My Blog List

Saturday, October 29, 2011

Tool: NeoTrace (Now McAfee Visual Trace)

NeoTrace is a diagnostic and investigative tool. It traces the network path across the Internet from the host system to a target system anywhere on the Internet. Automatic retrieval of data includes registration details for the owner of each computer on the route (address, phone, email address) and the network each node IP is registered to. Easy to read views of the data include a world map showing the locations of nodes along the route, a graph showing the relative response time of each node along the path, and a configurable list of node data.


In the screenshot shown above, we have done a traceroute for www.google.com The 3.20 version had node view, map view and list view. Note that the DNS entries have been retrieved for the various nodes and the map view allows the user to see relatively easily if a particular system is based geographically where it claims to be.

There are two aspects to traceroute - depth and breadth. There are two basic methods for searching graphs - breadth and depth. Breadth searches branch out examining all nodes within a certain hop distance, slowly increasing until the destination is discovered. Depth first search follows one path until it is exhausted, and then backs up slowly recalculating all the permutations of the preceding paths. Traceroute generates an UDP message to an unused port and sends this message with an increasing TTL value. The search ends when a port unreachable message is received.


There are many ICMP error messages that can be generated. One of these messages is ICMP port unreachable (since ports exist in TCP or UDP). However, the port unreachable message must be distinguished from such messages generated from different applications - such as from a packet filtering device

0 comments:

Post a Comment