Windows - tracert- Sends ICMP Echo Request
- Small TTLs ++
- C:\> tracert
- -d: Don’t resolve names
- -h [N]: Max hops (def 30)
- -j [hostlist]: Loose source routing, sp-seperated
- -w [N]: millisec * timeout (def 4000)
- UDP packets 33434++
- Each hop measured 3x
- # traceroute
- -f [N]: TTL for first packet
- -g [hostlist]: Loose source routing (8 hops max)
- -I: use ICMP Echo Request
- -m [N]: Max hops
- -n: Don’t resolve names (use numbers)
- -p [port]: Base UDP port
- -w [N]: seconds * timeout (def 5)
- Linux / MacOS free
- Windows GUI paid (Path Analyzer Pro)
- Traverses many IDS/IPS
- TCP/UDP/ICMP probes
- $ lft [options] address
- -d [port]: destination port (set to port FW allows)
- -s [port]: source port
- -E/e: Enable Adaptive engine (tries several TCP states to improve chances of success)
- -A: displays ASNs (uses various whois servers)
TCP Initialization Sequence
TCP Connection Scenarios
TCP Connection Scenarios “filtered”
UDP Traffic Scenarios
UDP Traffic Scenarios "open|filtered"
- Port inaccessible
- Possible Reasons:
- - Port is closed
- - Firewall is blocking inbound UDP packet
- - Firewall is blocking outbound response
- - Port is open, but would only respond to specific data in the UDP payload
- Ultimately…no way to know
No comments:
Post a Comment