Provided by: netsniff-ng_0.6.0-1build2_amd64 bug

NAME

       astraceroute - autonomous system trace route utility

SYNOPSIS

       astraceroute [options]

DESCRIPTION

       astraceroute is a small utility to retrieve path information in a traceroute like way, but
       with additional geographical location information. It tracks the route of  a  packet  from
       the  local host to the remote host by successively increasing the IP's TTL field, starting
       from 1, in  the  hope  that  each  intermediate  node  will  send  an  ICMP  TIME_EXCEEDED
       notification back to the local host when the TTL value is decremented to 0.

       astraceroute supports IPv4 and IPv6 queries and will display country and city information,
       if available, the AS number the hop belongs  to,  and  its  ISP  name.  astraceroute  also
       displays timing information and reverse DNS data.

       Due  to  astraceroute's  configurability,  it  is also possible to gather some more useful
       information about the hop regarding what it does and does not allow to pass through.  This
       is  done  by using clear text strings for probing DPIs or ``great firewalls'' to determine
       if they will filter out blacklisted critical keywords. This tool might be a good start for
       further in-depth analysis of such systems.

OPTIONS

   -H <host>, --host <host>
       Hostname  or  IPv4  or IPv6 address of the remote host where the AS route should be traced
       to. In the case of an IPv6 address or host, option  ''-6''  must  be  used.  IPv4  is  the
       default.

   -p <port>, --port <port>
       TCP port for the remote host to use. If not specified, the default port used is 80.

   -i <device>, -d <device>, --dev <device>
       Networking device to start the trace route from, e.g. eth0, wlan0.

   -b <IP>, --bind <IP>
       IP  address to bind to other than the network device's address. You must specify -6 for an
       IPv6 address.

   -f <ttl>, --init-ttl <ttl>
       Initial TTL value to be used. This option might be useful if you are not interested in the
       first n hops, but only the following ones. The default initial TTL value is 1.

   -m <ttl>, --max-ttl <ttl>
       Maximum  TTL  value  to  be used. If not otherwise specified, the maximum TTL value is 30.
       Thus, after this has been reached astraceroute exits.

   -q <num>, --num-probes <num>
       Specifies the number of queries to be done on a particular hop. The  default  is  2  query
       requests.

   -x <sec>, --timeout <sec>
       Tells  astraceroute the probe response timeout in seconds, in other words the maximum time
       astraceroute must wait for an ICMP response  from  the  current  hop.  The  default  is  3
       seconds.

   -X <string>, --payload <string>
       Places  an  ASCII  cleartext  string  into  the  packet  payload.  Cleartext that contains
       whitespace must be put into quotes (e.g.: "censor me").

   -l <len>, --totlen <len>
       Specifies the total length of the packet. Payload that does not have a cleartext string in
       it is padded with random garbage.

   -4, --ipv4
       Use IPv4 only requests. This is the default.

   -6, --ipv6
       Use IPv6 only requests. This must be used when passing an IPv6 host as an argument.

   -n, --numeric
       Tells  astraceroute  to not perform reverse DNS lookup for hop replies. The reverse option
       is ''-N''.

   -u, --update
       The built-in geo-database update  mechanism  will  be  invoked  to  get  Maxmind's  latest
       version. To configure search locations for databases, the file /etc/netsniff-ng/geoip.conf
       contains possible addresses. Thus, to save bandwidth or for mirroring Maxmind's  databases
       (to bypass their traffic limit policy), different hosts or IP addresses can be placed into
       geoip.conf, separated by a newline.

   -L, --latitude
       Also show latitude and longitude of hops.

   -N, --dns
       Tells astraceroute to perform reverse DNS lookup for hop replies. The  reverse  option  is
       ''-n''.

   -S, --syn
       Use TCP's SYN flag for the request.

   -A, --ack
       Use TCP's ACK flag for the request.

   -F, --fin
       Use TCP's FIN flag for the request.

   -P, --psh
       Use TCP's PSH flag for the request.

   -U, --urg
       Use TCP's URG flag for the request.

   -R, --rst
       Use TCP's RST flag for the request.

   -E, --ecn-syn
       Use TCP's ECN flag for the request.

   -t <tos>, --tos <tos>
       Explicitly specify IP's TOS.

   -G, --nofrag
       Set IP's no fragmentation flag.

   -Z, --show-packet
       Show and dissect the returned packet.

   -v, --version
       Show version information and exit.

   -h, --help
       Show user help and exit.

USAGE EXAMPLE

   astraceroute -i eth0 -N -S -H netsniff-ng.org
       This  sends out a TCP SYN probe via the ''eth0'' networking device to the remote IPv4 host
       netsniff-ng.org. This request is most likely to pass. Also, tell astraceroute  to  perform
       reverse DNS lookups for each hop.

   astraceroute -6 -i eth0 -S -E -N -H www.6bone.net
       In  this  example, a TCP SYN/ECN probe for the IPv6 host www.6bone.net is being performed.
       Also in this case, the ''eth0'' device is being used as well as a reverse DNS  lookup  for
       each hop.

   astraceroute -i eth0 -N -F -H netsniff-ng.org
       Here, we send out a TCP FIN probe to the remote host netsniff-ng.org. Again, on each hop a
       reverse DNS lookup is being done and the queries are transmitted from  ''eth0''.  IPv4  is
       used.

   astraceroute -i eth0 -N -FPU -H netsniff-ng.org
       As  in most other examples, we perform a trace route to IPv4 host netsniff-ng.org and do a
       TCP Xmas probe this time.

   astraceroute -i eth0 -N -H netsniff-ng.org -X censor-me -Z
       In this example, we have a  Null  probe  to  the  remote  host  netsniff-ng.org,  port  80
       (default)  and  this  time,  we  append  the  cleartext string "censor-me" into the packet
       payload to test if a firewall or DPI will let this string pass. Such a trace could be done
       once  without,  and  once  with, a blacklisted string to gather possible information about
       censorship.

NOTE

       If a TCP-based probe fails after a number of retries, astraceroute will automatically fall
       back to ICMP-based probes to pass through firewalls and routers used in load balancing for
       example.

       To  gather  more  information  about  astraceroute's  displayed  AS  numbers,  see   e.g.:
       http://bgp.he.net/AS<number>.

BUGS

       The geographical locations are estimated with the help of Maxmind's GeoIP database and can
       differ from the real physical location.  To  decrease  the  possible  errors,  update  the
       database regularly using astraceroute's --update option.

       At some point in time, we need a similar approach to gather more reliable path information
       such as in the paris-traceroute tool.

       Due to the generic nature of astraceroute, it currently has a built-in mechanism  to  stop
       the trace after a fixed number of hops, since the configurable TCP flags can have anything
       included. It is possible to decrease this number of course.  In the future, if a SYN probe
       is  sent  out,  there  should  be  a listener so that we can stop the trace if we detect a
       handshake in progress.

LEGAL

       astraceroute is licensed under the GNU GPL version 2.0.

HISTORY

       astraceroute was originally written for the netsniff-ng toolkit by Daniel Borkmann. It  is
       currently   maintained   by  Tobias  Klauser  <tklauser@distanz.ch>  and  Daniel  Borkmann
       <dborkma@tik.ee.ethz.ch>.

SEE ALSO

       netsniff-ng(8), trafgen(8), mausezahn(8), ifpps(8), bpfc(8), flowtop(8), curvetun(8)

AUTHOR

       Manpage was written by Daniel Borkmann.

COLOPHON

       This page is part of the Linux netsniff-ng toolkit project. A description of the  project,
       and information about reporting bugs, can be found at http://netsniff-ng.org/.