Information Security

Backtrack 4: Information Gathering: Route: Tcptraceroute

The next tool up for review in the information gathering section is tcptraceroute. tcptraceroute is a traceroute implementation using TCP packets. The more traditional traceroute sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets are taking to reach the destination. The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.

Information Security

Backtrack 4: Information Gathering: Route: Netenum – Produce lists of hosts for other programs

The next tool up for review is the netenum script. Netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-sweep tools, but it’s simple. When giving a timeout, it uses ICMP echo request to find available hosts. If you don’t supply a timeout, it just prints an IP address per line, so you can use them in shell scripts.

Information Security

Backtrack 4: Information Gathering: Route: Lanmap – Passively map a network

Lanmap is one of those tools I never really used until now. Its actually very cool. Lanmap sits quietly on a network and builds a picture of what it sees and outputs it in svg,png or gif format. I let it run on a test network far a hour or so and was impressed with the output. The only drawback is that it doesn’t “see” through switches so it can only do the private subnet the computer is physically on.