In this post we’ll review when it makes sense to use traceroute based on the TCP protocol. The primary reason to go with this option is that some administrators block ICMP, causing ICMP traceroute tests to fail. Let’s deep dive into this.
ICMP-based Traceroute
Every time I mention traceroute, I get a lot of people commenting that they are not able to perform one because ICMP, the protocol traceroute uses, is blocked or routed differently in their environment.
In the video below, I explain that a traceroute tool works by manipulating the IPv4 “Time to Live” value. Basically, you start at one and when it reaches zero, that layer three device (i.e router) will report via ICMP that “Time To Live” expired. The specific response may vary depending on your specific operating system or ping utility used. Many network and security administrators have been blocking ICMP for various reasons, so I went looking for traceroute utilities that would perform the same function, but use UDP or TCP.
TCP and UDP-based Traceroute Tools
After going through the process of looking for these tools, I figured it was time to do a quick overview of the 3 basic types of TCP traceroute tools that I use:
- Tracetcp is a free, portable, command line type tool. I am a big fan of command line tools since you have control over what it is exactly doing, can script them in a batch file, and finally, you can schedule them to run any time using your favorite scheduling program. Please note that this utility uses WinPcap, so make sure you have it installed.
- IPSwitch Whatsup Visual Traceroute is a free graphical tool. Graphical tools have their place as well since they are easy on the eyes and non-technical staff can easily use and interpret their findings. I did like the graphical topology map provided.
- NetBeez is a cloud based tool that you can get as a virtual appliance or Raspberry Pi format. You can find the virtual appliance and sign up here. The cloud base approach is becoming very popular since you can access to your reports from anywhere. One of the specific features I liked was the ability to configure the tests, as well as the email alerts.
All three behave completely different and I encourage you to try all three since you can probably use them all in different scenarios. I also suggest you baseline any tool you use to ensure that you understand how it behaves.