derez on 22 Oct 2005 14:51:03 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[tcptra-dev] Using tcptraceroute (was RE: Where to get libnet?)


Brian Hawkins wrote:
>
>I'm intending on using tcptraceroute to do some mapping of the
>internet for a class I'm taking and I don't want my activity to be seen as
an
>attack on a server.  There are a few known SYN attacks were
>the attacker tries to fill up the servers connections, but if what you say
is true
>and the computer running tcptraceroute sends back an RST this
>should not be a problem.

Might I offer that you take the tool and run it in a test environment with a
packet sniffer to see what it  does. It is always helpful to have a full
understanding of what it is doing especially when used for research. In
addition run a packet sniffer when using it as you may see wierd situations
and having additional data could help with analysis. I have seen strange
behaviour when dealing with layer 7 switches, load balancers, homemade
firewalls, etc. and having the additional data was helpful.

As far as the number of connections initiated, the operator has control over
that with the number of queries (-q) argument. I usually stick with the
default (3) as sometimes a particular hop takes time to find which can be
somewhat verified with the first response time that is larger than the other
two reponse times.

~derez


_______________________________________________
tcptraceroute-dev mailing list
tcptraceroute-dev@netisland.net
http://lists.netisland.net/mailman/listinfo/tcptraceroute-dev