Using Traceroute in Footprinting



Traceroute is a packet-tracking tool that is available for most operating systems. It operates by sending an Internet Control Message Protocol (ICMP) echo to each hop (router or gateway) along the path, until the destination address is reached. When ICMP messages are sent back from the router, the time to live (TTL) is decremented by one for each router along the path. This allows a hacker to determine how many hops a router is from the sender.
One problem with using the traceroute tool is that it times out (indicated by an asterisk) when it encounters a firewall or a packet-filtering router. Although a firewall stops the traceroute tool from discovering internal hosts on the network, it can alert an ethical hacker to the presence of a firewall; then, techniques for bypassing the firewall can be used.
Sam Spade and many other hacking tools include a version of traceroute. The Windows operating systems use the syntax tracert hostname to perform a traceroute. Figure 1 is an example of traceroute output for a trace of www.yahoo.com.
 
Figure 1: Traceroute output for www.yahoo.com
Notice in Figure 1 that the message first encounters the outbound ISP to reach the Yahoo! web server, and that the server's IP address is revealed as 68.142.226.42. Knowing this IP address enables the ethical hacker to perform additional scanning on that host during the scanning phase of the attack.
The tracert command identifies routers located en route to the destination's network. Because routers are generally named according to their physical location, tracertresults help you locate these devices.

No comments:

Post a Comment

Popular Posts