2009
12.02

TCPTraceroute to Bypass the Firewall filters

Category: Networking, computer network security, information security, quick tips, security tools / Tag:  / Add Comment

Introduction

The first step for penetration testers is getting information about the system. Traceroute is a great tool for this purpose.

Traceroute shows the route between you and the target machine.  Linux has a command line utility called traceroute.

traceroute

traceroute uses UDP.

Windows has a tool called tracert.

tracert

tracert uses ICMP.

It is quite common for firewalls to be configured to block ICMP or UDP and thereby prevent Traceroute from returning useable information.

One program designed to get around this issue is Michael Toren’s TCPTraceroute.

TCPTraceroute uses TCP SYNpackets insted of ICMP or UDP and is able to bypass common firewall filters.

Installation

TCPTraceroute is currently available for only Linux. You can install on your debian based machine by using apt-get:

<p style=”background: black; color: white”>
</p>ISMAIL

sudo apt-get install tcptraceroute

Example

tcptraceroute

Summary

As a penetration tester to gain information about the target system, you need to be familiar with several tools. One of these tools is tcptraceroute. It can bypass most of the firewalls since it uses TCP unlike tracert and traceroute.

Post to Twitter Tweet This Post

1 comment so far

Add Your Comment
  1. Tweets that mention Information Security Blog » TCPTraceroute to Bypass the Firewall filters -- Topsy.com said: 2009.12.02 01:13

    [...] This post was mentioned on Twitter by Ismail Guneydas, Ismail Guneydas. Ismail Guneydas said: New Blog Post: TCPTraceroute to Bypass the Firewall filters: http://realinfosec.com/?p=358 [...]

Your Comment

Get Adobe Flash playerPlugin by wpburn.com wordpress themes