From cc59fed07c9ac710bf83dc393b8a89f22f0c63a0 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Mon, 6 May 2013 12:26:33 +0200 Subject: man: finish astraceroute man page Finish writing up the remaining section of the astraceroute man page. Signed-off-by: Daniel Borkmann --- astraceroute.8 | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 65 insertions(+), 2 deletions(-) (limited to 'astraceroute.8') diff --git a/astraceroute.8 b/astraceroute.8 index 9907bba..28d1948 100644 --- a/astraceroute.8 +++ b/astraceroute.8 @@ -30,52 +30,96 @@ tool might be a good start for further in-depth analysis of such systems. .SH OPTIONS .SS -H , --host +Hostname, IPv4 or IPv6 address of the remote host where the AS route should +be traced to. In case of an IPv6 address or host, also option ``-6'' must be +used. IPv4 is the default. .SS -p , --port +TCP port for the remote host to use. If not otherwise specified, the default +port to be used is 80. .SS -i , -d , --dev +Networking device to start the trace route from, e.g. eth0, wlan0. .SS -f , --init-ttl +Initial TTL value to be used. This option might be useful if you are not +interested in the first n hops, but only follow-up ones. The default +initial TTL value is 1. .SS -m , --max-ttl +Maximum TTL value to be used. If not otherwise specified, the maximum +TTL value is 30. Thus, after this has been reached astraceroute exits +itself. .SS -q , --num-probes +Specifies the number of queries to be done on a particular hop. The +default is 2 query requests. .SS -x , --timeout +Tells astraceroute the probe response timeout in seconds, in other words +the maximum time astraceroute must wait for an ICMP response from the current +hop. The default is 3 seconds. .SS -X , --payload +Places an ASCII cleartext into the packet payload. In case the cleartext +contains whitespaces, it must be put into quotes, f.e. "censer me". .SS -l , --totlen +Specifies the total length of the packet. Payload that does not have a +cleartext string in it is padded with random garbage. .SS -4, --ipv4 +Use IPv4 only requests. This is the default. .SS -6, --ipv6 +Use IPv6 only requests. This must be used when passing an IPv6 host as an +argument. .SS -n, --numeric +Tells astraceroute to not perform reverse DNS lookup for hop replies. The +reverse option is ``-N''. .SS -u, --update +The built-in geo-database update mechanism will be invoked to get Maxmind's +latest version. To configure search locations for databases, the file +/etc/netsniff-ng/geoip.conf contains possible addresses. Thus, to save bandwidth +or for mirroring Maxmind's databases (to bypass their traffic limit policy), +different hosts or IP addresses can be placed into geoip.conf, separated by +a newline. .SS -L, --latitude +Also show latitude and longtitude of hops. .SS -N, --dns +Tells astraceroute to perform reverse DNS lookup for hop replies. The +reverse option is ``-n''. .SS -S, --syn +Use TCP's SYN flag for the request. .SS -A, --ack +Use TCP's ACK flag for the request. .SS -F, --fin +Use TCP's FIN flag for the request. .SS -P, --psh +Use TCP's PSH flag for the request. .SS -U, --urg +Use TCP's URG flag for the request. .SS -R, --rst +Use TCP's RST flag for the request. .SS -E, --ecn-syn +Use TCP's ECN flag for the request. .SS -t , --tos +Explicitly specify IP's TOS. .SS -G, --nofrag +Set the IP's no fragmentation flag. .SS -Z, --show-packet Show and dissect the returned packet. @@ -89,11 +133,30 @@ Show user help. .SH USAGE EXAMPLE .SS astraceroute -i eth0 -N -S -H netsniff-ng.org -.SS astraceroute -i eth0 -N -E -H netsniff-ng.org +This sends out a TCP SYN probe via the ``eth0'' networking device to the +remote IPv4 host netsniff-ng.org. This request is most likely to pass. Also, +tell astraceroute to perform reverse DNS lookups for each hop. + +.SS astraceroute -6 -i eth0 -S -E -N -H www.6bone.net +In this example, a TCP SYN/ECN probe for the IPv6 host www.6bone.net is being +performed. Also in this case, the ``eth0'' device is being used and hops are +being reserve DNS'ed. + .SS astraceroute -i eth0 -N -F -H netsniff-ng.org +Here, we send out a TCP FIN probe to the remote host netsniff-ng.org. Again, +on each hop a reverse DNS lookup is being done and the queries are transmitted +from ``eth0''. IPv4 is used. + .SS astraceroute -i eth0 -N -FPU -H netsniff-ng.org +As in most other examples, we perform a trace route to IPv4 host netsniff-ng.org +and do a TCP Xmas probe this time. + .SS astraceroute -i eth0 -N -H netsniff-ng.org -X "censor-me" -Z -.SS astraceroute -6 -i eth0 -S -E -N -H www.6bone.net +In this example, we have a Null probe to the remote host netsniff-ng.org, port +80 (default) and this time, we append the cleartext string "censor-me" into the +packet payload to test if a firewall/DPI will let this string pass. Such a trace +could be done once without and once with a blacklisted string to gather possible +information about censorhsip. .SH NOTE If a TCP-based probe will fail after a number of retries, astraceroute will -- cgit v1.2.3-54-g00ecf