The Traceroute tool displays a list of routers (Hop) that travel the packet to the destination. This tool is available on all Linux and Windows operating systems. This tool is also available on Mikrotik routers. Traceroute is often using to troubleshoot a network. By showing the routers traveled, this tool allows the user to see the path that must be taken to reach a specific goal on the network. In this article, we are going to teach you How to Use Traceroute to track packets on Nmap. It should note that if you want to buy a VPS server, you can see the packages available in Eldernode.
Table of Contents
Tutorial Use Traceroute to track packets on Nmap
One of the tools that network administrators and technicians always use to troubleshoot a network is Traceroute. Wherever there are disturbances such as Latency and Connectivity Issues within a network, Traceroute and Ping are two basic but effective tools that can help us solve the problem. If there is a problem with the connection between the two systems, Traceroute can first determine if there is a connection problem, and secondly, it can determine where the problem is! Traceroute typically uses Echo packets (belonging to the ICMP protocol) as well as different amounts of TTL (Time To Live).
Traceroute first starts sending packets with a TTL of 1. These packets reduce the TTL value by one unit after reaching the first HOP. Hence, the TTL value for these packets is zero. When the TTL value reaches zero, the packet is dropped first. Second, an error message is sent to the sender.
So far, RTT represents the time interval between the sender (the person who sent the packets and essentially the same person who executed the Traceroute command) and the first HOP. Because we set the TTL to 1.
In the next step, Traceroute starts sending packets with a TTL of 2. The purpose of this is to move our packets to the second HOP only. So after the packets start moving, they first go through the first HOP and their TTL decreases from 2 to 1. Then when the packets reach the second HOP, their TTL decreases from one to zero and as a result, an error message is sent to the sender. In this way, the transmitter understands the status of the RTT to the second HOP. Traceroute keeps doing this, increasing the TTL by one unit each time to understand the connection status and RTT of each HOP.
What is Traceroute and how does it work?
Traceroute is a utility in computer networks that you can access by typing Tracert in CMD. This tool allows you to check the route to the desired destination and possible errors.
When you communicate with other devices on a network, information or packets are sent through a number of network devices, such as routers, to the destination. Now if you connect two computers directly with a UTP cable, the packets are sent directly from one computer to another.
If you have access to a website on the Internet, traffic first passes through a router or local device. In other words, this traffic may pass through ISP routing devices, possibly neutral routers or devices connected to local and destination devices. Transferring packets between routing devices are called “hop”. So if you ping a website, it will be your first local router and the next-hops will be each router through which packets pass to reach the webserver.
In the continuation of this article, join us to show you How to Use Traceroute to track packets on Nmap with examples.
Use Traceroute to track packets on Nmap
Traceroute involves collecting information about intermediate routers through which traffic is transmitted from one point to another. It is interesting to note that most operating systems already acquire this feature using the “traceroute” command. Nmap also comes with additional tools in the Nmap NSE (Nmap Scripting Engine) suite.
An example of how Traceroute works with Nmap
In the following example, we are tracing the route from my device to Eldernode.com; It should note that the option -sn instructs Nmap to omit the default port scan since we aren’t interested to scan Eldernode.com ports but only the route, the option, or flag -Pn instructs Nmap to avoid the host discovery since we know the host is alive.
Note: The option –traceroute is using to trace all hops or intermediating routers.
nmap -sn -Pn --traceroute eldernode.com
By executing the above command, you will see that there are 16 devices (HOP) between my computer and the Eldernode.com server, which are specified in the HOP column.
You can also see the speed in milliseconds in the RTT column (return time or delay time) for each hop that includes a return from that HOP. It should be noted that this is very useful for diagnosing connection problems.
Note that the ADDRESS column shows the address of each router or hop device.
You can see in the image above that my first hopper is 192.168.0.1. It then goes to 7 routers. The eight routers are located in Buenos Aires, Argentina, and are owned by Claro Telecommunications, which delivers traffic to the next hop in Mexico. Then it goes to Miami, to a gblx.net router to finally get to the hosting service.
There are a total of 16 hops, but the RTT increases as the router passes.
How to Insert traceroute hops into the Nmap scan with NSE
In this section, we are going to look at how to Insert traceroute hops into the Nmap scan with NSE. It should note that the Nmap Scripting Engine includes scripts for managing tracking with the addition of great features. In this case, you can only use Nmap NSE to port scan all hop interfaces to reach linux.lat.
nmap --script targets-traceroute --script-args newtargets --traceroute linux.lat
1
2
3
Follow us to track all the hops to get to Eldernode.com:
nmap --script targets-traceroute --script-args newtargets --traceroute eldernode.com
4
5
6
7
8
9
10
11
12
With a little care in the images above, you can easily see that Nmap puts the information about the discovered hop ports on the port.
Conclusion
Traceroute is one of the most useful network tools used to test the availability of a host (server). This tool works like the ping tool with ICMP protocol, but there are many differences with ping. In Traceroute, unlike ping, which has nothing to do with routers on the network, every single router on the network, from the Internet Gateway to the router to the router before the destination server, is displayed as a single test and the result is displayed to you. This utility is often using to find communication problems between routers. In this article, we tried to teach you to step by step How to Use Traceroute to track packets on Nmap by giving an example.
