SLAC logo, click here to go to SLAC home page
Connect logo, click here to go to SLAC computer networking page

Traceroute Servers for HENP & ESnet

Les Cottrell, Created July 3, 1995, Last Update: August 2, 2009.

Page Contents
Introduction | Domain Names | Finding Host Information | Autonomous Systems | Security | Automated use of traceroute servers | Sites with web traceroute servers | Other places to look | Installing code for traceroute server | Archives
Related sites








--

Introduction

A very powerful tool for diagnosing network problems is traceroute. Traceroute, in its most basic form, allows you to print out a list of all the intermediate routers between two destinations on the Internet. For more details see: Traceroute protocols: ICMP, IP, UDP. The Multiple Traceroute Gateway enables you to use several Public Traceroute Gateways at the same time. There is an Overview with useful information.

There are traceroute servers at several BaBar, HENP (High Energy and Nuclear Physics) and ESnet sites appearing that allow you to issue a traceroute from their Web server to your client.

Domain Names

You can look in International Country Codes or ISO-3166-1: The Code List to find top level domains for countries. Look in International E-mail Accessibility for how a country is connected.

You can use the Complete Whois web page or GeekTools to interrogate all whois servers or the Web interface to Whois or Whois Report to search for second-level domain names. SamSpade also provides easy access to some tools to find information on hosts.

You can use DNS Report to see how badly your DNS sucks.

Finding Host Information

To find the physical location of a host use the HosIIP site or Geo IP Tool site or IP2location site or AntiOnline or GeoLim (uses multilateration), or Octant from Cornell, or GeoBytes or Hostip.info or the commercial service IPAddressLabs. If you want to find the great circle distance and know the latitude and longitude coordinates of the two ends then you can use http://www.movable-type.co.uk/scripts/LatLong.html. World Gazeteer provides access to data with lat/longs, cities, countries & populations ( download data). If you know the city then you can use City Lat/Longs.

You can also use SamSpade to look up information on hosts, email addresses and other relevant information. GeekTools provides name server lookup for a host, or if you don't know the exact name try DomainSurfer. There is also an Atlas of Cyberspace that provides maps and graphic representations of the geographies of the new electronic territories of the Internet, the World-Wide Web and other emerging Cyberspaces and the Corpex sponsored Cyber Geography Research.

Well managed sites and ISPs maintain a list of email addresses such as abuse@ or postmaster@, that one can send email to, for example to complain about spam etc. This follows an Internet recommendation (RFC 2142). Some less helpful sites do not provide such services, for more on these, see RFC-ignorant.org. Try DNS Stuff site for the abuse contact for a domain, also see Abuse.net. The Composite Blocking List also keeps a list of addresses that are suspected of abusing and that have been blocked.

Autonomous Systems (AS)

You can view a table of Autonomous System (AS) number to name. The extensive Classless Internet Domain Routing (CIDR) Report provides links to much routing information and a form to review the entry for a specified AS. The Graphical AS Path (also see The Netlantis Project) web page allows you to enter an IP address or name and see what AS's one passes through from it to other AS's in the world. Fixed Orbit provides a form to find an AS given an IP or host name. You can also use the route servers to make detailed analysis of Internet routing and connectivity issues.

Security

Traceroute is a useful tool for a cracker to learn more about your site. Thus traceroute.pl rejects attempts to traceroute to a broadcast address, and does not allow a remote host name to be greater than 255 characters to prevent buffer overflow attempts. Versions of traceroute.pl since Jan 6, 2000 do not allow a remote host in a different domain to do a traceroute to a host within the same domain as the web server. Versions since April 4, 2000 limit the maximum number of traceroute processes running in the server to reduce the chance of a denial of service request. Versions since April 22, 2000 start the traceroute after 3 hops if the client/browser and server are in different domains in order to hide internal routing information from outsiders.

Most (Microsoft uses ICMP, and Linux allows an option to use ICMP) traceroutes by default send UDP probes, increasing the UDP port number (the default starting port number is 33434 and typically the port number is less than 33465)) by one for each of its probes (see the traceroute man pages). However, since the TTL starts low most of the packets would not be expected to reach the final remote host. However, if the remote host does not respond to the UDP probes, then the traceroute will keep trying to send probes (by default 3 times until the default 30 hop count max is exceeded). Hence the remote host or someone along the path may deduce that a port scan of the remote host is in progress. If you see a suspected port scan alert, for example from your firewall, with a series of a few tens of ports starting around 33450, coming from www.slac.stanford.edu or www4.slac.stanford.edu it is probably a reverse traceroute from our web based reverse traceroute server. If you were using our server to traceroute to yourself, please do NOT report this to us, since it will almost certainly be a waste of time for both of us. However, do feel free to contact us if you are sure that you weren't using our server yourself at the time of the apparent "scan" and you'd like us to attempt to track down who it was that was using our server to traceroute to your machine. For more on this issue see Traceroute and Security.

UXN Spam Combat provides a very useful page for trying to find out more information (route, DNS etc.) of a host.

Automated Use of Traceroute Servers

If you are going to make automated use of the SLAC traceroute server (e.g. by using a Unix cron job), then please add an identifier and contact to the request URL that you are using to GET the traceroute. For example the URL should appear as:
http://www.slac.stanford.edu/cgi-bin/traceroute.pl?target=www.cern.ch&id=PINGER&contact=cottrell@slac.stanford.edu
where the id identifies your project (it should be possible to Google for the project) and somebody@slac.stanford.edu is replaced with the person we should contact in case of anomalous usage. This will help us when we look through the web logs for suspicous usage so we can quickly contact the appropriate people and not have to block access.

Sites With Web traceroute Servers

Other places to look for servers

There are also general traceroute servers around the world (e.g. from Geek Tools, Traceroute.org, France, Israel, NetCopter in Walnut Creek N. California, Verio backbone) that allow you to trace the route from the server to any other node. Besides debugging this can be useful for understanding the topology of the Internet. The Abilene Core Mode Router Proxy also allows traceroutes to be made from the router to a host of your choosing.

There are also some graphical tools for visualizing traceroutes that can be found by looking at An Atlas of Traceroutes. VisualRoute also has several servers around the world allowing you to visually see routes from these servers to selected hosts.

Installing code for traceroute server

You will need a DNS registered web server that is scheduled up "all" the time.
  • Put traceroute.pl in your web server's CGI directory. This may require root priviledges.
  • Make it executable with the command
    • chmod a+x traceroute.pl
  • Test it by loading the URL http://yourwebserver/cgi-bin/traceroute.pl.

Archives

There are also beginning to be archives of traceroutes available from various Internet measurement projects including:
NLANR/AMP PingER/Traceping CSG/Surveyor

* This site allows you to make a traceroute to any selected host.
+ This site also provides ping measurements with the traceroute.
# This site can also provide AS information.
[ Feedback ] Locations of visitors to this page