packages icon



 TCPTRACEROUTE(8)                                           TCPTRACEROUTE(8)
                                2001 July 31



 NAME
      tcptraceroute - A traceroute implementation using TCP packets

 SYNOPSIS
      tcptraceroute [-nFE] [ -i interface ] [ -f first ttl ]
      [ -l length ] [ -q number of queries ] [ -t tos ]
      [ -m max ttl ] [ -p source port ] [ -s source address ]
      [ -w wait time ] host [ destination port ] [ length ]

 DESCRIPTION
      tcptraceroute is a traceroute implementation using TCP packets.

      The more traditional traceroute(8) sends out either UDP or ICMP ECHO
      packets with a TTL of one, and increments the TTL until the
      destination has been reached.  By printing the gateways that generate
      ICMP time exceeded messages along the way, it is able to determine the
      path packets are taking to reach the destination.

      The problem is that with the widespread use of firewalls on the modern
      Internet, many of the packets that traceroute(8) sends out end up
      being filtered, making it impossible to completely trace the path to
      the destination.  However, in many cases, these firewalls will permit
      inbound TCP packets to specific ports that hosts sitting behind the
      firewall are listening for connections on.  By sending out TCP SYN
      packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to
      bypass the most common firewall filters.

      It is worth noting that tcptraceroute never completely establishes a
      TCP connection with the destination host.  If the host is not
      listening for incoming connections, it will respond with an RST
      indicating that the port is closed.  If the host instead responds with
      a SYN|ACK, the port is known to be open, and an RST is sent by the
      kernel tcptraceroute is running on to tear down the connection without
      completing three-way handshake.  This is the same half-open scanning
      technique that nmap(1) uses when passed the -sS flag.

 OPTIONS
      -n   Display numeric output, rather than doing a reverse DNS lookup
           for each hop.  Reverse lookups are never attempted on RFC1918
           address space, regardless of the -n flag.

      -f   Set the initial TTL used in the first outgoing packet.  The
           default is 1.

      -m   Set the maximum TTL used in outgoing packets.  The default is 30.

      -p   Use the specified local TCP port in outgoing packets.  The
           default is to obtain a free port from the kernel using bind(2).
           Unlike with traditional traceroute(8), this number will not
           increase with each hop.




                                    - 1 -         Formatted:  March 28, 2024






 TCPTRACEROUTE(8)                                           TCPTRACEROUTE(8)
                                2001 July 31



      -s   Set the source address for outgoing packets.  See also the -i
           flag.

      -i   Use the specified interface for outgoing packets.

      -q   Set the number of probes to be sent to each hop.  The default is
           3.

      -t   Set the IP type of service to be used in outgoing packets.  The
           default is to not set any type of service option.

      -F   Set the "don't fragment" bit in outgoing packets.

      -E   Send ECN SYN packets, as described in RFC2481.

      -w   Set the timeout, in seconds, to wait for a response for each
           probe.  The default is 3.

      -l   Set the total packet length to be used in outgoing packets.  If
           the length is greater than the minimum size required to assemble
           the necessary probe packet headers, this value is automatically
           increased.

      -d   Enable debugging, which may or may not be useful.

 EXAMPLES
      Please see the examples.txt file included in the tcptraceroute
      distribution for a few real world examples.

      To trace the path to a web server listening for connections on port
      80:

           tcptraceroute webserver

      To trace the path to a mail server listening for connections on port
      25:

           tcptraceroute mailserver 25

 BUGS
      No error checking is performed on the source address specified by the
      -s flag, and it is therefore possible for tcptraceroute to send out
      TCP SYN packets for which it has no chance of seeing a response to.

      Complete portability to other Unix systems has not been tested;
      specifically, tcptraceroute will not function on systems which modify
      the IP ID field of packets written to a raw socket.  As of the time of
      this writing, tcptraceroute is known to compile and function properly
      on Linux, OpenBSD, and FreeBSD systems.  If you run into complications
      on another platform, please let me know.




                                    - 2 -         Formatted:  March 28, 2024






 TCPTRACEROUTE(8)                                           TCPTRACEROUTE(8)
                                2001 July 31



 AUTHOR
      Michael C. Toren <mct@toren.net>

 AVAILABILITY
      For updates, please see:
           http://michael.toren.net/code/tcptraceroute/

 SEE ALSO
      traceroute(8), ping(8), nmap(1)













































                                    - 3 -         Formatted:  March 28, 2024