Upload File

how traceroute explains the internetjkristof/tdc563/chinog05-traceroute.pdf · chi-nog 05 john...

  • Home
  • Documents
  • How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),
17
CHI-NOG 05 John Kristoff 1 How Traceroute Explains the Internet John Kristoff [email protected]

Upload: others

Post on 14-Aug-2020

6 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 1

How TracerouteExplains the Internet

John [email protected]

mailto:[email protected]
Page 2: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 2

History

• Van Jacobson releases traceroute.tar.Z

To: [email protected], [email protected] Subject: 4BSD routing diagnostic tool available for ftp Date: Tue, 20 Dec 88 05:13:28 PST From: Van Jacobson

mailto:[email protected]
mailto:[email protected]
Page 3: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 3

Traceroute Operational Review

Page 4: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 4

UDP Traceroute

• Also known as UNIX traceroute

• ICMP TTL exceeded responses to ICMP messages?

• Probes initialize to an unlikely UDP destination port

• Default begins at 33434

• Incremented for each probe packet

• An ICMP port unreachable from the target is the goal

Page 5: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 5

ICMP Traceroute

• Most commonly associates with Microsoft Windows

• Sends ICMP echo request probes

• An ICMP echo response from the target is the goal

• NOTE: ICMP TTL exceeded messages not a problem

• But filtering and probe response suppression can be

Page 6: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 6

Anomaly: Multi-path$ traceroute www.chinog.orgtraceroute to www.chinog.org (74.208.62.118), 30 hops max, 60 byte packets

...

4 te0-3-0-2.agr22.ord01.atlas.cogentco.com (154.24.4.41) 1.422 ms te0-3-0-2.agr21.ord01.atlas.cogentco.com (154.24.4.37) 1.175 ms te0-3-0-2.agr22.ord01.atlas.cogentco.com (154.24.4.41) 1.329 ms 5 be2524.ccr42.ord01.atlas.cogentco.com (154.54.81.109) 1.475 ms be2521.ccr41.ord01.atlas.cogentco.com (154.54.80.253) 1.710 ms be2522.ccr42.ord01.atlas.cogentco.com (154.54.81.61) 1.455 ms

13 perfora.net (74.208.62.118) 17.273 ms 17.490 ms 17.276 ms

Page 7: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 7

Anomaly: Missing Hop(s)$ traceroute -n facebook.comtraceroute to facebook.com (173.252.120.6) ...

...

7 31.13.25.32 34.084 ms 31.13.25.106 34.137 ms 31.13.27.40 33.957 ms 8 204.15.23.247 33.548 ms 31.13.27.133 33.785 ms 173.252.64.65 33.694 ms 9 * * *10 * * *11 173.252.120.6 33.786 ms 33.570 ms 33.614 ms

Page 8: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 8

Anomaly: Unresponsive Target

$ traceroute -n -q1 www.northwestern.edutraceroute to www.northwestern.edu (129.105.215.254), 30 hops max, 60 byte packets

...

4 199.249.169.5 0.884 ms 5 129.105.247.224 1.418 ms 6 129.105.253.153 1.682 ms 7 129.105.247.97 2.006 ms 8 * 9 *10 *11 *12 *

Page 9: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 9

Hack: Uncovering a Target

$ sudo traceroute -T -n -q1 www.northwestern.edutraceroute to www.northwestern.edu (129.105.215.254), 30 hops max, 60 byte packets

...

4 199.249.169.5 0.797 ms 5 129.105.247.224 1.026 ms 6 129.105.253.153 1.662 ms 7 129.105.247.97 655.220 ms 8 129.105.46.196 1.896 ms 9 129.105.215.254 1.996 ms

Page 10: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 10

Feature: MPLS option

traceroute -en -q1 www.google.comtraceroute to www.google.com (64.233.160.99), 30 hops max, 60 byte packets

...

6 209.85.254.120 1.529 ms 7 209.85.254.238 <MPLS:L=284331,E=4,S=1,T=1> 18.373 ms 8 209.85.251.18 <MPLS:L=319427,E=4,S=1,T=1> 18.165 ms 9 72.14.236.1 <MPLS:L=770010,E=4,S=1,T=1> 21.186 ms10 209.85.248.7 19.892 ms11 64.233.160.99 16.332 ms

Page 11: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 11

Feature: Visualization (geoloc)

Page 12: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 12

Hack: Peer Discovery

Page 13: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 13

Hack: Reverse Traceroute

Page 14: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 14

Let's Take Stock

• Key figures, organizations, mailing lists, software

• Routers+routing, forwarding, and loop prevention

• ASNs, BGP peering policies, asymmetric paths

• UDP (TCP), source+destination ports, ICMP

• Domain name system, naming conventions

• Packet filtering and security policies

• Performance, round trip time, geo-location

Page 15: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 15

...and much more

• IP headers and options

• ARP, MPLS, IPv4 versus IPv6

• An interface versus a host

• NAT

• Applications (ports)

• Router CPU protection,rate limiting

• ...and even the end-to-end argument

Page 16: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 16

A bit of a stretch? Maybe not

• IP multicast

• DDoS

• Buffering, congestion avoidance and flow control

• CoS/QoS

• PKI – OK, maybe this one is a bit of a reach

Page 17: How Traceroute Explains the Internetjkristof/tdc563/chinog05-traceroute.pdf · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254),

CHI-NOG 05 John Kristoff 17

Conclusion: Some References

• Richard A Steenbergen (RAS)

• http://cluepon.net/ras/traceroute.pdf

• A Practical Guide to (Correctly) Troubleshooting with Traceroute, ARIN on-the-road, Orlando 2015

• http://kb.pert.geant.net/PERTKB/VanJacobsonTraceroute

• Traceroute Anomalies, Martin Erich Jobst

• Traceroute Probe Method and Forward IP Path Inference, Lukie, Hyun, Huffaker

• Reverse Traceroute, Bassett, et al.

http://cluepon.net/ras/traceroute.pdf
http://kb.pert.geant.net/PERTKB/VanJacobsonTraceroute

traceroute mac - Cisco · 2-450 Catalyst 3750 Switch Command Reference 78-15165-02 Chapter 2 Cisco IOS Commands traceroute mac ip traceroute mac ip Use the traceroute mac ip privileged

On the Bias of Traceroute Sampling: or, Power-Law …optas/papers/traceroute.pdf · 21 On the Bias of Traceroute Sampling: or, Power-Law Degree Distributions in Regular Graphs DIMITRIS

Reverse traceroute - web.njit.edunbg7/IHLPAssignments/Reverse Traceroute.pdf · it available at . edu. While traceroute runs as a stand-alone program issuing probes on its own behalf,

Disman Traceroute Mib

Use and Limits of Traceroute - Home | Internet2 · Use and Limits of Traceroute ... commercially and free, and traceroute/ping hybrids (MTR, ... • Understanding network latency

Imr id-cert-traceroute-12042013

Traceroute Assignment

KRISTOFF K.ROLL ENGLISH REVIEW...KRISTOFF K.ROLL - SOLOS REVIEW Carole Rieussec - L’étonnement sonore MOUVEMENT – 23 sept 14, Raphaëlle Tchamichian REVUE & CORRIGÉE N 98 –

Ivan Kristoff Magazine

Kinslayer by Jay Kristoff (Chapter 1)

Measuring the Internet: Featuring Traceroute

The Internet Measurement Toolbox - Peoplejustine/talk_ups.pdfReverse traceroute is a lot harder than forward traceroute We‟ve known since 1987 how to do forward traceroute. That

How Traceroute Explains the Internet - Team Cymru · CHI-NOG 05 John Kristoff 1 How Traceroute Explains the Internet John Kristoff [email protected]

RAS Traceroute N45

Traceroute - cluepon.netcluepon.net/ras/traceroute.pdf · Traceroute The Traceroute ... optimal paths, as well as troubleshoot network issues like packet loss and excessive latency

Web based visual traceroute

DISTRIBUTED TRACEROUTE APPROACH TO GEOGRAPHICALLY …aturing.umcs.maine.edu/~markov/connollythesis.pdf · DISTRIBUTED TRACEROUTE APPROACH TO GEOGRAPHICALLY LOCATING IP DEVICES by

ICMP Ping Tracerouterecom.blog.unq.edu.ar/.../Grupo5-presentacion-icmp-ping-traceroute.pdf · ICMP Ping Traceroute Carlos P´erez Dami´an Lopez Leandro Di Lorenzo Grupo 5 Redes de

Performance Routing Traceroute Reporting · Performance Routing Traceroute Reporting Feature Information for Performance Routing Traceroute Reporting Performance Routing Configuration

How Traceroute Explains the Internet - CHI-NOGchinog.org › wp-content › uploads › 2015 › 05 › How-Traceroute... · 2015-05-22 · CHI-NOG 05 John Kristoff 2 History •

Active Measurements: Traceroute - TU Berlin · PDF file2 Why Traceroute In IP, no explicit way to determine route from source to destination (recall: ping is rtt to destination) traceroute:

NU Security Day 2005 John Kristoff - Northwestern University 1 Botnets, detection and mitigation: DNS-based techniques John Kristoff [email protected]

(Correctly) Troubleshooting with Traceroute

RAS Traceroute N47 Sun

Botnets by John Kristoff

Kristoff Leue’s presentation

How Traceroute Explains the Internet · CHI-NOG 05 John Kristoff 9 Hack: Uncovering a Target $ sudo traceroute -T -n -q1 traceroute to (129.105.215.254), 30 hops max, 60 byte packets

お手軽 OpenFlow Traceroute

IPD - October 18, 2001John Kristoff - DePaul University1 The Internet Protocol (IP) John Kristoff [email protected] +1 312 362-5878 DePaul University Chicago,

Traceroute Anomalies - TUM

IPD - October 29, 2002 John Kristoff - DePaul University 1 Computer and Network Security John Kristoff [email protected] +1 312 362-5878 DePaul University

IPD - November 3, 2001John Kristoff - DePaul University1 Computer and Network Security John Kristoff [email protected] +1 312 362-5878 DePaul University Chicago,

traceroute for VXLAN Layer-transcending · PDF fileLayer-transcending traceroute for VXLAN draft-nordmark-nvo3-transcending-traceroute-00 Erik Nordmark nordmark@

Ping and Traceroute Understanding

DDoS @ traceroute