1ASTRACEROUTE(8)               netsniff-ng toolkit              ASTRACEROUTE(8)
2
3
4

NAME

6       astraceroute - autonomous system trace route utility
7

SYNOPSIS

9       astraceroute [options]
10

DESCRIPTION

12       astraceroute  is  a  small  utility  to  retrieve path information in a
13       traceroute like way, but with additional geographical location informa‐
14       tion. It tracks the route of a packet from the local host to the remote
15       host by successively increasing the IP's TTL field, starting from 1, in
16       the  hope  that  each intermediate node will send an ICMP TIME_EXCEEDED
17       notification back to the local host when the TTL value  is  decremented
18       to 0.
19
20       astraceroute  supports  IPv4  and IPv6 queries and will display country
21       and city information, if available, the AS number the hop  belongs  to,
22       and  its  ISP  name.  astraceroute also displays timing information and
23       reverse DNS data.
24
25       Due to astraceroute's configurability, it is also  possible  to  gather
26       some  more  useful information about the hop regarding what it does and
27       does not allow to pass through.  This  is  done  by  using  clear  text
28       strings  for  probing  DPIs or ``great firewalls'' to determine if they
29       will filter out blacklisted critical keywords. This  tool  might  be  a
30       good start for further in-depth analysis of such systems.
31

OPTIONS

33   -H <host>, --host <host>
34       Hostname  or IPv4 or IPv6 address of the remote host where the AS route
35       should be traced to. In the case of an IPv6  address  or  host,  option
36       ''-6'' must be used. IPv4 is the default.
37
38   -p <port>, --port <port>
39       TCP port for the remote host to use. If not specified, the default port
40       used is 80.
41
42   -i <device>, -d <device>, --dev <device>
43       Networking device to start the trace route from, e.g. eth0, wlan0.
44
45   -b <IP>, --bind <IP>
46       IP address to bind to other than the network device's address. You must
47       specify -6 for an IPv6 address.
48
49   -f <ttl>, --init-ttl <ttl>
50       Initial  TTL  value  to be used. This option might be useful if you are
51       not interested in the first n hops, but only the  following  ones.  The
52       default initial TTL value is 1.
53
54   -m <ttl>, --max-ttl <ttl>
55       Maximum  TTL  value to be used. If not otherwise specified, the maximum
56       TTL value is 30. Thus, after this has been reached astraceroute exits.
57
58   -q <num>, --num-probes <num>
59       Specifies the number of queries to be done on  a  particular  hop.  The
60       default is 2 query requests.
61
62   -x <sec>, --timeout <sec>
63       Tells  astraceroute  the  probe  response  timeout in seconds, in other
64       words the maximum time astraceroute must wait for an ICMP response from
65       the current hop. The default is 3 seconds.
66
67   -X <string>, --payload <string>
68       Places  an  ASCII  cleartext  string into the packet payload. Cleartext
69       that contains whitespace must be put into quotes (e.g.: "censor me").
70
71   -l <len>, --totlen <len>
72       Specifies the total length of the packet. Payload that does not have  a
73       cleartext string in it is padded with random garbage.
74
75   -4, --ipv4
76       Use IPv4 only requests. This is the default.
77
78   -6, --ipv6
79       Use  IPv6 only requests. This must be used when passing an IPv6 host as
80       an argument.
81
82   -n, --numeric
83       Tells astraceroute to not perform reverse DNS lookup for  hop  replies.
84       The reverse option is ''-N''.
85
86   -u, --update
87       The  built-in geo-database update mechanism will be invoked to get Max‐
88       mind's latest version. To configure search locations for databases, the
89       file  /etc/netsniff-ng/geoip.conf contains possible addresses. Thus, to
90       save bandwidth or for mirroring Maxmind's databases  (to  bypass  their
91       traffic  limit  policy),  different hosts or IP addresses can be placed
92       into geoip.conf, separated by a newline.
93
94   -L, --latitude
95       Also show latitude and longitude of hops.
96
97   -N, --dns
98       Tells astraceroute to perform reverse DNS lookup for hop  replies.  The
99       reverse option is ''-n''.
100
101   -S, --syn
102       Use TCP's SYN flag for the request.
103
104   -A, --ack
105       Use TCP's ACK flag for the request.
106
107   -F, --fin
108       Use TCP's FIN flag for the request.
109
110   -P, --psh
111       Use TCP's PSH flag for the request.
112
113   -U, --urg
114       Use TCP's URG flag for the request.
115
116   -R, --rst
117       Use TCP's RST flag for the request.
118
119   -E, --ecn-syn
120       Use TCP's ECN flag for the request.
121
122   -t <tos>, --tos <tos>
123       Explicitly specify IP's TOS.
124
125   -G, --nofrag
126       Set IP's no fragmentation flag.
127
128   -Z, --show-packet
129       Show and dissect the returned packet.
130
131   -v, --version
132       Show version information and exit.
133
134   -h, --help
135       Show user help and exit.
136

USAGE EXAMPLE

138   astraceroute -i eth0 -N -S -H netsniff-ng.org
139       This  sends  out  a TCP SYN probe via the ''eth0'' networking device to
140       the remote IPv4 host netsniff-ng.org. This request is  most  likely  to
141       pass.  Also,  tell astraceroute to perform reverse DNS lookups for each
142       hop.
143
144   astraceroute -6 -i eth0 -S -E -N -H www.6bone.net
145       In this example, a TCP SYN/ECN probe for the IPv6 host www.6bone.net is
146       being  performed.  Also in this case, the ''eth0'' device is being used
147       as well as a reverse DNS lookup for each hop.
148
149   astraceroute -i eth0 -N -F -H netsniff-ng.org
150       Here, we send out a TCP FIN probe to the remote  host  netsniff-ng.org.
151       Again,  on  each hop a reverse DNS lookup is being done and the queries
152       are transmitted from ''eth0''. IPv4 is used.
153
154   astraceroute -i eth0 -N -FPU -H netsniff-ng.org
155       As in most other examples, we perform a trace route to IPv4  host  net‐
156       sniff-ng.org and do a TCP Xmas probe this time.
157
158   astraceroute -i eth0 -N -H netsniff-ng.org -X censor-me -Z
159       In  this  example,  we  have  a Null probe to the remote host netsniff-
160       ng.org, port 80 (default) and this time, we append the cleartext string
161       "censor-me"  into  the packet payload to test if a firewall or DPI will
162       let this string pass. Such a trace could be done once without, and once
163       with, a blacklisted string to gather possible information about censor‐
164       ship.
165

NOTE

167       If a TCP-based probe fails after a number of retries, astraceroute will
168       automatically  fall back to ICMP-based probes to pass through firewalls
169       and routers used in load balancing for example.
170
171       To gather more information about astraceroute's displayed  AS  numbers,
172       see e.g.: http://bgp.he.net/AS<number>.
173

BUGS

175       The  geographical  locations  are  estimated with the help of Maxmind's
176       GeoIP database and can differ  from  the  real  physical  location.  To
177       decrease  the  possible  errors,  update  the  database regularly using
178       astraceroute's --update option.
179
180       At some point in time, we need a similar approach to gather more  reli‐
181       able path information such as in the paris-traceroute tool.
182
183       Due  to the generic nature of astraceroute, it currently has a built-in
184       mechanism to stop the trace after a fixed number  of  hops,  since  the
185       configurable  TCP  flags  can have anything included. It is possible to
186       decrease this number of course.  In the future, if a SYN probe is  sent
187       out,  there  should  be  a listener so that we can stop the trace if we
188       detect a handshake in progress.
189
191       astraceroute is licensed under the GNU GPL version 2.0.
192

HISTORY

194       astraceroute was originally written  for  the  netsniff-ng  toolkit  by
195       Daniel   Borkmann.   It  is  currently  maintained  by  Tobias  Klauser
196       <tklauser@distanz.ch> and Daniel Borkmann <dborkma@tik.ee.ethz.ch>.
197

SEE ALSO

199       netsniff-ng(8),  trafgen(8),  mausezahn(8),  ifpps(8),  bpfc(8),  flow‐
200       top(8), curvetun(8)
201

AUTHOR

203       Manpage was written by Daniel Borkmann.
204

COLOPHON

206       This  page is part of the Linux netsniff-ng toolkit project. A descrip‐
207       tion of the project, and information about reporting bugs, can be found
208       at http://netsniff-ng.org/.
209
210
211
212Linux                            03 March 2013                 ASTRACEROUTE(8)
Impressum