1ASTRACEROUTE(8) netsniff-ng toolkit ASTRACEROUTE(8)
2
6 astraceroute - autonomous system trace route utility
7
9 astraceroute [options]
10
12 astraceroute is a small utility to retrieve path information in a
13 traceroute like way, but with additional geographical location informa‐
14 tion. It tracks the route of a packet from the local host to the remote
15 host by successively increasing the IP's TTL field, starting from 1, in
16 the hope that each intermediate node will send an ICMP TIME_EXCEEDED
17 notification back to the local host when the TTL value is decremented
18 to 0.
19 astraceroute supports IPv4 and IPv6 queries and will display country
21 and city information, if available, the AS number the hop belongs to,
22 and its ISP name. astraceroute also displays timing information and re‐
23 verse DNS data.
24 Due to astraceroute's configurability, it is also possible to gather
26 some more useful information about the hop regarding what it does and
27 does not allow to pass through. This is done by using clear text
28 strings for probing DPIs or ``great firewalls'' to determine if they
29 will filter out blocked critical keywords. This tool might be a good
30 start for further in-depth analysis of such systems.
31
33 -H <host>, --host <host>
34 Hostname or IPv4 or IPv6 address of the remote host where the AS
35 route should be traced to. In the case of an IPv6 address or
36 host, option -6 must be used. IPv4 is the default.
37 -p <port>, --port <port>
39 TCP port for the remote host to use. If not specified, the de‐
40 fault port used is 80.
41 -i <device>, -d <device>, --dev <device>
43 Networking device to start the trace route from, e.g. eth0,
44 wlan0.
45 -b <IP>, --bind <IP>
47 IP address to bind to other than the network device's address.
48 You must specify -6 for an IPv6 address.
49 -f <ttl>, --init-ttl <ttl>
51 Initial TTL value to be used. This option might be useful if you
52 are not interested in the first n hops, but only the following
53 ones. The default initial TTL value is 1.
54 -m <ttl>, --max-ttl <ttl>
56 Maximum TTL value to be used. If not otherwise specified, the
57 maximum TTL value is 30. Thus, after this has been reached as‐
58 traceroute exits.
59 -q <num>, --num-probes <num>
61 Specifies the number of queries to be done on a particular hop.
62 The default is 2 query requests.
63 -x <sec>, --timeout <sec>
65 Tells astraceroute the probe response timeout in seconds, in
66 other words the maximum time astraceroute must wait for an ICMP
67 response from the current hop. The default is 3 seconds.
68 -X <string>, --payload <string>
70 Places an ASCII cleartext string into the packet payload. Clear‐
71 text that contains whitespace must be put into quotes (e.g.:
72 "censor me").
73 -l <len>, --totlen <len>
75 Specifies the total length of the packet. Payload that does not
76 have a cleartext string in it is padded with random garbage.
77 -4, --ipv4
79 Use IPv4 only requests. This is the default.
80 -6, --ipv6
82 Use IPv6 only requests. This must be used when passing an IPv6
83 host as an argument.
84 -n, --numeric
86 Tells astraceroute to not perform reverse DNS lookup for hop
87 replies. The reverse option is -N.
88 -u, --update
90 The built-in geo-database update mechanism will be invoked to
91 get Maxmind's latest version. To configure search locations for
92 databases, the file /etc/netsniff-ng/geoip.conf contains possi‐
93 ble addresses. Thus, to save bandwidth or for mirroring Max‐
94 mind's databases (to bypass their traffic limit policy), differ‐
95 ent hosts or IP addresses can be placed into geoip.conf, sepa‐
96 rated by a newline.
97 -L, --latitude
99 Also show latitude and longitude of hops.
100 -N, --dns
102 Tells astraceroute to perform reverse DNS lookup for hop
103 replies. The reverse option is -n.
104 -S, --syn
106 Use TCP's SYN flag for the request.
107 -A, --ack
109 Use TCP's ACK flag for the request.
110 -F, --fin
112 Use TCP's FIN flag for the request.
113 -P, --psh
115 Use TCP's PSH flag for the request.
116 -U, --urg
118 Use TCP's URG flag for the request.
119 -R, --rst
121 Use TCP's RST flag for the request.
122 -E, --ecn-syn
124 Use TCP's ECN flag for the request.
125 -t <tos>, --tos <tos>
127 Explicitly specify IP's TOS.
128 -G, --nofrag
130 Set IP's no fragmentation flag.
131 -Z, --show-packet
133 Show and dissect the returned packet.
134 -v, --version
136 Show version information and exit.
137 -h, --help
139 Show user help and exit.
140
142 astraceroute -i eth0 -N -S -H netsniff-ng.org
143 This sends out a TCP SYN probe via the ''eth0'' networking de‐
144 vice to the remote IPv4 host netsniff-ng.org. This request is
145 most likely to pass. Also, tell astraceroute to perform reverse
146 DNS lookups for each hop.
147 astraceroute -6 -i eth0 -S -E -N -H www.6bone.net
149 In this example, a TCP SYN/ECN probe for the IPv6 host
150 www.6bone.net is being performed. Also in this case, the
151 ''eth0'' device is being used as well as a reverse DNS lookup
152 for each hop.
153 astraceroute -i eth0 -N -F -H netsniff-ng.org
155 Here, we send out a TCP FIN probe to the remote host netsniff-
156 ng.org. Again, on each hop a reverse DNS lookup is being done
157 and the queries are transmitted from ''eth0''. IPv4 is used.
158 astraceroute -i eth0 -N -FPU -H netsniff-ng.org
160 As in most other examples, we perform a trace route to IPv4 host
161 netsniff-ng.org and do a TCP Xmas probe this time.
162 astraceroute -i eth0 -N -H netsniff-ng.org -X censor-me -Z
164 In this example, we have a Null probe to the remote host net‐
165 sniff-ng.org, port 80 (default) and this time, we append the
166 cleartext string "censor-me" into the packet payload to test if
167 a firewall or DPI will let this string pass. Such a trace could
168 be done once without and once with a blocked string to gather
169 possible information about censorship.
170
172 If a TCP-based probe fails after a number of retries, astraceroute will
173 automatically fall back to ICMP-based probes to pass through firewalls
174 and routers used in load balancing for example.
175 To gather more information about astraceroute's displayed AS numbers,
177 see e.g.: http://bgp.he.net/AS<number>.
178
180 The geographical locations are estimated with the help of Maxmind's
181 GeoIP database and can differ from the real physical location. To de‐
182 crease the possible errors, update the database regularly using as‐
183 traceroute's --update option.
184 At some point in time, we need a similar approach to gather more reli‐
186 able path information such as in the paris-traceroute tool.
187 Due to the generic nature of astraceroute, it currently has a built-in
189 mechanism to stop the trace after a fixed number of hops, since the
190 configurable TCP flags can have anything included. It is possible to
191 decrease this number of course. In the future, if a SYN probe is sent
192 out, there should be a listener so that we can stop the trace if we de‐
193 tect a handshake in progress.
194
196 astraceroute is licensed under the GNU GPL version 2.0.
197
199 astraceroute was originally written for the netsniff-ng toolkit by
200 Daniel Borkmann. It is currently maintained by Tobias Klauser <tk‐
201 lauser@distanz.ch> and Daniel Borkmann <dborkma@tik.ee.ethz.ch>.
202
204 netsniff-ng(8), trafgen(8), mausezahn(8), ifpps(8), bpfc(8), flow‐
205 top(8), curvetun(8)
206
208 Manpage was written by Daniel Borkmann.
209
211 This page is part of the Linux netsniff-ng toolkit project. A descrip‐
212 tion of the project, and information about reporting bugs, can be found
213 at http://netsniff-ng.org/.
214Linux 03 March 2013 ASTRACEROUTE(8)