1ASTRACEROUTE(8) netsniff-ng toolkit ASTRACEROUTE(8)
2
6 astraceroute - autonomous system trace route utility
7
9 astraceroute [options]
10
12 astraceroute is a small utility to retrieve path information in a
13 traceroute like way, but with additional geographical location informa‐
14 tion. It tracks the route of a packet from the local host to the remote
15 host by successively increasing the IP's TTL field, starting from 1, in
16 the hope that each intermediate node will send an ICMP TIME_EXCEEDED
17 notification back to the local host when the TTL value is decremented
18 to 0.
19 astraceroute supports IPv4 and IPv6 queries and will display country
21 and city information, if available, the AS number the hop belongs to,
22 and its ISP name. astraceroute also displays timing information and
23 reverse DNS data.
24 Due to astraceroute's configurability, it is also possible to gather
26 some more useful information about the hop regarding what it does and
27 does not allow to pass through. This is done by using clear text
28 strings for probing DPIs or ``great firewalls'' to determine if they
29 will filter out blacklisted critical keywords. This tool might be a
30 good start for further in-depth analysis of such systems.
31
33 -H <host>, --host <host>
34 Hostname or IPv4 or IPv6 address of the remote host where the AS route
35 should be traced to. In the case of an IPv6 address or host, option
36 ''-6'' must be used. IPv4 is the default.
37 -p <port>, --port <port>
39 TCP port for the remote host to use. If not specified, the default port
40 used is 80.
41 -i <device>, -d <device>, --dev <device>
43 Networking device to start the trace route from, e.g. eth0, wlan0.
44 -b <IP>, --bind <IP>
46 IP address to bind to other than the network device's address. You must
47 specify -6 for an IPv6 address.
48 -f <ttl>, --init-ttl <ttl>
50 Initial TTL value to be used. This option might be useful if you are
51 not interested in the first n hops, but only the following ones. The
52 default initial TTL value is 1.
53 -m <ttl>, --max-ttl <ttl>
55 Maximum TTL value to be used. If not otherwise specified, the maximum
56 TTL value is 30. Thus, after this has been reached astraceroute exits.
57 -q <num>, --num-probes <num>
59 Specifies the number of queries to be done on a particular hop. The
60 default is 2 query requests.
61 -x <sec>, --timeout <sec>
63 Tells astraceroute the probe response timeout in seconds, in other
64 words the maximum time astraceroute must wait for an ICMP response from
65 the current hop. The default is 3 seconds.
66 -X <string>, --payload <string>
68 Places an ASCII cleartext string into the packet payload. Cleartext
69 that contains whitespace must be put into quotes (e.g.: "censor me").
70 -l <len>, --totlen <len>
72 Specifies the total length of the packet. Payload that does not have a
73 cleartext string in it is padded with random garbage.
74 -4, --ipv4
76 Use IPv4 only requests. This is the default.
77 -6, --ipv6
79 Use IPv6 only requests. This must be used when passing an IPv6 host as
80 an argument.
81 -n, --numeric
83 Tells astraceroute to not perform reverse DNS lookup for hop replies.
84 The reverse option is ''-N''.
85 -u, --update
87 The built-in geo-database update mechanism will be invoked to get Max‐
88 mind's latest version. To configure search locations for databases, the
89 file /etc/netsniff-ng/geoip.conf contains possible addresses. Thus, to
90 save bandwidth or for mirroring Maxmind's databases (to bypass their
91 traffic limit policy), different hosts or IP addresses can be placed
92 into geoip.conf, separated by a newline.
93 -L, --latitude
95 Also show latitude and longitude of hops.
96 -N, --dns
98 Tells astraceroute to perform reverse DNS lookup for hop replies. The
99 reverse option is ''-n''.
100 -S, --syn
102 Use TCP's SYN flag for the request.
103 -A, --ack
105 Use TCP's ACK flag for the request.
106 -F, --fin
108 Use TCP's FIN flag for the request.
109 -P, --psh
111 Use TCP's PSH flag for the request.
112 -U, --urg
114 Use TCP's URG flag for the request.
115 -R, --rst
117 Use TCP's RST flag for the request.
118 -E, --ecn-syn
120 Use TCP's ECN flag for the request.
121 -t <tos>, --tos <tos>
123 Explicitly specify IP's TOS.
124 -G, --nofrag
126 Set IP's no fragmentation flag.
127 -Z, --show-packet
129 Show and dissect the returned packet.
130 -v, --version
132 Show version information and exit.
133 -h, --help
135 Show user help and exit.
136
138 astraceroute -i eth0 -N -S -H netsniff-ng.org
139 This sends out a TCP SYN probe via the ''eth0'' networking device to
140 the remote IPv4 host netsniff-ng.org. This request is most likely to
141 pass. Also, tell astraceroute to perform reverse DNS lookups for each
142 hop.
143 astraceroute -6 -i eth0 -S -E -N -H www.6bone.net
145 In this example, a TCP SYN/ECN probe for the IPv6 host www.6bone.net is
146 being performed. Also in this case, the ''eth0'' device is being used
147 as well as a reverse DNS lookup for each hop.
148 astraceroute -i eth0 -N -F -H netsniff-ng.org
150 Here, we send out a TCP FIN probe to the remote host netsniff-ng.org.
151 Again, on each hop a reverse DNS lookup is being done and the queries
152 are transmitted from ''eth0''. IPv4 is used.
153 astraceroute -i eth0 -N -FPU -H netsniff-ng.org
155 As in most other examples, we perform a trace route to IPv4 host net‐
156 sniff-ng.org and do a TCP Xmas probe this time.
157 astraceroute -i eth0 -N -H netsniff-ng.org -X censor-me -Z
159 In this example, we have a Null probe to the remote host netsniff-
160 ng.org, port 80 (default) and this time, we append the cleartext string
161 "censor-me" into the packet payload to test if a firewall or DPI will
162 let this string pass. Such a trace could be done once without, and once
163 with, a blacklisted string to gather possible information about censor‐
164 ship.
165
167 If a TCP-based probe fails after a number of retries, astraceroute will
168 automatically fall back to ICMP-based probes to pass through firewalls
169 and routers used in load balancing for example.
170 To gather more information about astraceroute's displayed AS numbers,
172 see e.g.: http://bgp.he.net/AS<number>.
173
175 The geographical locations are estimated with the help of Maxmind's
176 GeoIP database and can differ from the real physical location. To
177 decrease the possible errors, update the database regularly using
178 astraceroute's --update option.
179 At some point in time, we need a similar approach to gather more reli‐
181 able path information such as in the paris-traceroute tool.
182 Due to the generic nature of astraceroute, it currently has a built-in
184 mechanism to stop the trace after a fixed number of hops, since the
185 configurable TCP flags can have anything included. It is possible to
186 decrease this number of course. In the future, if a SYN probe is sent
187 out, there should be a listener so that we can stop the trace if we
188 detect a handshake in progress.
189
191 astraceroute is licensed under the GNU GPL version 2.0.
192
194 astraceroute was originally written for the netsniff-ng toolkit by
195 Daniel Borkmann. It is currently maintained by Tobias Klauser
196 <tklauser@distanz.ch> and Daniel Borkmann <dborkma@tik.ee.ethz.ch>.
197
199 netsniff-ng(8), trafgen(8), mausezahn(8), ifpps(8), bpfc(8), flow‐
200 top(8), curvetun(8)
201
203 Manpage was written by Daniel Borkmann.
204
206 This page is part of the Linux netsniff-ng toolkit project. A descrip‐
207 tion of the project, and information about reporting bugs, can be found
208 at http://netsniff-ng.org/.
209Linux 03 March 2013 ASTRACEROUTE(8)