Today I will work inside of my VM using Kali Linux and practice using traceroute. I will learn how to a signal travels the internet and back.

Lab Objective:

Learn how to use Traceroute in Linux to trace the route to a host.

 

Lab Purpose:

Traceroute is a monitoring command that is used to trace the route to a host. This is useful for finding out if the host is up, where the host is located, and how many hops the server is away from you.

 

Beginners’ version:

  • Get the complete path that a packet uses to reach its destination, without actually sending data (other than ICMP)

  • Discover the names and identity of routers and devices within the path

  • Find the time it took to send and receive data to each device on the path

 

Traceroute can also be used to map local networks. If you are conducting a security audit, you may be able to use traceroute from within a target network to gain an understanding of how the network is configured and what devices are on it.

 

Lab Tool:

Kali Linux

 

Lab Walkthrough:

 

Task 1:

To install traceroute on Kali Linux, open a terminal, and type the following:

sudo apt-get install traceroute

www.buymeacoffee.com/12f09d6d-ff85-41c4-a9dd-a00b8540b278" alt="Text Description automatically generated">

 

I will demonstrate how to use this tool in Kali Linux.

 

Begin by opening the terminal window. We can use “traceroute” for any host as it is considered public knowledge. We can use any site as our target site for this lab without being the “root” user.

 

Let use facebook.com.

traceroute facebook.com

www.buymeacoffee.com/940fa98a-8e4f-4d58-b35d-489f160124d5" alt="Text Description automatically generated">

You are able to see the Hostname and IP address in the first line. This was obtained by using the reverse DNS look up.

 

Whenever a packet is passed between a router, it is referred to as a hop

 

30 hops mean that traceroute will only route the first 30 routes between my system and the victim’s system. 30 is often too much; it usually ends in 3 to 15 hops, though it can sometime go deeper depending on the site’s security and lack of response.

 

 

The information in row 1 is the first router, possibly my AP, modem, router, etc. The next lines represent the ISP, and each line further down represents a router that’s further away.

 

6.980 ms  6.854 ms  6.750 ms – display the round trip time(s) for our packet to reach that point and return to my computer. It’s listed in milliseconds. Its three columns because the traceroute sends three separate signal packets. This is for display consistency-or a lack thereof-in the route.

www.buymeacoffee.com/ee24d949-a452-459e-833a-1a8a98877bb2" alt="Text Description automatically generated">

The numbers on the side are the first column and simply the number of the hop along the route

The asterisk marks*** means that the target system could not be reached. Requests timed out. The packets could not make it there and back: they may be reaching the target system but encountering problems on the return trip. The problems could be due to some kind of error or an intentional block due to a firewall or other security measures, and the block may affect tracing the route but not actual server connections.

 

The last line starting with edge shows the last destination, which has the same IP address as the first line

 

This is extremely useful for finding a whole range of information, all of which will be displayed during the trace. 

 

Closing Thoughts:

Traceroute is simple and easy to use when you want to understand network traffic. I understand the network path to facebook.com. I was able to see the path that the signal took as it traveled around the internet to the website. I now understand the reason why hackers use traceroute. Hackers uses traceroute because it assists them in gathering information about a specific network infrastructure and its IP ranges.

 

Hope you all enjoyed this lab! Now go practice this on your own!

https://anonbut1seeyou.wordpress.com/2021/09/15/day-6100daysofinfosec-using-traceroute-in-linux/