TraceRoute: Better Results with TCP SYN
-
There has been some talk this week about doing "advanced traceroutes" using TCP SYN instead of ICMP requests in order to get better, faster results. I think that many people feel that this is new or advanced or somehow not something that we have always had. However, the standard traceroute tool has long been doing this and we need only be aware of how to use it which is as simple as the -T flag on the standard traceroute command in Linux (check your man pages for your specific version if this does not work and please report back so that we can document.)
Here is an example of a standard ICMP based traceroute, the default action:
$ traceroute yahoo.com traceroute to yahoo.com (98.138.253.109), 30 hops max, 60 byte packets 1 FIOS_Quantum_Gateway.fios-router.home (192.168.1.1) 1.127 ms 1.190 ms 1.319 ms 2 47.186.128.1 (47.186.128.1) 2.496 ms 4.023 ms 4.021 ms 3 172.102.51.152 (172.102.51.152) 7.062 ms 7.647 ms 7.634 ms 4 ae7---0.scr01.dlls.tx.frontiernet.net (74.40.3.17) 7.607 ms 7.605 ms 7.590 ms 5 ae0---0.cbr01.dlls.tx.frontiernet.net (74.40.4.14) 7.572 ms 7.555 ms 7.538 ms 6 exchange-cust2.da1.equinix.net (206.223.118.2) 7.521 ms 3.433 ms 3.231 ms 7 ae-3.pat2.dnx.yahoo.com (216.115.96.58) 34.136 ms ae-4.pat2.bfz.yahoo.com (216.115.97.207) 36.672 ms ae-3.pat2.dnx.yahoo.com (216.115.96.58) 35.558 ms 8 ae-6.pat2.nez.yahoo.com (216.115.104.116) 35.975 ms ae-6.pat1.nez.yahoo.com (216.115.104.118) 36.616 ms 36.612 ms 9 et-0-0-0.msr2.ne1.yahoo.com (216.115.105.179) 35.106 ms et-18-1-0.msr2.ne1.yahoo.com (216.115.105.185) 38.772 ms et-19-1-0.msr1.ne1.yahoo.com (216.115.105.27) 35.495 ms 10 et-1-0-0.clr2-a-gdc.ne1.yahoo.com (98.138.97.73) 37.470 ms et-19-1-0.clr2-a-gdc.ne1.yahoo.com (98.138.97.75) 37.845 ms et-1-0-0.clr1-a-gdc.ne1.yahoo.com (98.138.97.69) 36.016 ms 11 et-18-25.fab2-1-gdc.ne1.yahoo.com (98.138.0.93) 36.524 ms et-17-1.fab6-1-gdc.ne1.yahoo.com (98.138.93.5) 41.100 ms et-17-1.fab5-1-gdc.ne1.yahoo.com (98.138.93.1) 36.971 ms 12 po-17.bas1-7-prd.ne1.yahoo.com (98.138.240.20) 35.994 ms po-12.bas2-7-prd.ne1.yahoo.com (98.138.240.26) 33.088 ms po-16.bas2-7-prd.ne1.yahoo.com (98.138.240.34) 33.267 ms 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * *
And here is the same command using the -T command to switch from the default to TCP SYN packets instead, bypassing the commonly blocked ICMP protocols. Notice that this also requires elevated privileges to run because it can easily be used for a DoS attack.
$ sudo traceroute -T yahoo.com traceroute to yahoo.com (98.139.183.24), 30 hops max, 60 byte packets 1 FIOS_Quantum_Gateway.fios-router.home (192.168.1.1) 0.960 ms 1.096 ms 1.245 ms 2 47.186.128.1 (47.186.128.1) 4.399 ms 4.893 ms 4.893 ms 3 172.102.51.82 (172.102.51.82) 6.160 ms 6.548 ms 6.546 ms 4 ae7---0.scr01.dlls.tx.frontiernet.net (74.40.3.17) 4.878 ms 4.875 ms 4.873 ms 5 ae0---0.cbr01.dlls.tx.frontiernet.net (74.40.4.14) 5.650 ms 51.704 ms 52.083 ms 6 exchange-cust2.da1.equinix.net (206.223.118.2) 8.926 ms 5.519 ms 3.123 ms 7 xe-2-0-2.pat1.dce.yahoo.com (216.115.96.93) 29.173 ms 29.616 ms 29.617 ms 8 ae-8.pat1.bfz.yahoo.com (216.115.101.231) 42.673 ms ae-9.pat2.bfz.yahoo.com (216.115.101.199) 49.814 ms ae-0.pat1.bfy.yahoo.com (216.115.97.196) 42.649 ms 9 et-0-0-0.msr1.bf1.yahoo.com (74.6.227.129) 42.643 ms et-19-0-0.pat2.bfz.yahoo.com (216.115.97.105) 42.613 ms et-0-0-0.msr2.bf1.yahoo.com (74.6.227.137) 45.617 ms 10 et-0-1-1.clr2-a-gdc.bf1.yahoo.com (74.6.122.19) 42.619 ms et-19-1-0.msr1.bf1.yahoo.com (74.6.227.133) 42.044 ms et-19-0-1.clr1-a-gdc.bf1.yahoo.com (74.6.122.35) 40.177 ms 11 po8.fab4-1-gdc.bf1.yahoo.com (72.30.22.39) 41.775 ms UNKNOWN-74-6-122-X.yahoo.com (74.6.122.91) 41.214 ms po7.fab6-1-gdc.bf1.yahoo.com (72.30.22.11) 41.764 ms 12 po-13.bas2-7-prd.bf1.yahoo.com (98.139.129.211) 40.512 ms po-11.bas1-7-prd.bf1.yahoo.com (98.139.129.177) 40.907 ms po7.fab3-1-gdc.bf1.yahoo.com (72.30.22.5) 38.354 ms 13 ir2.fp.vip.bf1.yahoo.com (98.139.183.24) 37.887 ms 41.289 ms po-10.bas1-7-prd.bf1.yahoo.com (98.139.129.161) 39.821 ms
That's all that there is too it. Better results, faster.