Backtrack 4: Information Gathering: Route: Tctrace – Traceroute with tcp/syn
TCtrace is like a brother to itrace and traceroute but it uses TCP SYN packets to trace. This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside. Once again its a very simple tool like the last few I have reviewed and it has one specific function.
Lets have a look at the options:
root@666:~# tctrace -h tctrace: invalid option -- 'h' Usage: tctrace [-vn] [-pX] [-mX] [-tX] [-DX] [-SX] -i<dev> -d<destination> -v verbose -n reverse lookup IPs -pX send X probes (default=3) -mX maximum TTL (default=30) -tX timeout X sec (default=3) -DX destination port (default=80) -SX source port (default=1064) -i<dev> use this device -d<des> trace to this destination
The options are fairly simple. Once again this tool is a little dated and does not work well on the open internet. Most system admins have looked the systems down against this sort of thing. These types of tools are still pretty useful on internal networks.
Here is a example (which fails) of trying to use the tool on google:
root@666:~# tctrace -v -i eth0 -D 80 -S 80 -d google.com Tracing with TCP SYNs to 188.8.131.52 Timeout 3, interface eth0 1(1) Timeout 1(2) Timeout 1(3) Timeout 1(all) Timeout 2(1) Timeout 2(2) Timeout 2(3) Timeout 2(all) Timeout 3(1) Timeout 3(2) Timeout 3(3) Timeout 3(all) Timeout 4(1) Timeout 4(2) Timeout 4(3) Timeout
Here is a example of using the tool internally against a firewall using ssh ports:
root@666:~# tctrace -v -i eth0 -D 22 -S 22 -d 192.168.1.1 Tracing with TCP SYNs to 192.168.1.1 Timeout 3, interface eth0 1(1) [192.168.1.1] (reached; open)
Once again, not such a fancy tool but it has its uses.