footprinting

traceroute is a tool that has two main purposes. the first use is to trace the path that your data is taking across a network. this "footprinting" of information can be used on a small local area network, or one that spans across the globe by way of the internet. the second element that traceroute provides is a way to measure latency between "hops" across the network that your data is traveling across by using ping response times. as you read further, the invaluable uses this tool has will become apparent.

using the icmp protocol (internet control message protocol), traceroute accomplishes both of its purposes by sending and receiving packets of data, commonly called data grams. here is a chart of the process that traceroute uses in its operation.

traceroute can be accessed from dos (win + r, type "command") using the syntax: "tracert hostname" (for example: traceroute 192.168.1.1). the hostname parameter can either be a dns resolved hostname or an ip address.

from the data above, you will begin to see the "piece parts" of what traceroute actually accomplishes, including the hop number, latency, and ip address from the device of the current hop. so, what does this information allow you to do? by looking at these results, you get a good picture of the path that data takes within a target network. for instance, if you wanted to gain access to a system, but you cannot find any open services to attack, your next course of action might be to find another system that has a trust relationship with the target. if you can find a way into a trusted server, then you can use such a mechanism to access the one you want. in terms of performance analysis on a network you are administrating, traceroute could be invaluable in pinpointing a bad piece of hardware, or even a bottleneck that is causing a slow link in your network infrastructure.