astraceroute is a small utility to retrieve path information in a
traceroute like way, but with additional geographical location
information. It tracks the route of a packet from the local host to
the remote host by successively increasing the IP's TTL field,
starting from 1, in the hope that each intermediate node will send an
ICMP TIME_EXCEEDED notification back to the local host when the TTL
value is decremented to 0.
astraceroute supports IPv4 and IPv6 queries and will display country
and city information, if available, the AS number the hop belongs to,
and its ISP name. astraceroute also displays timing information and
reverse DNS data.
Due to astraceroute's configurability, it is also possible to gather
some more useful information about the hop regarding what it does and
does not allow to pass through. This is done by using clear text
strings for probing DPIs or ``great firewalls'' to determine if they
will filter out blacklisted critical keywords. This tool might be a
good start for further in-depth analysis of such systems.
-H <host>, --host <host>
Hostname or IPv4 or IPv6 address of the remote host where the AS
route should be traced to. In the case of an IPv6 address or host,
option ''-6'' must be used. IPv4 is the default.
-p <port>, --port <port>
TCP port for the remote host to use. If not specified, the default
port used is 80.
-i <device>, -d <device>, --dev <device>
Networking device to start the trace route from, e.g. eth0, wlan0.
-b <IP>, --bind <IP>
IP address to bind to other than the network device's address. You
must specify -6 for an IPv6 address.
-f <ttl>, --init-ttl <ttl>
Initial TTL value to be used. This option might be useful if you are
not interested in the first n hops, but only the following ones. The
default initial TTL value is 1.
-m <ttl>, --max-ttl <ttl>
Maximum TTL value to be used. If not otherwise specified, the maximum
TTL value is 30. Thus, after this has been reached astraceroute
-q <num>, --num-probes <num>
Specifies the number of queries to be done on a particular hop. The
default is 2 query requests.
-x <sec>, --timeout <sec>
Tells astraceroute the probe response timeout in seconds, in other
words the maximum time astraceroute must wait for an ICMP response
from the current hop. The default is 3 seconds.
-X <string>, --payload <string>
Places an ASCII cleartext string into the packet payload. Cleartext
that contains whitespace must be put into quotes (e.g.: "censor me").
-l <len>, --totlen <len>
Specifies the total length of the packet. Payload that does not have
a cleartext string in it is padded with random garbage.
Use IPv4 only requests. This is the default.
Use IPv6 only requests. This must be used when passing an IPv6 host
as an argument.
Tells astraceroute to not perform reverse DNS lookup for hop replies.
The reverse option is ''-N''.
The built-in geo-database update mechanism will be invoked to get
Maxmind's latest version. To configure search locations for
databases, the file /etc/netsniff-ng/geoip.conf contains possible
addresses. Thus, to save bandwidth or for mirroring Maxmind's
databases (to bypass their traffic limit policy), different hosts or
IP addresses can be placed into geoip.conf, separated by a newline.
Also show latitude and longitude of hops.
Tells astraceroute to perform reverse DNS lookup for hop replies. The
reverse option is ''-n''.
Use TCP's SYN flag for the request.
Use TCP's ACK flag for the request.
Use TCP's FIN flag for the request.
Use TCP's PSH flag for the request.
Use TCP's URG flag for the request.
Use TCP's RST flag for the request.
Use TCP's ECN flag for the request.
-t <tos>, --tos <tos>
Explicitly specify IP's TOS.
Set IP's no fragmentation flag.
Show and dissect the returned packet.
Show version information and exit.
Show user help and exit.
astraceroute -i eth0 -N -S -H netsniff-ng.org
This sends out a TCP SYN probe via the ''eth0'' networking device to
the remote IPv4 host netsniff-ng.org. This request is most likely to
pass. Also, tell astraceroute to perform reverse DNS lookups for each
astraceroute -6 -i eth0 -S -E -N -H www.6bone.net
In this example, a TCP SYN/ECN probe for the IPv6 host www.6bone.net
is being performed. Also in this case, the ''eth0'' device is being
used as well as a reverse DNS lookup for each hop.
astraceroute -i eth0 -N -F -H netsniff-ng.org
Here, we send out a TCP FIN probe to the remote host netsniff-ng.org.
Again, on each hop a reverse DNS lookup is being done and the queries
are transmitted from ''eth0''. IPv4 is used.
astraceroute -i eth0 -N -FPU -H netsniff-ng.org
As in most other examples, we perform a trace route to IPv4 host
netsniff-ng.org and do a TCP Xmas probe this time.
astraceroute -i eth0 -N -H netsniff-ng.org -X censor-me -Z
In this example, we have a Null probe to the remote host netsniff-
ng.org, port 80 (default) and this time, we append the cleartext
string "censor-me" into the packet payload to test if a firewall or
DPI will let this string pass. Such a trace could be done once
without, and once with, a blacklisted string to gather possible
information about censorship.
If a TCP-based probe fails after a number of retries, astraceroute
will automatically fall back to ICMP-based probes to pass through
firewalls and routers used in load balancing for example.
To gather more information about astraceroute's displayed AS numbers,
see e.g.: http://bgp.he.net/AS<number>.
The geographical locations are estimated with the help of Maxmind's
GeoIP database and can differ from the real physical location. To
decrease the possible errors, update the database regularly using
astraceroute's --update option.
At some point in time, we need a similar approach to gather more
reliable path information such as in the paris-traceroute tool.
Due to the generic nature of astraceroute, it currently has a built-
in mechanism to stop the trace after a fixed number of hops, since
the configurable TCP flags can have anything included. It is possible
to decrease this number of course. In the future, if a SYN probe is
sent out, there should be a listener so that we can stop the trace if
we detect a handshake in progress.
This page is part of the netsniff-ng (a free Linux networking
toolkit) project. Information about the project can be found at
⟨http://netsniff-ng.org/⟩. If you have a bug report for this manual
page, send it to email@example.com. This page was
obtained from the project's upstream Git repository
⟨git://github.com/netsniff-ng/netsniff-ng.git⟩ on 2017-03-13. If you
discover any rendering problems in this HTML version of the page, or
you believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
Linux 03 March 2013 ASTRACEROUTE(8)