Itrace is a fairly simple tool so this will be short and sweet. Itrace is a program that implements traceroute functionality using ICMP echo request packets. Therefore, it looks like you are just pinging your target while you traceroute there. It often helps tracing behind firewalls.
First lets have a look at the output and review the options:
- root@666:~# itrace -h
- itrace: invalid option -- 'h'
- Usage: itrace [-vn] [-pX] [-mX] [-tX] -i<dev> -d<destination>
- -v verbose
- -n reverse lookup IPs
- -pX send X probes (default=3)
- -mX maximum TTL (default=30)
- -tX timeout X sec (default=3)
- -i<dev> use this device
- -d<des> trace to this destination
As you can see the usage options are pretty self explanatory.
Lets do a example:
- root@666:~# itrace -v -n -i eth0 -d 192.168.1.1
- Tracing with ICMP Echos to 192.168.1.1
- Timeout 3, interface eth0
- Probes 3, maximum TTL 30
- 1(1) pfsense.local [192.168.1.1] (reply)
That is internal example going to my firewall.
If the site denies ICMP requests you will just get a timeout:
- root@666:~# itrace -v -n -i eth0 -d question-defense.com
- Tracing with ICMP Echos to 67.18.189.254
- Timeout 3, interface eth0
- Probes 3, maximum TTL 30
- 1(1) Timeout
- 1(2) Timeout
- 1(3) Timeout
- 1(all) Timeout
- 2(1) Timeout
- 2(2) Timeout
- 2(3) Timeout
- 2(all) Timeout
- 3(1) Timeout
- 3(2) Timeout
- 3(3) Timeout
- 3(all) Timeout
- 4(1) Timeout
- 4(2) Timeout
- 4(3) Timeout
- 4(all) Timeout
- 5(1) Timeout
- 5(2) Timeout
- 5(3) Timeout
- 5(all) Timeout
Obviously the tool is not useful in every situation but icmp requests can be used in a number of different ways during a penetration test and itrace can help.
1 Comment