From 397483d79b222be420b7dc934e7751bb9d1829a6 Mon Sep 17 00:00:00 2001 From: Stephen Wadeley Date: Tue, 11 Jun 2013 17:13:33 +0200 Subject: man: improvements to language for astraceroute.8 Signed-off-by: Stephen Wadeley Signed-off-by: Daniel Borkmann --- astraceroute.8 | 58 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 30 insertions(+), 28 deletions(-) diff --git a/astraceroute.8 b/astraceroute.8 index 34dbc54..baaa9f8 100644 --- a/astraceroute.8 +++ b/astraceroute.8 @@ -13,37 +13,39 @@ astraceroute \- autonomous system trace route utility .SH DESCRIPTION astraceroute is a small utility to retrieve path information in a traceroute like way, but with additional geographical location information. It tracks the -route of a packet from the local host to the remote host by sucessively -increasing the IP's TTL field in the hope, that the intermediate node sends a -ICMP TIME_EXCEEDED notification back to us. +route of a packet from the local host to the remote host by successively +increasing the IP's TTL field, starting from 1, in the hope that each intermediate +node will send an ICMP TIME_EXCEEDED notification back to the local host when the +TTL value is decremented to 0. .PP astraceroute supports IPv4 and IPv6 queries and will display country and city -information, if available, as well as the AS number the hop belongs to and its +information, if available, the AS number the hop belongs to, and its ISP name. astraceroute also displays timing information and reverse DNS data. .PP -Due to astraceroute's configurability it is also possible to gather some more -useful information about the hop regarding what it does and doesn't pass through. -I.e. astraceroute also allows some clear text strings for probing DPIs or -``great firewalls'' that would filter out blacklisted critical keywords. This -tool might be a good start for further in-depth analysis of such systems. +Due to astraceroute's configurability, it is also possible to gather some more +useful information about the hop regarding what it does and does not allow to pass +through. This is done by using clear text strings for probing DPIs or +``great firewalls'' to determine if they will filter out blacklisted critical +keywords. This tool might be a good start for further in-depth analysis of such +systems. .PP .SH OPTIONS .PP .SS -H , --host Hostname or IPv4 or IPv6 address of the remote host where the AS route should -be traced to. In case of an IPv6 address or host, option ``\-6'' must be +be traced to. In the case of an IPv6 address or host, option ``\-6'' must be used. IPv4 is the default. .PP .SS -p , --port TCP port for the remote host to use. If not specified, the default -port to be used is 80. +port used is 80. .PP .SS -i , -d , --dev Networking device to start the trace route from, e.g. eth0, wlan0. .PP .SS -f , --init-ttl Initial TTL value to be used. This option might be useful if you are not -interested in the first n hops, but only follow-up ones. The default +interested in the first n hops, but only the following ones. The default initial TTL value is 1. .PP .SS -m , --max-ttl @@ -60,8 +62,8 @@ the maximum time astraceroute must wait for an ICMP response from the current hop. The default is 3 seconds. .PP .SS -X , --payload -Places an ASCII cleartext into the packet payload. Cleartext that -contains whitespaces must be put into quotes (e.g., "censer me"). +Places an ASCII cleartext string into the packet payload. Cleartext that +contains whitespace must be put into quotes (e.g.: "censor me"). .PP .SS -l , --totlen Specifies the total length of the packet. Payload that does not have a @@ -87,7 +89,7 @@ different hosts or IP addresses can be placed into geoip.conf, separated by a newline. .PP .SS -L, --latitude -Also show latitude and longtitude of hops. +Also show latitude and longitude of hops. .PP .SS -N, --dns Tells astraceroute to perform reverse DNS lookup for hop replies. The @@ -153,31 +155,31 @@ and do a TCP Xmas probe this time. .SS astraceroute -i eth0 -N -H netsniff-ng.org -X "censor-me" -Z In this example, we have a Null probe to the remote host netsniff-ng.org, port 80 (default) and this time, we append the cleartext string "censor-me" into the -packet payload to test if a firewall/DPI will let this string pass. Such a trace -could be done once without and once with a blacklisted string to gather possible -information about censorhsip. +packet payload to test if a firewall or DPI will let this string pass. Such a trace +could be done once without, and once with, a blacklisted string to gather possible +information about censorship. .PP .SH NOTE -If a TCP-based probe will fail after a number of retries, astraceroute will -automatically fall back to ICMP-based probes to pass through firewalls resp. -routers. +If a TCP-based probe fails after a number of retries, astraceroute will +automatically fall back to ICMP-based probes to pass through firewalls +and routers used in load balancing for example. .PP -To gather more information about astraceroute's displayed AS numbers, see e.g., +To gather more information about astraceroute's displayed AS numbers, see e.g.: http://bgp.he.net/AS. .PP .SH BUGS The geographical locations are estimated with the help of Maxmind's GeoIP -database and can or cannot deviate from the actual real physical location. -What one can do to decrease a possible error rate is to update the database -regularly e.g. with astraceroute's \-\-update option. +database and can differ from the real physical location. To decrease the +possible errors, update the database regularly using astraceroute's \-\-update +option. .PP At some point in time, we need a similar approach to gather more reliable path -information such as in paris-traceroute. +information such as in the paris-traceroute tool. .PP Due to the generic nature of astraceroute, it currently has a built-in mechanism -to stop the trace after a static number of hops, since the configurable TCP flags +to stop the trace after a fixed number of hops, since the configurable TCP flags can have anything included. It is possible to decrease this number of course. -In the future, if a SYN probe is sent out, there should be a listener thus we can +In the future, if a SYN probe is sent out, there should be a listener so that we can stop the trace if we detect a handshake in progress. .PP .SH LEGAL -- cgit v1.2.3-54-g00ecf