I remember being so happy about 0trace when I started to write some Backtrack related articles because even though 0trace is fairly simple it is really useful to locate the full path to devices you are investigating. In the article below I will explain the necessary 0trace input from the command line, what needs to be done to complete a successful trace to a target using 0trace, and provide some example of devices in front of and behind a firewall blocking ICMP or traceroute requests.
Previously I wrote a brief article on 0trace in Backtrack 4 which can be located here however in the process of writing an updated article for Backtrack 5 I noticed that 0trace was no longer working. Every single time I would attempt to run an accurate trace through a firewall the results would come back empty and display “Probe rejected by target.” At first I was thinking maybe companies have really tightened down their firewalls however that didn’t make any sense because of how 0trace works using a standard port such as port 80 to allow traffic to pass because the servers function is to serve web pages. Below I describe the error in more detail and how you can resolve it.
TCtrace is like a brother to itrace and traceroute but it uses TCP SYN packets to trace. This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside. Once again its a very simple tool like the last few I have reviewed and it has one specific function.
The next tool up for review in the information gathering section is tcptraceroute. tcptraceroute is a traceroute implementation using TCP packets. The more traditional traceroute sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets are taking to reach the destination. The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.
Itrace is a fairly simple tool so this will be short and sweet. Itrace is a program that implements traceroute functionality using ICMP echo request packets. Therefore, it looks like you are just pinging your target while you traceroute there. It often helps tracing behind firewalls.