through. I.e. astraceroute also allows some clear text strings for probing DPIs or ``great firewalls'' that would filter out blacklisted critical keywords. This tool might be a good start for further in-depth analysis of such systems. - +.PP .SH OPTIONS - +.PP .SS -H <host>, --host <host> Hostname or IPv4 or IPv6 address of the remote host where the AS route should be traced to. In case of an IPv6 address or host, option ``-6'' must be used. IPv4 is the default. - +.PP .SS -p <port>, --port <port> TCP port for the remote host to use. If not specified, the default port to be used is 80. - +.PP .SS -i <device>, -d <device>, --dev <device> Networking device to start the trace route from, e.g. eth0, wlan0. - +.PP .SS -f <ttl>, --init-ttl <ttl> Initial TTL value to be used. This option might be useful if you are not interested in the first n hops, but only follow-up ones. The default initial TTL value is 1. - +.PP .SS -m <ttl>, --max-ttl <ttl> Maximum TTL value to be used. If not otherwise specified, the maximum TTL value is 30. Thus, after this has been reached astraceroute exits. - +.PP .SS -q <num>, --num-probes <num> Specifies the number of queries to be done on a particular hop. The default is 2 query requests. - +.PP .SS -x <sec>, --timeout <sec> Tells astraceroute the probe response timeout in seconds, in other words the maximum time astraceroute must wait for an ICMP response from the current hop. The default is 3 seconds. - +.PP .SS -X <string>, --payload <string> Places an ASCII cleartext into the packet payload. Cleartext that contains whitespaces must be put into quotes (e.g., "censer me"). - +.PP .SS -l <len>, --totlen <len> Specifies the total length of the packet. Payload that does not have a cleartext string in it is padded with random garbage. - +.PP .SS -4, --ipv4 Use IPv4 only requests. This is the default. - +.PP .SS -6, --ipv6 Use IPv6 only requests. This must be used when passing an IPv6 host as an argument. - +.PP .SS -n, --numeric Tells astraceroute to not perform reverse DNS lookup for hop replies. The reverse option is ``-N''. - +.PP .SS -u, --update The built-in geo-database update mechanism will be invoked to get Maxmind's latest version. To configure search locations for databases, the file @@ -85,110 +85,110 @@ latest version. To configure search locations for databases, the file or for mirroring Maxmind's databases (to bypass their traffic limit policy), different hosts or IP addresses can be placed into geoip.conf, separated by a newline. - +.PP .SS -L, --latitude Also show latitude and longtitude of hops. - +.PP .SS -N, --dns Tells astraceroute to perform reverse DNS lookup for hop replies. The reverse option is ``-n''. - +.PP .SS -S, --syn Use TCP's SYN flag for the request. - +.PP .SS -A, --ack Use TCP's ACK flag for the request. - +.PP .SS -F, --fin Use TCP's FIN flag for the request. - +.PP .SS -P, --psh Use TCP's PSH flag for the request. - +.PP .SS -U, --urg Use TCP's URG flag for the request. - +.PP .SS -R, --rst Use TCP's RST flag for the request. - +.PP .SS -E, --ecn-syn Use TCP's ECN flag for the request. - +.PP .SS -t <tos>, --tos <tos> Explicitly specify IP's TOS. - +.PP .SS -G, --nofrag Set IP's no fragmentation flag. - +.PP .SS -Z, --show-packet Show and dissect the returned packet. - +.PP .SS -v, --version Show version information and exit. - +.PP .SS -h, --help Show user help and exit. - +.PP .SH USAGE EXAMPLE - +.PP .SS astraceroute -i eth0 -N -S -H netsniff-ng.org This sends out a TCP SYN probe via the ``eth0'' networking device to the remote IPv4 host netsniff-ng.org. This request is most likely to pass. Also, tell astraceroute to perform reverse DNS lookups for each hop. - +.PP .SS astraceroute -6 -i eth0 -S -E -N -H www.6bone.net In this example, a TCP SYN/ECN probe for the IPv6 host www.6bone.net is being performed. Also in this case, the ``eth0'' device is being used as well as a reverse DNS lookup for each hop. - +.PP .SS astraceroute -i eth0 -N -F -H netsniff-ng.org Here, we send out a TCP FIN probe to the remote host netsniff-ng.org. Again, on each hop a reverse DNS lookup is being done and the queries are transmitted from ``eth0''. IPv4 is used. - +.PP .SS astraceroute -i eth0 -N -FPU -H netsniff-ng.org As in most other examples, we perform a trace route to IPv4 host netsniff-ng.org and do a TCP Xmas probe this time. - +.PP .SS astraceroute -i eth0 -N -H netsniff-ng.org -X "censor-me" -Z In this example, we have a Null probe to the remote host netsniff-ng.org, port 80 (default) and this time, we append the cleartext string "censor-me" into the packet payload to test if a firewall/DPI will let this string pass. Such a trace could be done once without and once with a blacklisted string to gather possible information about censorhsip. - +.PP .SH NOTE If a TCP-based probe will fail after a number of retries, astraceroute will automatically fall back to ICMP-based probes to pass through firewalls resp. routers. - +.PP To gather more information about astraceroute's displayed AS numbers, see e.g., http://bgp.he.net/AS<number>. - +.PP .SH BUGS The geographical locations are estimated with the help of Maxmind's GeoIP database and can or cannot deviate from the actual real physical location. What one can do to decrease a possible error rate is to update the database regularly e.g. with astraceroute's --update option. - +.PP At some point in time, we need a similar approach to gather more reliable path information such as in paris-traceroute. - +.PP Due to the generic nature of astraceroute, it currently has a built-in mechanism to stop the trace after a static number of hops, since the configurable TCP flags can have anything included. It is possible to decrease this number of course. In the future, if a SYN probe is sent out, there should be a listener thus we can stop the trace if we detect a handshake in progress. - +.PP .SH LEGAL astraceroute is licensed under the GNU GPL version 2.0. - +.PP .SH HISTORY .B astraceroute was originally written for the netsniff-ng toolkit by Daniel Borkmann. It is currently maintained by Tobias Klauser <tklauser@distanz.ch> and Daniel Borkmann <dborkma@tik.ee.ethz.ch>. - +.PP .SH SEE ALSO .BR netsniff-ng (8), .BR trafgen (8), @@ -197,6 +197,6 @@ Borkmann <dborkma@tik.ee.ethz.ch>. .BR bpfc (8), .BR flowtop (8), .BR curvetun (8) - +.PP .SH AUTHOR Manpage was written by Daniel Borkmann. |