Traceroute Servers for HENP & ESnet
Introduction | Domain Names | Finding Host Information | Autonomous Systems | Security | Automated use of traceroute servers | Sites with web traceroute servers | Other places to look | Installing code for traceroute server | Archive of traceroutes from SLAC to hundreds of sites worldwide | Reporting problems with this web page
Traceroute protocols: ICMP, IP, UDP.
There is an Overview
with useful information.
International Country Codes
to find top level domains for countries.
Look in International
E-mail Accessibility for how a country is connected.
You can use the Hurricane Electric Internet Service to find more about a domain.HostIP site or Geo IP Tool site or IP2location site or ipinfo.io site and and its Developers site or there is a web page giving the 10 Best IP Geo Location APIs. Whois lookup (pronounced who is look up) uses the Whois protocol for obtaining information about a domain or IP address. If you want to find the great circle distance and know the latitude and longitude coordinates of the two ends then you can use http://www.movable-type.co.uk/scripts/LatLong.html. World Gazeteer provides access to data with lat/longs, cities, countries & populations ( download data). If you know the city then you can use the Latitude and Longitude finder.
Well managed sites and ISPs maintain a list of email addresses such as abuse@ or postmaster@, that one can send email to, for example to complain about spam etc. This follows an Internet recommendation (RFC 2142). Try How to Find abuse contact information for a domain.Autonomous System (AS) number to name. The extensive Classless Internet Domain Routing (CIDR) Report provides links to much routing information and a form to review the entry for a specified AS. The Graphical AS Path. web page allows you to enter an IP address or name and see what AS's one passes through from it to other AS's in the world. UltraTools provides a lookup between ASN, IP address and name. Another relevant site is the Team Cymru IP to ASN mappig site. You can also use the route servers to make detailed analysis of Internet routing and connectivity issues. ASN Whois Lookup tool provides the ASN whois details. Just enter ASN number and find which company is using that ASN and whats the origin of that company. i.e., country, city, latitude, longitude, state, and more.
Most (Microsoft uses ICMP, and Linux allows an option to use ICMP) traceroutes by default send UDP probes, increasing the UDP port number (the default starting port number is 33434 and typically the port number is less than 33465)) by one for each of its probes (see the traceroute man pages). However, since the TTL starts low most of the packets would not be expected to reach the final remote host. However, if the remote host does not respond to the UDP probes, then the traceroute will keep trying to send probes (by default 3 times until the default 30 hop count max is exceeded). Hence the remote host or someone along the path may deduce that a port scan of the remote host is in progress. If you see a suspected port scan alert, for example from your firewall, with a series of a few tens of ports starting around 33450, coming from www.slac.stanford.edu or www4.slac.stanford.edu it is probably a reverse traceroute from our web based reverse traceroute server. If you were using our server to traceroute to yourself, please do NOT report this to us, since it will almost certainly be a waste of time for both of us. However, do feel free to contact us if you are sure that you weren't using our server yourself at the time of the apparent "scan" and you'd like us to attempt to track down who it was that was using our server to traceroute to your machine. For more on this issue see Traceroute and Security.
As of release 7.4 and beyond, the traceroute.pl script sanitizes the QUERY_STRING to guard against cross site scripting (XSS), see Preventing Cross-site Scripting Attacks.
UXN Spam Combat provides a very useful page for trying to find out more information (route, DNS etc.) of a host.
http://www.slac.stanford.edu/cgi-bin/traceroute.pl?target=www.cern.ch&id=PINGERfirstname.lastname@example.org the id identifies your project (it should be possible to Google for the project) and email@example.com is replaced with the person we should contact in case of anomalous usage. This will help us when we look through the web logs for suspicous usage so we can quickly contact the appropriate people and not have to block access.
There are also some graphical tools for visualizing traceroutes that can be found by looking at An Atlas of Traceroutes.