Quite a number of people have been asking me about ipsrvtrace. It's a tool I wrote a few months ago, to investigate a service-specific black hole. (Packets to one net to port 80 didn't get through; packets to other ports or other nets did, and the network manager insisted that there were no firewalls or transparent proxies in the way.) Anyway -- the code is not (yet) released. It runs on NetBSD, FreeBSD, and OpenBSD; a variant runs on Linux, but I haven't folded the Linux changes back into the base version yet. If you need that sort of functionality today, use tcptraceroute, which you can find at http://michael.toren.net/tcptraceroute --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com
hping (www.hping.org or the FreeBSD Ports collection) can do tcp-based tracerouting too, and a lot of other nice/nasty things as well. Slides right past most non-stateful filtering. -- Barney Wolff "Nonetheless, ease and peace had left this people still curiously tough. They were, if it came to it, difficult to daunt or to kill; and they were, perhaps, so unwearyingly fond of good things not least because they could, when put to it, do without them, and could survive rough handling by grief, foe, or weather in a way that astonished those who did not know them well and looked no further than their bellies and their well-fed faces." J.R.R.T.
participants (2)
-
Barney Wolff
-
Steve Bellovin