tcptraceroute(1)

NAME

tcptraceroute - A traceroute implementation using TCP
packets

SYNOPSIS

tcptraceroute [-nNFSAE] [ -i interface ] [ -f first ttl ]
[ -l length ] [ -q number of queries ] [ -t tos ]
[ -m max ttl ] [ -p source port ] [ -s source address ]
[ -w wait time ] host [ destination port ] [ length ]

DESCRIPTION

tcptraceroute is a traceroute implementation using TCP
packets.
The more traditional traceroute(8) sends out either UDP or
ICMP ECHO packets with a TTL of one, and increments the TTL until
the destination has been reached. By printing the gateways that
generate ICMP time exceeded messages along the way, it is able to
determine the path packets are taking to reach the destination.
The problem is that with the widespread use of firewalls
on the modern Internet, many of the packets that traceroute(8)
sends out end up being filtered, making it impossible to com
pletely trace the path to the destination. However, in many cas
es, these firewalls will permit inbound TCP packets to specific
ports that hosts sitting behind the firewall are listening for
connections on. By sending out TCP SYN packets instead of UDP or
ICMP ECHO packets, tcptraceroute is able to bypass the most com
mon firewall filters.
It is worth noting that tcptraceroute never completely es
tablishes a TCP connection with the destination host. If the
host is not listening for incoming connections, it will respond
with an RST indicating that the port is closed. If the host in
stead responds with a SYN|ACK, the port is known to be open, and
an RST is sent by the kernel tcptraceroute is running on to tear
down the connection without completing three-way handshake. This
is the same half-open scanning technique that nmap(1) uses when
passed the -sS flag.

OPTIONS

-n Display numeric output, rather than doing a reverse
DNS lookup for each hop. By default, reverse lookups are never
attempted on RFC1918 address space, regardless of the -n flag.
-N Perform a reverse DNS lookup for each hop, includ
ing RFC1918 addresses.
-f Set the initial TTL used in the first outgoing
packet. The default is 1.
-m Set the maximum TTL used in outgoing packets. The
default is 30.
-p Use the specified local TCP port in outgoing pack
ets. The default is to obtain a free port from the kernel using
bind(2). Unlike with traditional traceroute(8), this number will
not increase with each hop.
-s Set the source address for outgoing packets. See
also the -i flag.
-i Use the specified interface for outgoing packets.
-q Set the number of probes to be sent to each hop.
The default is 3.
-w Set the timeout, in seconds, to wait for a response
for each probe. The default is 3.
-S Set the TCP SYN flag in outgoing packets. This is
the default, if neither -S or -A is specified.
-A Set the TCP ACK flag in outgoing packets. By doing
so, it is possible to trace through stateless firewalls which
permit outgoing TCP connections.
-E Send ECN SYN packets, as described in RFC2481.
-t Set the IP TOS (type of service) to be used in out
going packets. The default is not to set any TOS.
-F Set the IP "don't fragment" bit in outgoing pack
ets.
-l Set the total packet length to be used in outgoing
packets. If the length is greater than the minimum size required
to assemble the necessary probe packet headers, this value is au
tomatically increased.
-d Enable debugging, which may or may not be useful.

EXAMPLES

Please see the examples.txt file included in the
tcptraceroute distribution for a few real world examples.
To trace the path to a web server listening for connec
tions on port 80:

tcptraceroute webserver
To trace the path to a mail server listening for connec
tions on port 25:

tcptraceroute mailserver 25

BUGS

No error checking is performed on the source address spec
ified by the -s flag, and it is therefore possible for
tcptraceroute to send out TCP SYN packets for which it has no
chance of seeing a response to.

AUTHOR

Michael C. Toren <mct@toren.net>

AVAILABILITY

For updates, please see:
http://michael.toren.net/code/tcptraceroute/

SEE ALSO

traceroute(8), ping(8), nmap(1)
2001 July 31

TCPTRACEROUTE(1)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout