This tool is like the well-known traceroute. It's licensed under the terms of the GNU Public License. See file COPYING for details. ---------------[from man traceroute]------------------------- The Internet is a large and complex aggregation of network hardware, con­ nected together by gateways. Tracking the route one's packets follow (or finding the miscreant gateway that's discarding your packets) can be dif­ ficult. Traceroute utilizes the IP protocol `time to live' field and at­ tempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host. The only mandatory parameter is the destination host name or IP number. This program attempts to trace the route an IP packet would follow to some internet host by launching UDP probe packets with a small ttl (time to live) then listening for an ICMP "time exceeded" reply from a gateway. We start our probes with a ttl of one and increase by one until we get an ICMP "port unreachable" (which means we got to "host") or hit a max (which defaults to 30 hops & can be changed with the -t flag). Three probes are sent at each ttl setting and a line is printed showing the ttl, address of the gateway and round trip time of each probe. If the probe answers come from different gateways, the address of each responding system will be printed. If there is no response within a 3 sec. timeout interval, a "*" is printed for that probe. -------------------------------------------------------------- usage: ./simpletraceroute [-hVvn] [-t hops] host h : print help (this text) V : print version and exit v : verbose output n : don't resolve ip addresses b : burst mode\n"); r rounds : rounds for burst mode\n"); t hops : maximal hop count u packets : stop after that count of dest. unreable Sample Output: Tracing to www.yahoo.akadns.net (216.32.74.53), max 30 hops, has a standard IPv4 address. (alias list: www.yahoo.com) Warning, host has multiple IP addresses [216.32.74.53, 216.32.74.55, 216.32.74.50, 216.32.74.51, 216.32.74.52], useing the first. TTL Routername (IP address) Packet travel times 1 wawa.bedinetz.de (62.154.193.190) 25ms 24ms 24ms 2 zev-bedi.bedinetz.de (62.154.193.161) 25ms 25ms 25ms 3 cisco01.bedi.net (62.154.193.129) 23ms 26ms 25ms 4 BRB-ag1.BRB.net.DTAG.DE (194.25.7.25) 29ms 28ms 29ms 5 BRB-gw1.BRB.net.DTAG.DE (194.25.125.14) 33ms 31ms 29ms 6 B-gw1.B.net.DTAG.DE (194.25.120.85) 29ms 32ms 29ms 7 B-gw13.B.net.DTAG.DE (212.185.8.3) 29ms 32ms 29ms 8 H-gw12.H.net.DTAG.DE (194.25.120.114) 32ms 31ms 33ms 9 F-gw13.F.net.DTAG.DE (194.25.121.81) 40ms 39ms 36ms 10 TysonsC-gw12.USA.net.DTAG.DE (194.25.6.98) 127ms 126ms 124ms 11 TysonsC-gw1.USA.net.DTAG.DE (194.25.6.117) 124ms 130ms 124ms 12 * * * 13 bbr01-p1-3.hrnd01.exodus.net (209.185.9.21) 124ms 126ms 124ms 14 bbr02-g3-0.hrnd01.exodus.net (216.33.203.94) 124ms 123ms 124ms 15 bbr02-p2-0.stng01.exodus.net (209.185.9.78) 124ms 124ms 127ms 16 dcr03-g9-0.stng01.exodus.net (216.33.96.145) 135ms 122ms 135ms 17 216.33.98.18 127ms 125ms 124ms Here we traced a host with multiple IP addresses. The Burst Mode The idea is to sent a lot's of packets with different TTLs to different ports at a time. In the received ICMP "Time Exceeded" packets the first few bytes of the destroyed packet become returned. By this, the header of the packet that was sent by us is included. So we can get the port number to which the packet was sent. Since every packet was sent to a different port, we know to what port we sent with which TTL. Please note that this mode has disadvantages. It sends a lot of packets, and many of them are not neccesary. Second, it relays that the first bytes are included in the ICMP payload, but that may not happen in all environments. The timings are not excact, since the sent packets influces the bandwidth and the time a packet needs to be sent back. Finally, routers may react different on this type of scan, intrusion detection tools will detect a UDP flood and packet queues may be overloaded.