EXPERIMENT NO:- 1

AIM:
To study network reconnaissance using traceroute command.

Theory:
- Trace route is a computer network diagnostic tool for displaying the route (path) and
measuring transit delays of packets across an Internet Protocol (IP). Network the sum of
the mean times in each hop is a measure of the total time spent to establish the
connection.The command traceroute is available on many modern operating systems

- Network reconnaissance is a term for testing for potential vulnerabilities in a computer

network. This may be a legitimate activity by the network owner/operator, seeking to
protect it or to enforce its acceptable use policy. It also may be a precursor to external
attacks on the network.
- Certain apparent reconnaissance activities, which would be highly suspicious if coming
from outside the network, may be perfectly normal network performance and reliability
monitoring when performed inside the boundaries of the network. Some network
intrusion detection systems have difficulty in determining if a reconnaissance activity is
internal or external, and generate many false alarms causing fear, uncertainty and doubt.

- The tracert command is a Command Prompt command that used to show several details

about the path that a packet takes from the computer or device you on to whatever

destination you specify.

Tracert Command Syntax:

tracert [-d] [-h MaxHops] [-w TimeOut] [-4] [-6] target [/?]

-d = This option prevents tracert from resolving IP addresses to hostnames, often resulting in

much faster results.

-h MaxHops = This tracert option specifies the maximum number of hops in the search for the

target. If you do not specify MaxHops, and target has not been found by 30 hops, tracert will
stop looking.

-w TimeOut = You can specify the time, inmilliseconds, to allow each reply before timeout
using this tracert option.

-4 = This option forces tracert to use IPv4 only.

-6 = This option forces tracert to use IPv6 only.

target = This is the destination, either an IP address or hostname.

OUTPUT:

Figure 1

Figure 1 states the functioning of the trace route command; here we trace the route of
google.com

1. Command passed in CMD tracert www.google.com . Now the route will be traced in
maximum of 30hops. A hop can be defined as a one portion of the path between source and
destination. Data packets pass through bridges, routers and gateways as they travel between
source and destination. Each time packets are passed to the next network device, a hop occurs.

2. There are three columns first let is know the upload speed of packets i.e. (1ms). The second
column states the receiving packet while the third is the acknowledge packets.
* start shows that the packet is not send or received and gives the message of request time out.

Advantages:

Traffic Analysis

Non-evasive eavesdropping and monitoring of transmissions

Because data unaffected, tricky to detect

Emphasis on prevention (encryption) not detection

Sometimes referred to as tapping

Disadvantages:

Many of these attacks use ICMP or UDP packets to flood a given subnet.

In the case of DDoS attacks multiple machines may work in concert and the resultant
packets may cause the switch or router on which the affected subnet originates to process
an inordinate number of packets.

Conclusion:
Studied in detail trace route command by implementing .it Trace route gives the detail path that
the packet takes from the source to the destination, Tracert sends an ICMP echo packet.