Tool 64: Traceroute on a specified IP protocol (EthIp spoof)
Description:
This tool lists routers on the path to a computer.
How traceroute works: IP header contains a field named TTL indicating
the number of hops a packet can cross. Each router decreases TTL. When
it reaches 0, the router sends an ICMP Time Exceeded error back to the
IP source address. Traceroute works by slowly increasing TTL. So, we
obtain the list of successive routers because each one sends an ICMP
Time Exceeded.
This tool sends an IP only packet. There is no way to detect end (it
depends on protocol), so user has to interrupt tool at end.
This tool also permits to use fake Ethernet and IP addresses.
This tool may need to be run with admin privilege in order to sniff
and spoof.
Usage:
netwox 64 -i ip [-d device] [-E eth] [-e eth] [-I ip] [-p uint32] [-D mixed_data] [-T uint32] [-t uint32] [-m uint32] [-r|+r]
Parameters:
| parameter |
description |
example |
| -i|--dst-ip ip |
destination IP address |
5.6.7.8 |
| -d|--device device |
spoof device |
Eth0 |
| -E|--src-eth eth |
source ethernet address |
0:a:a:a:a:a |
| -e|--dst-eth eth |
destination ethernet address |
0:b:b:b:b:b |
| -I|--src-ip ip |
source IP address |
1.2.3.4 |
| -p|--protocol uint32 |
ip protocol |
1 |
| -D|--ip4-data mixed_data |
mixed data |
|
| -T|--min-ttl uint32 |
min ttl |
1 |
| -t|--max-ttl uint32 |
max ttl |
30 |
| -m|--max-ms uint32 |
max millisecond wait |
1000 |
| -r|--resolve|+r|--no-resolve |
resolve hostname |
|
Examples:
netwox 64 -i "5.6.7.8"
netwox 64 --dst-ip "5.6.7.8"