Network Footprinting with Traceroute

To undertake network footprinting, one must first obtain fundamental and vital information about the target organisation, such as what the organisation does, who works there, and what type of work they do. The answers to these questions reveal information about the target network's internal structure. 

Obtaining private IP addresses can be useful to attackers. Also, the attacker can obtain information about the network's structure and which machines are active by using the network range. Using the network range also aids in determining the network topology, access control device, and operating system utilised in the target network. 

To determine the network range of the target network, search the server IP address (as determined by Whois footprinting) in the APNIC Whois database search tool. To look for an IP address, go to the APNC website (https://wq.apnic.net//static/search.html). 

Incorrectly configured DNS servers give attackers a significant possibility of obtaining a list of internal machines on the server. Furthermore, if an attacker traces the path to a machine, the internal IP address of the gateway can be obtained, which can be valuable.

TRACEROUTE

Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the routers on the path to a target host. 

The Traceroute utility can show the path IP packets take between two systems. The utility may determine the number of routers through which packets pass, the round-trip time (RTT    ) (the time it takes for packets to travel between two routers), and, if the routers have DNS records, the names of the routers and their network affiliation. It can also pinpoint geographical locations. It works by utilising a TTL feature of the Internet Protocol. 

The TTL field specifies the maximum number of routers that a packet may pass through. Each router that handles a packet subtracts one from the TTL count field in the ICMP header. When the count reaches 0, the router discards the packet and sends an ICMP error message to the packet's originator. 

The utility logs the router's IP address and DNS name before sending another packet with a TTL of two. This packet passes past the first router before timing out at the next router in the path. This second router likewise returns an error message to the original host. 

Traceroute will keep doing this and recording the IP address and name of each router until a packet reaches the destination host or the host is determined to be unreachable. It records the time it takes for each packet to make a round trip to each router during the operation. 

Illustration of Traceroute

Finally, when it arrives at its destination, the sender will receive the standard ICMP ping answer. The utility assists in revealing the IP addresses of the intermediate hops in the route from the source to the target host. 

By default, the Windows operating system uses ICMP traceroute. Navigate to the command prompt and enter tracert followed by the destination IP address or domain name. Many network devices are commonly set to reject ICMP traceroute messages. An attacker in this scenario employs TCP or UDP traceroute, often known as Layer 4 traceroute. Navigate to the Linux Operating system terminal and enter tcptraceroute followed by the destination IP address or domain name or use traceroute to use UDP protocol for tracing. 

Here is an example of Traceroute from Windows:

Example of Traceroute

• Round-Trip Time (RTT) is displayed three times because for each HOP three packets are sent. 
• * means not being able to determine or packet loss

Path analyzer Pro, VisualRoute, Traceroute NG, and PingPlotter are important traceroute programs for determining the geographical location of routers, servers, and IP devices in a network. Such tools assist us in tracing, identifying, and monitoring network activities on a global scale. The following are some of the features of these tools:

• Hop-by-hop traceroutes
• Reverse tracing
• Historical analysis
• Packet Loss Reporting
• Reverse DNS
• Ping Plotting
• Port Probing
• Detect network problems
• Performance metrics analysis
• Network performance monitoring

You might be interested in, 

• Phases of Hacking
• Introduction to Footprinting - First Step to Hacking
• Information Obtained in Footprinting
• Objective and Threats of Footprinting
• Countermeasures of Footprinting
• Footprinting - First Step on Hacking (Summary) with Tools

We hope this helps. If you have any suggestions or doubts you can add a comment and we will reply as soon as possible.