Detect a remote blocked port on the way or route using tracetcp | ISPexperts.com.np

Want create site? Find Free WordPress Themes and plugins.

Detect a blocked port

Here is a standard trace on port 80:

$ tracetcp www.ebay.co.uk

Tracing route to 66.135.192.41 [www.ebay.co.uk] on port 80
Over a maximum of 30 hops.
1       1 ms    1 ms    2 ms    192.168.0.1     [wintermute]
2       10 ms   9 ms    11 ms   10.78.128.1
3       10 ms   11 ms   8 ms    62.30.193.33    [gsr01-so.blueyonder.co.uk]
4       10 ms   9 ms    10 ms   172.18.14.45
5       14 ms   13 ms   14 ms   172.18.14.62
6       12 ms   13 ms   14 ms   194.117.136.18  [tele2-witt-pos.telewest.net]
7       12 ms   12 ms   14 ms   166.63.222.37   [zcr1-so-5-0-0.Londonlnt.cw.net]
8       182 ms  164 ms  164 ms  208.172.146.100 [dcr2-loopback.SantaClara.cw.net]
9       163 ms  163 ms  164 ms  208.172.156.198 [bhr1-pos-0-0.SantaClarasc8.cw.net]
10      165 ms  165 ms  167 ms  66.35.194.50    [csr1-ve243.SantaClarasc8.cw.net]
11      165 ms  165 ms  164 ms  66.35.212.190
12      168 ms  169 ms  169 ms  66.135.207.253
13      166 ms  169 ms  171 ms  66.135.207.174
14      *       *       *       Request timed out.
15      Destination Reached in 170 ms. Connection established to 66.135.192.41
Trace Complete.

If we do the same trace but this time we use port 135 we can see that it is
blocked after hop 2. This block was put in place by my ISP to try to limit the
damage being caused by a worm, that spread by exploiting a vulnerability in
DCOM.

$ tracetcp www.ebay.co.uk:135

Tracing route to 66.135.192.41 [www.ebay.co.uk] on port 135
Over a maximum of 30 hops.
1       1 ms    1 ms    1 ms    192.168.0.1     [wintermute]
2       10 ms   13 ms   9 ms    10.78.128.1
3       *       *       *       Request timed out.
4       *       *       *       Request timed out.
5       *       *       *       Request timed out.
6 ... continues until maximum number of hops reached.

Detect a transparent proxy

Many ISPs implement a transparent proxy for certain services (mostly http).
Usually these proxies are not visible to the user so it is not possible
determine if a connection problem is an issue with the remote host or the proxy.
Tracing to ftp.cdrom.com on port 21 (ftp) returns a complete route to the
server.

$ tracetcp ftp.cdrom.com:ftp

Tracing route to 207.250.14.6 on port 21
Over a maximum of 30 hops.
1       2 ms    1 ms    1 ms    192.168.0.1
2       9 ms    10 ms   8 ms    10.152.79.254
3       10 ms   33 ms   11 ms   62.253.122.137  [rdng-t2cam1-b-v102.inet.ntl.com]
4       27 ms   13 ms   10 ms   62.253.121.129  [winn-t2core-b-ge-wan61.inet.ntl.com]
5       12 ms   10 ms   9 ms    62.253.184.117  [win-bb-b-so-320-0.inet.ntl.com]
6       10 ms   11 ms   13 ms   62.253.185.201  [pop-bb-a-so-000-0.inet.ntl.com]
7       11 ms   9 ms    10 ms   212.113.14.129  [pos7-0.hsipaccess2.london1.level3.net]
8       11 ms   12 ms   11 ms   212.187.131.125 [so-4-0-0.mp2.london1.level3.net]
9       78 ms   76 ms   78 ms   212.187.128.153 [so-1-0-0.bbr2.newyork1.level3.net]
10      76 ms   75 ms   77 ms   64.159.17.104
11      85 ms   78 ms   93 ms   64.152.40.2     [us-nyc-c-r2-pos6-0.core.viatel.net]
12      78 ms   78 ms   81 ms   66.192.240.33
13      99 ms   97 ms   100 ms  168.215.53.41   [core-02-so-2-2-0-0.chcg.twtelecom.net]
14      123 ms  119 ms  118 ms  168.215.55.203  [dist-01-so-2-2-0-0.mpls.twtelecom.net]
15      119 ms  119 ms  119 ms  66.192.244.203  [hagg-01-ge-0-3-0-0.mpls.twtelecom.net]
16      119 ms  120 ms  120 ms  207.250.14.130
17      Destination Reached in 128 ms. Connection established to 207.250.14.6
Trace Complete.

Performing the same trace on port 80 (http) shows the the packets take quite
a different route after hop 2 and arrive at the proxy at hop 5. Note that the
proxy responds to with the same IP address as the requested host.

$ tracetcp ftp.cdrom.com:http

Tracing route to 207.250.14.6 on port 80
Over a maximum of 30 hops.
1       1 ms    1 ms    1 ms    192.168.0.1
2       11 ms   11 ms   10 ms   10.152.79.254
3       10 ms   10 ms   9 ms    62.253.122.9   [rdng-t2cam1-a-v102.inet.ntl.com]
4       11 ms   11 ms   10 ms   62.253.121.1   [winn-t2core-a-ge-wan61.inet.ntl.com]
5       Destination Reached in 10 ms. Connection established to 207.250.14.6
Trace Complete.

Scan for Blocked Outgoing Ports

While it is useful to see that a port is being blocked:

$ tracetcp www.ebay.co.uk:135

Tracing route to 66.135.192.41 [www.ebay.co.uk] on port 135
Over a maximum of 30 hops.
1       1 ms    1 ms    1 ms    192.168.0.1     [wintermute]
2       10 ms   13 ms   9 ms    10.78.128.1
3       *       *       *       Request timed out.
4       *       *       *       Request timed out.
5       *       *       *       Request timed out.
6 ... continues until maximum number of hops reached.

tracetcp can be used to scan a range of ports to find which are blocked and which are not. The command line seems a little complex so I’ll go though them all. We are scanning the range of ports 130-140 (-r 130 140). To speed things up the timeout is set to 0.5 seconds (-t 500). Condensed output mode is enabled (-c) or we will get screens full of output. Reverse DNS lookups are disabled (-n). Each packet we send has a TTL set to 3 (-h 3), is only sent for 1 hop (-m 1), and only 1 packet is sent per hop (-p).

Note that it doesn’t really matter what host is used for the trace as none of the packets will ever reach it as they will all expire before reaching the host.

$ tracetcp www.ebay.co.uk -h 3 -m 1 -p 1 -t 500 -c -r 130 140 -n
[66.135.192.41:130]  3  11 ms   62.30.193.33
[66.135.192.41:131]  3  11 ms   62.30.193.33
[66.135.192.41:132]  3  10 ms   62.30.193.33
[66.135.192.41:133]  3  10 ms   62.30.193.33
[66.135.192.41:134]  3  13 ms   62.30.193.33
[66.135.192.41:135]  3  *       Request timed out.
[66.135.192.41:136]  3  10 ms   62.30.193.33
[66.135.192.41:137]  3  *       Request timed out.
[66.135.192.41:138]  3  *       Request timed out.
[66.135.192.41:139]  3  *       Request timed out.
[66.135.192.41:140]  3  11 ms   62.30.193.33

By changing the command line slightly we can trace from hop 1 to 3 for each port (-h 1 -m 3) so as to determine at which hop the ports are blocked. Port 135 is block by my ISPs router at hop 2, and ports 137, 138, 139 are blocked by my own router at hop 1.

$ tracetcp www.ebay.co.uk -h 1 -m 3 -p 1 -t 500 -c -r 134 140 -n
[66.135.208.41:134]  1  1 ms    192.168.0.1
[66.135.208.41:134]  2  12 ms   10.78.128.1
[66.135.208.41:134]  3  10 ms   62.30.193.33

[66.135.208.41:135]  1  1 ms    192.168.0.1
[66.135.208.41:135]  2  10 ms   10.78.128.1
[66.135.208.41:135]  3  *       Request timed out.

[66.135.208.41:136]  1  1 ms    192.168.0.1
[66.135.208.41:136]  2  11 ms   10.78.128.1
[66.135.208.41:136]  3  9 ms    62.30.193.33

[66.135.208.41:137]  1  1 ms    192.168.0.1
[66.135.208.41:137]  2  *       Request timed out.
[66.135.208.41:137]  3  *       Request timed out.

[66.135.208.41:138]  1  1 ms    192.168.0.1
[66.135.208.41:138]  2  *       Request timed out.
[66.135.208.41:138]  3  *       Request timed out.

[66.135.208.41:139]  1  1 ms    192.168.0.1
[66.135.208.41:139]  2  *       Request timed out.
[66.135.208.41:139]  3  *       Request timed out.

[66.135.208.41:140]  1  1 ms    192.168.0.1
[66.135.208.41:140]  2  12 ms   10.78.128.1
[66.135.208.41:140]  3  187 ms  62.30.193.33

Источник: Detect a remote blocked port on the way or route using tracetcp | ISPexperts.com.np.

Did you find apk for android? You can find new Free Android Games and apps.

Detect a remote blocked port on the way or route using tracetcp | ISPexperts.com.np

Detect a blocked port

Detect a transparent proxy

Scan for Blocked Outgoing Ports

Поделиться ссылкой:

Автор: Иван Олянский

Похожие записи