From: mc (mclists@optushome.com.au)
Date: Thu Feb 24 2005 - 18:38:10 EST
Chris wrote:
>Hi,
>
>I've just got a little question which isn't really linked to
>pen-testing: do you know any alternative to the normal UDP/TCP/ICMP
>traceroute to trace the route of a packet? I'm already aware of the IP
>Record Route option, but is there any other hack that you guys would be
>aware of?
>
>Thanks.
>
>Christian Vincenot
>
>
>
Paratrace? (Part of the Paketto package from http://www.doxpara.com/)
To quote the release information of it..
Paratrace traces the path between a client and a server, much like
"traceroute", but with a major twist: Rather than iterate the TTLs of UDP,
ICMP, or even TCP SYN packets, paratrace attaches itself to an existing,
stateful- firewall-approved TCP flow, statelessly releasing as many TCP
Keepalive messages as the software estimates the remote host is
hop-distant. The resultant ICMP Time Exceeded replies are analyzed, with
their original hopcount "tattooed" in the IPID field copied into the
returned packets by so many helpful routers. Through this process,
paratrace can trace a route without modulating a single byte of TCP/Layer
4, and thus delivers fully valid (if occasionally redundant) segments at
Layer 4 -- segments generated by another process entirely.
-- mc
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT