SLAC logo, click here to go to SLAC home page
Connect logo, click here to go to SLAC computer networking page

Traceroute Servers for HENP & ESnet

Les Cottrell, Created July 3, 1995, Last Update: April 14, 2021.

Page Contents
Introduction | Domain Names | Finding Host Information | Autonomous Systems | Security | Automated use of traceroute servers | Sites with web traceroute servers | Other places to look | Installing code for traceroute server | Archive of traceroutes from SLAC to hundreds of sites worldwide | Reporting problems with this web page
Related sites








--

Introduction

A very powerful tool for diagnosing network problems is traceroute. Traceroute, in its most basic form, allows you to print out a list of all the intermediate routers between two destinations on the Internet. For more details see: Traceroute protocols: ICMP, IP, UDP. There is an Overview with useful information.

Domain Names

You can look in International Country Codes to find top level domains for countries. Look in International E-mail Accessibility for how a country is connected.

You can use the Hurricane Electric Internet Service to find more about a domain.

Finding Host Information

To find the physical location of a host use the HostIP site or Geo IP Tool site or IP2location site or ipinfo.io site and and its Developers site or there is a web page giving the 10 Best IP Geo Location APIs. Whois lookup (pronounced who is look up) uses the Whois protocol for obtaining information about a domain or IP address. If you want to find the great circle distance and know the latitude and longitude coordinates of the two ends then you can use http://www.movable-type.co.uk/scripts/LatLong.html. World Gazeteer provides access to data with lat/longs, cities, countries & populations ( download data). If you know the city then you can use the Latitude and Longitude finder.

Well managed sites and ISPs maintain a list of email addresses such as abuse@ or postmaster@, that one can send email to, for example to complain about spam etc. This follows an Internet recommendation (RFC 2142). Try How to Find abuse contact information for a domain.

Autonomous Systems (AS)

You can view a table of Autonomous System (AS) number to name. The extensive Classless Internet Domain Routing (CIDR) Report provides links to much routing information and a form to review the entry for a specified AS. The Graphical AS Path. web page allows you to enter an IP address or name and see what AS's one passes through from it to other AS's in the world. UltraTools provides a lookup between ASN, IP address and name. Another relevant site is the Team Cymru IP to ASN mappig site. You can also use the route servers to make detailed analysis of Internet routing and connectivity issues. ASN Whois Lookup tool provides the ASN whois details. Just enter ASN number and find which company is using that ASN and whats the origin of that company. i.e., country, city, latitude, longitude, state, and more.

Security

Traceroute is a useful tool for a cracker to learn more about your site. Thus traceroute.pl rejects attempts to traceroute to a broadcast address, and does not allow a remote host name to be greater than 255 characters to prevent buffer overflow attempts. Versions of traceroute.pl since Jan 6, 2000 do not allow a remote host in a different domain to do a traceroute to a host within the same domain as the web server. Versions since April 4, 2000 limit the maximum number of traceroute processes running in the server to reduce the chance of a denial of service request. Versions since April 22, 2000 start the traceroute after 3 hops if the client/browser and server are in different domains in order to hide internal routing information from outsiders.

Most (Microsoft uses ICMP, and Linux allows an option to use ICMP) traceroutes by default send UDP probes, increasing the UDP port number (the default starting port number is 33434 and typically the port number is less than 33465)) by one for each of its probes (see the traceroute man pages). However, since the TTL starts low most of the packets would not be expected to reach the final remote host. However, if the remote host does not respond to the UDP probes, then the traceroute will keep trying to send probes (by default 3 times until the default 30 hop count max is exceeded). Hence the remote host or someone along the path may deduce that a port scan of the remote host is in progress. If you see a suspected port scan alert, for example from your firewall, with a series of a few tens of ports starting around 33450, coming from www.slac.stanford.edu or www4.slac.stanford.edu it is probably a reverse traceroute from our web based reverse traceroute server. If you were using our server to traceroute to yourself, please do NOT report this to us, since it will almost certainly be a waste of time for both of us. However, do feel free to contact us if you are sure that you weren't using our server yourself at the time of the apparent "scan" and you'd like us to attempt to track down who it was that was using our server to traceroute to your machine. For more on this issue see Traceroute and Security.

As of release 7.4 and beyond, the traceroute.pl script sanitizes the QUERY_STRING to guard against cross site scripting (XSS), see Preventing Cross-site Scripting Attacks.

UXN Spam Combat provides a very useful page for trying to find out more information (route, DNS etc.) of a host.

Automated Use of Traceroute Servers

If you are going to make automated use of the SLAC traceroute server (e.g. by using a Unix cron job), then please add an identifier and contact to the request URL that you are using to GET the traceroute. For example the URL should appear as:
http://www.slac.stanford.edu/cgi-bin/traceroute.pl?target=www.cern.ch&id=PINGER&contact=cottrell@slac.stanford.edu
where the id identifies your project (it should be possible to Google for the project) and somebody@slac.stanford.edu is replaced with the person we should contact in case of anomalous usage. This will help us when we look through the web logs for suspicous usage so we can quickly contact the appropriate people and not have to block access.

Other places to look for servers

There are also general traceroute servers around the world (e.g. from Geek Tools, Traceroute.org, Verio backbone) that allow you to trace the route from the server to any other node. Besides debugging this can be useful for understanding the topology of the Internet.

There are also some graphical tools for visualizing traceroutes that can be found by looking at An Atlas of Traceroutes.

Installing code for traceroute server

You will need a DNS registered web server that is scheduled up "all" the time.
  • Put traceroute.pl in your web server's CGI directory. This may require root priviledges.
  • Make it executable with the command
    • chmod a+x traceroute.pl
  • Test it by loading the URL http://yourwebserver/cgi-bin/traceroute.pl.

Archives

There is an archive of daily traceroutes from SLAC to hundreds of sites around the world going back to 2011.

Reporting problems with thie web page

eMail web page owner with details.
[ Feedback ] Locations of visitors to this page