Tracert and tools

[bluecar1]

calling all network guru's

over on the webwise thread here we are looking for options on how to monitor the networks.

in particular we are looking for information on how to monitor routes through networks taken by icmp (ping , tracert), http and https traffic

with the view of monitoring when BT, VM or TT start trialing phorms webwise technology

as any proxied web traffic (both http and https) should take the same route, but webwise is only supposed to intercept http, so a sudden split of traffic would seem to indicate the kit is live

we want to watch for routing changes in particlar on http traffic indicating when the deep packet inspection kit is placed inline and whether the route changes if opted-in or out to determine whether opted out traffic is being inercepted / profiled

thanks in advance

peter

[rryles]

I'd suggest comparing three types of traceroute:

1. Traditional UDP
2. tcptraceroute to port 80
3. tcptraceroute to some other port

tcptraceroute is available for linux / mac as a separate tool. It's also built into the traceroute in very new linux distros (by using the -T switch).

http://michael.toren.net/code/tcptraceroute/

For windows there is tracetcp.

http://tracetcp.sourceforge.net/

[gnilddif]

Finally got it going thanks rryles.
In XP you must place the file <tracetcp.exe> in the System Path i.e. the path that appears when you load the command prompt window - in my case C:\Documents and Settings\Owner.
I also disabled Zone Alarm Pro (it doesn't work with that according to the author) and enabled the XP firewall (author says it works OK with that).
gnilddif

[Druchii]

Quote:

Originally Posted by gnilddif

Finally got it going thanks rryles.
In XP you must place the file <tracetcp.exe> in the System Path i.e. the path that appears when you load the command prompt window - in my case C:\Documents and Settings\Owner.
I also disabled Zone Alarm Pro (it doesn't work with that according to the author) and enabled the XP firewall (author says it works OK with that).
gnilddif

Also works when in %systemroot% folder and system32 folder.

[dev]

Quote:

Originally Posted by rryles

I'd suggest comparing three types of traceroute:

1. Traditional UDP
2. tcptraceroute to port 80
3. tcptraceroute to some other port

tcptraceroute is available for linux / mac as a separate tool. It's also built into the traceroute in very new linux distros (by using the -T switch).

http://michael.toren.net/code/tcptraceroute/

For windows there is tracetcp.

http://tracetcp.sourceforge.net/

problem with that is the phorm stuff would ignore the port 80 one as it wouldn't contain any HTTP traffic

easier test would be to just make a program that made a connection to a website, send the normal http request headers and dumped the response. If no phorm, the site data will be there, if phorm is setup then it'll have a redirection header returned

[bluecar1]

Quote:

Originally Posted by dev

problem with that is the phorm stuff would ignore the port 80 one as it wouldn't contain any HTTP traffic

easier test would be to just make a program that made a connection to a website, send the normal http request headers and dumped the response. If no phorm, the site data will be there, if phorm is setup then it'll have a redirection header returned

the profiler may ingnore the content, but the traffic will still be routed via the profiler, so i think it is still worth a shot

peter

[gnilddif]

Quote:

Originally Posted by dev

problem with that is the phorm stuff would ignore the port 80 one as it wouldn't contain any HTTP traffic

easier test would be to just make a program that made a connection to a website, send the normal http request headers and dumped the response. If no phorm, the site data will be there, if phorm is setup then it'll have a redirection header returned

Is this an easy program to write? Something that Dephormation Pete could rattle off in a few minutes?

I've learned how to save the data generated by tracetcp as a .txt file and will save a log from time to time. (As Paul H remarked on http://www.beta.bt.com/bta/forums/th...=1485&tstart=0
I too am grateful to phorm - they are helping me to understand how the internet works

g

[SimonHickling]

You could try the "Live HTTP Headers" add-on for Firefox. It gives you all the headers from the stream. So for instance when you navigate to http://bbc.co.uk you can see their 301 redirect to www.bbc.co.uk.

It would be possible to write a small standalone program to do this, but the add-on is there. It also allows you to look at the cookies people are trying to put on your PC (if you've got them blocked).

Oh, but be prepared for information overload

[gnilddif]

Thanks Simon. I've just installed that - now I must learn how to configure it and interpret the data
g

[SimonHickling]

If you need help with that just shout

Quote:

Originally Posted by Druchii

Also works when in %systemroot% folder and system32 folder.

If you want to place it anywhere else and be able to run it without typing the full path you can add the location to the "PATH" environmental variable.

Right click on My Computer, select Properties and then go the Advanced tab in the window that opens. Click on the Environmental Variables button and then edit the Path entry in the lower panel.

[Dephormation]

Quote:

Originally Posted by gnilddif

Is this an easy program to write? Something that Dephormation Pete could rattle off in a few minutes?

I've learned how to save the data generated by tracetcp as a .txt file and will save a log from time to time. (As Paul H remarked on http://www.beta.bt.com/bta/forums/th...=1485&tstart=0
I too am grateful to phorm - they are helping me to understand how the internet works

g

I've been a bit busy with letter writing of late

I did wonder about something like this. Using packet TTL somehow to work out the route.

Incidentally, you could conceive a similar technique, that would return masses of garbage from a web server into Phorm's profiler (but suitable TTL values would ensure it never reached the end user).

[gnilddif]

Over the last 2 or 3 days the Bt Beta forums have been very slow. Last night I did 2 tracetcp tests in immediate succession, immediately after getting a 6mbps speed test result from www.thinkbroadband.com:

To www.beta.bt.com:

Tracing route to 217.32.165.145 on port 80
Over a maximum of 30 hops.
1 67 ms 67 ms 67 ms 192.168.1.254 http://api.home
2 22 ms 20 ms 22 ms 217.47.74.143 http://esr4.miltonkeynes3.broadband.bt.net
3 21 ms 21 ms 19 ms 217.47.74.13
4 19 ms 21 ms 19 ms 217.47.112.6
5 19 ms 31 ms 21 ms 217.41.175.25
6 21 ms 21 ms 21 ms 217.41.175.66
7 22 ms 24 ms 20 ms 217.41.175.78
8 22 ms 20 ms 22 ms 217.41.175.46
9 22 ms 22 ms 22 ms 217.47.41.50
10 34 ms 149 ms 37 ms 194.72.31.85
11 20 ms 22 ms 22 ms 62.6.197.134 http://vhsaccess1-pos7-0.bletchley.fixed.bt.net
12 23 ms 23 ms 30 ms 217.32.244.70 http://ftip002587721-p.vhsaccess1.bl...xed-nte.bt.net
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 Destination Reached in 27 ms. Connection established to 217.32.165.145

and

Tracing route to 80.249.99.130 http://www.thinkbroadband.com on port 80
Over a maximum of 30 hops.
1 37 ms 35 ms 35 ms 192.168.1.254 http://api.home
2 19 ms 19 ms 19 ms 217.47.74.143 http://esr4.miltonkeynes3.broadband.bt.net
3 20 ms 22 ms 20 ms 217.47.74.13
4 25 ms 20 ms 20 ms 217.47.112.6
5 21 ms 19 ms 21 ms 217.41.175.25
6 21 ms 21 ms 19 ms 217.41.175.66
7 21 ms 21 ms 21 ms 217.41.175.78
8 21 ms 21 ms 19 ms 217.41.219.46
9 20 ms 22 ms 35 ms 217.47.154.83
10 22 ms 22 ms 22 ms 194.72.31.157 http://core2-pos9-2.bletchley.ukcore.bt.net
11 24 ms 23 ms 22 ms 62.6.201.97 http://core2-pos0-8-0-10.ealing.ukcore.bt.net
12 23 ms 21 ms 23 ms 62.6.201.86 http://core2-pos1-0-0.telehouse.ukcore.bt.net
13 24 ms 24 ms 69 ms 195.99.125.102
14 35 ms 24 ms 33 ms 213.152.254.52
15 24 ms 24 ms 22 ms 80.249.97.12 http://star1-core-rs3.test.ncuk.net
16 Destination Reached in 25 ms. Connection established to 80.249.99.130

Can anyone tell me please if that data can explain the slow speed on the BT forums?

gnilddif

[gnilddif]

That wasn't phrased very well. The lines

12 23 ms 23 ms 30 ms 217.32.244.70 http://ftip002587721-p.vhsaccess1.bl...xed-nte.bt.net
13 * * * Request timed out.

seem to hold a clue to the slow speeds. What sort of server is it that resolves to http://ftip002587721-p.vhsaccess1.bl...xed-nte.bt.net?
What's the difference between bletchley.fixed and bletchley.fixed-nte?
Or maybe that type of server is commonplace and the clue is hidden in
13 * * * Request timed out.

gnilddif

[bluecar1]

keep up the vigilance guys (and gals if any out there)

i have not seen any change in routes recently.

i am seeing slower be access, time it takes for pages to be displayed but once a page / server has been contacted everything speeds up,

i am a suspicious person by natures and still looking for the cause

peter