Saturday, December 31, 2011

Layer four traceroute

Layer Four Traceroute (LFT) is a fast, multi-protocol traceroute engine, that also implements numerous other features including AS number lookups through Regional Internet Registries and other reliable sources, Loose Source Routing, firewall and load balancer detection, etc. LFT is best known for its use by network security practitioners to trace a route to a destination host through many configurations of packet-filters / firewalls and to detect network connectivity, performance or latency problems.

traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network.
traceroute outputs the list of traversed routers in simple text format, together with timing information

Traceroute is available on most operating systems.

On the Apple Mac, traceroute is available through opening 'Network Utilities' then selecting 'Traceroute' tab. On Microsoft Windows operating systems it is named tracert. Windows NT-based operating systems also provide PathPing, with similar functionality. Variants with similar functionality are also available, such as tracepath on Linux installations. For Internet Protocol Version 6 (IPv6) the tool sometimes has the name traceroute6.

LFT sends various TCP SYN and FIN probes (differing from Van Jacobson's UDP-based method) or UDP probes utilizing the IP protocol 'time to live' field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host. LFT also listens for various TCP, UDP, and ICMP messages along the way to assist network managers in ascertaining per-protocol heuristic routing information, and can optionally retrieve various information about the networks it traverses. The operation of layer four traceroute is described in detail in several prominent security books

No comments:

Recent Posts