InTrace
Traceroute-like application that enumerates IP hops by piggybacking on existing TCP connections. Useful for network reconnaissance and firewall bypassing.
Description
InTrace is a traceroute-like application that enables users to enumerate IP hops exploiting existing TCP connections, both initiated from local network (local system) or from remote hosts. It could be useful for network reconnaissance and firewall bypassing.
The tool works by leveraging established TCP connections rather than sending new probe packets, making it stealthier for reconnaissance purposes. This approach helps discover network paths that might be blocked to standard traceroute tools.
InTrace displays detailed information about each hop including source addresses, ICMP source addresses, and packet types like ICMP_TIMXCEED or NO REPLY, providing visibility into network topology.
How It Works
InTrace piggybacks on existing TCP connections to trace network hops. It sends TCP packets with manipulated TTL values over established connections to remote hosts (like port 80 to www.example.com). Routers along the path return ICMP Time Exceeded (ICMP_TIMXCEED) messages when TTL expires, revealing intermediate hops. The output shows source addresses, ICMP source addresses, and packet types for each hop (1-8 in the example), with payload size, sequence, and acknowledgment numbers tracked.
Installation
sudo apt install intraceFlags
Examples
intrace -h www.example.com -p 80 -s 4intrace -h example.com -p 443intrace -h target.com -p 80 -s 8intrace -h www.target.com -p 80 -d 1intrace -4 -h ipv4host.com -p 22intrace -6 -h ipv6host.com -p 80intrace -h www.example.com -p 80