Wednesday, November 30, 2005

Scapy - Better Traceroute?

Traceroute is kinda useful when troubleshooting network, and one of the function that you have in Scapy is Traceroute, the traditional traceroute which make use of icmp and udp or maybe dns no longer effective or accurate these days. Traceroute in Scapy by default uses tcp, this is more close to the current world implementation when more and more ISP discard or block icmp or udp by default. However you can actually use traceroute -P tcp to achive the same thing. Another reason why I like about Scapy's traceroute is that it able to do multiple traceroute simultanaeously by putting the hosts you want to traceroute in the list. To visualize the traceroute result in graphical view, you need imagemagick and graphviz.

Multiple tracerouting in actions.

This is the traceroute result displayed in graphical view by using graphviz and ImageMagick.

2 comments:

axnjxnind said...

That is some cool stuff. Now I'm going to have to install Scapy and try it myself. Thanks for the writeups.

C.S.Lee said...

Hi jrk, Scapy is a wondeful tool, since it has unlimited usage, hence you can use it for whatever purpose. However the most best thing about it is that you can almost discover new way of using Scapy and utilize it. Thanks for it's flexibilities :]