NTmaps - Network Mapping & Modeling

TraceNET (version 2.1)

Copyright:

  • Freely available for non-commercial research and educational purposes
  • tracenet version 2.1 Copyright (c) 2013 Mehmet Engin Tozal
  • Distributed under the Creative Commons Attribution-NonCommercial 3.0 Unported License
  • Please send your suggestions and patches to metozalemATlouisianaemDOTedu


Download: TraceNET


New and Noteworthy:

  • Substantial enhancement in the underlying framework including improved efficiency, stable and easy-to-use API, optional fixed-flow-ID probing, record route and loose source routing support
  • Richer output information and input parameters
  • Concurrency support via multi-threading
  • Enhanced subnet inference and subnet mask estimation
  • Target file input for batch processing
  • Adoption of fixed-flow-identifier whenever the probe destinations do not change. Note that subnet inference with active probing cannot be completely immune to flow based load balancing
  • Alternative subnet provision if there is one
  • Ability to return the Local Area Network (LAN) information


System Requirements and Notes:

  • Tested on 32 bits Linux systems (Ubuntu, Fedora, PlanetLab)
  • make tool automatically compiles with g++ -m32 flag to create legitimate executables on 64 bits systems as well. Please make sure gcc-multilib and g++-multilib are installed on 64 bits systems. Note that running the tool on virtual machines may require configuring host/guest system firewalls and virtual interfaces.
  • Some systems require the user to have root privileges in order to generate ICMP messages. In such a case, use sudo command
  • Please make sure ICMP messages from/to your host are not filtered out by local firewalls


How to Compile and Run:

  1. > cd download_location_on your_computer
  2. > tar xzf tracenetV2.0.tar.gz
  3. > cd tracenet/Release
  4. > make clean
  5. > make all
  6. Just run the executable created in the "Release" folder, e.g., "sudo ./tracenet -t www.google.com"
    Note that you can also copy the executable to a folder on the PATH list such as /usr/bin or create a symbolic link.


Sample Output:

# sudo ./tracenet -d www.louisiana.edu
Destination IP   Hop     Target IP        Pivot IP         SPC  SIC    Network Number      Size   :   [ Subnet IP Address - Hop Distance List ]  [ IP Alias Pair ]
---------------  ---     ---------------  ---------------  ---  ---    ------------------  ----   :   ------------------------------------------  -----------------
130.70.132.67    01      10.110.95.1      10.110.95.1      0    0      10.110.95.0/24      N/A    :   /* Local Area Network (LAN), System information */
130.70.132.67    02      129.110.83.42    129.110.83.42    5    2      129.110.83.42/31    2      :   [129.110.83.43 - 1, 129.110.83.42 - 2]  [ 129.110.83.43 | 10.110.95.1 ]
130.70.132.67    03      129.110.82.108   129.110.82.108   5    3      129.110.82.108/31   2      :   [129.110.82.109 - 2, 129.110.82.108 - 3]  [ 129.110.82.109 | 129.110.83.42 ]
130.70.132.67    04      129.110.5.97     129.110.5.97     5    8      129.110.5.96/29     3      :   [129.110.5.99 - 4, 129.110.5.96 - 4, 129.110.5.97 - 4]  [ N/A ]
130.70.132.67    05      129.110.5.86     129.110.5.86     5    10     129.110.5.86/31     2      :   [129.110.5.87 - 5, 129.110.5.86 - 5]  [ N/A ]
130.70.132.67    06      129.110.5.65     129.110.5.65     6    8      129.110.5.64/29     3      :   [129.110.5.70 - 5, 129.110.5.67 - 6, 129.110.5.65 - 6]  [ 129.110.5.70 | 129.110.5.86 ]
130.70.132.67    07      208.76.227.223   208.76.227.223   5    2      208.76.227.222/31   2      :   [208.76.227.222 - 6, 208.76.227.223 - 7]  [ 208.76.227.222 | 129.110.5.65 ]
130.70.132.67    08      74.200.187.21    74.200.187.21    6    5      74.200.187.20/30    2      :   [74.200.187.22 - 8, 74.200.187.21 - 9]  [ 74.200.187.22 | 208.76.227.174 ]
130.70.132.67    09      74.200.187.6     74.200.187.5     9    5      74.200.187.4/30     2      :   [74.200.187.6 - 9, 74.200.187.5 - 10]  [ 74.200.187.6 | 74.200.187.6 ]
130.70.132.67    10      74.200.187.5     74.200.187.5     6    5      74.200.187.4/30     2      :   [74.200.187.6 - 9, 74.200.187.5 - 10]  [ 74.200.187.6 | 74.200.187.6 ]
130.70.132.67    11      208.100.127.34   208.100.127.34   6    3      208.100.127.32/30   2      :   [208.100.127.33 - 11, 208.100.127.34 - 12]  [ 208.100.127.33 | 74.200.187.5 ]
130.70.132.67    12      *                N/A              N/A  N/A    N/A                 N/A    :   /* Cannot carry out subnet inference. Unresponsive host, i.e., anonymous, to indirect probes on the path */
130.70.132.67    13      *                N/A              N/A  N/A    N/A                 N/A    :   /* Cannot carry out subnet inference. Unresponsive host, i.e., anonymous, to indirect probes on the path */
130.70.132.67    14      *                N/A              N/A  N/A    N/A                 N/A    :   /* Cannot carry out subnet inference. Unresponsive host, i.e., anonymous, to indirect probes on the path */
130.70.132.67    15      *                N/A              N/A  N/A    N/A                 N/A    :   /* Cannot carry out subnet inference. Maximum consecutive anonymous IP address limit is reached */
			


Input Parameters:

Short Form    Long FormDescription
-d--destinationFinal destination IP address or host name.
-e--interfaceInterface name through which probing/response packets exit/enter (default is the first non-loopback IPv4 interface in the active interface list). Use this option if your machine has multiple network interface cards and you opt for one interface over the others.
-h--start-hopInclusive starting trace collection hop distance (default is 1).
-j--end-hopInclusive ending trace collection hop distance (default is 64). Trace collection automatically stops if the final destination is reached.
-m--attention-messageProbe attention message (default is "NOT an ATTACK"). This maximum 64 bytes long message is put into all probe packets. In case of batch processing having a message with your email address helps ISP network administrators to understand your purpose and contact with you if needed. Suggested message for batch processing is "NOT an ATTACK Packet belongs to AAAAA project at BBBBB contact CCCCC".
-p--protocolProbing protocol [icmp|udp|tcp] (default is icmp). Note that routers are more responsive to ICMP probing.
-n--use-network-addressAssume network address, i.e., the address ending with all zeros, as an assignable IP address [true|false] (default is true). Although for prefix lengths less than 31, network address, i.e., the address ending with all zeros, and broadcast address, i.e., the address ending with all ones, are suggested not to be assigned to interfaces, some administrators tend to utilize network addresses.
-i--input-fileInput file path (one IP per line, optionally comma or tab separated middle ttl). Lines starting with the sharp (#) symbol are skipped as they are considered to be comments. It is suggested to shuffle the IP addresses in advance to reduce the risk of being considered as a DoS attack.
-o--output-fileOutput file path (default is the console itself). Warnings are printed out on a single line starting with the sharp (#) symbol.
-r--resolve-host-namesUse reverse DNS to resolve host names and show them along with subnet IP addresses [true|false] (default is false). If an IP address has an associated name it is shown in parentheses next to the IP address, otherwise an empty parentheses is shown.
-l--explore-lan-explicitlyDiscover the IP addresses in the Local Area Network (LAN) [true|false] (default is false). If not true, the program gets the local area network information directly from the system rather than through inference.
-c--concurrencynumber of concurrent threads, only applicable with -i option (default is 6).
-f--fix-flow-idUse stable flow ID whenever possible [true|false] (default is true). Takes advantage of fixed flow ID against load balancers as in paris-traceroute whenever the destination address does not change.
-a--show-alternativesshow alternative subnets if they exist [true|false] (default is true).
-w--probe-timeout-periodMaximum milliseconds amount to wait for a probe reply (default is 2500). If you think that the RTT to the destination is more than the default value then increase it.
-z--probe-regulating-period    Minimum milliseconds amount to wait between two immediately consecutive probes (default is 50). Useful when routers apply rate limiting.
-g--debugEnable debug.
-v--versionPrint program version.
-?--helpHelp


Output Information:

Column    Description
Destination IPDestination IP address given to the program as input.
HopHop distance to the discovered subnet from the vantage point.
Target IPThe IP address that is encountered at a particular hop. This column is an exact equivalent of the output of the classical traceroute (or paris-traceroute) tool.
Pivot IPAn IP address that belongs to the subnet on the path. It is used internally by the subnet inference mechanism.
SPCSubnet Positioning Cost is the number of probes used to determine the hop distance to the target subnet and to designate a pivot IP address.
SICSubnet Inference Cost is the number of probes used to infer the target subnet. Note that the total cost depends on many factors including the target subnet configuration, number of unused/unresponsive IP addresses and the number of exterior IP addresses probed before encountering a stopping condition.
Network NumberThe network number that represents the target subnet. It is generated by setting all non-masking bits to zero.
SizeNumber of IP addresses within the target subnet.
[Subnet IP Address List ]   List of IP addresses within the target subnet and their hop distances from the vantage point.
[IP Alias Pair]Two IP addresses that are located on the ingress router of the target subnet. This extra information can be used for router inference.
AlternativeThe alternative subnet that is possible to be the target subnet as well. This is optional and appears at a new line on the console delimited by tilde (instead of colon) and curly braces (instead of brackets). To auto-process the output, the alternative subnet (if exists) is displayed on a separate line below the inferred subnet and starts with a number of spaces (indentation) followed by the keyword "Alternative" and then the alternative subnet number, IP address list, and alias pair follows. Depending on your project you can investigate further to decide the true target subnet however, the program suggests the inferred one by default.