A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Traceroute and Scapy Jeremy Druin @webpwnized (Hacking Illustrated Series InfoSec Tutorial Videos)

Traceroute and Scapy Jeremy Druin @webpwnized

    This is the 3rd in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers Traceroute and Scapy.

Details:

Video Tutorials: www.youtube.com/user/webpwnized
Video Index URL: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae 
YouTube Channel:  http://www.youtube.com/user/webpwnized
Twitter Updates: @webpwnized



Download from:
http://archive.org/download/TracerouteAndScapyJeremyDruinWebpwnized/TracerouteAndScapyJeremyDruinWebpwnized.avi 

Notes from Jeremy:

traceroute --help

Usage:
  traceroute [ -46dFITnreAUV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w waittime ] [ -q nqueries ] [ -s src_addr ] [ -z sendwait ] [ --fwmark=num ] host [ packetlen ]

Options:
  -f first_ttl  --first=first_ttl    Start from the first_ttl hop (instead from 1)
  -I  --icmp                          Use ICMP ECHO for tracerouting
  -T  --tcp                           Use TCP SYN for tracerouting (default port is 80)
  -i device  --interface=device        Specify a network interface to operate with
  -n                          Do not resolve IP addresses to their domain names
  -p port  --port=port        Set the destination port to use. It is either
                              initial udp port value for "default" method
                              (incremented by each probe, default is 33434), or
                              initial seq for "icmp" (incremented as well,
                              default from 1), or some constant destination
                              port for other methods (with default of 80 for
                              "tcp", 53 for "udp", etc.)
  -s src_addr  --source=src_addr    Use source src_addr for outgoing packets
  --sport=num                 Use source port num for outgoing packets. Implies `-N 1'
  -U  --udp                   Use UDP to particular port for tracerouting
                              (instead of increasing the port per each probe),
                              default port is 53

 
tcpdump -i eth0 -nn -vvv -s0 -X host www.example.com
 


traceroute <target>            UDP starting from high port
traceroute --icmp <target>        ICMP Echo Request
traceroute --udp <target>        UDP starting from 53 (default)
traceroute --udp --port=<port> <target>    UDP from <port>
traceroute --tcp --port=<port> <target>    TCP from <port>

Scapy

ls() - list all protocols
lsc() - list all commands
ls(<protocol>) - list details/properties of specific protocol
lsc(<command>) - list details of specific commands

ls                  : List  available layers, or infos on a given layer
sr                  : Send and receive packets at layer 3
traceroute          : Instant TCP traceroute

Build Packet:
    packet=IP(dst='<IP>')/TCP(
dport=80)

Show Packet:
    packet
    packet.show()
    packet.summary()

Send Packet:
    answered,unanswered=sr(packet)

Show Response
    answered.show()
    answered.summary()
    answered
    answered[0]

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast