WEBVTT

00:00.970 --> 00:02.430
Hello, my name is Stephan.

00:02.440 --> 00:08.170
In the previous lecture we delved into the topic of obtaining traceroute geolocation information using

00:08.200 --> 00:08.830
Nmap.

00:09.890 --> 00:17.720
Traceroute is a technique that maps network paths by tracing the hops between the origin and destination

00:17.720 --> 00:23.040
and adding geolocation information to the traceroute results can provide valuable insights.

00:23.060 --> 00:28.280
To accomplish this we can leverage nmap traceroute functionality along with the traceroute geolocation

00:28.280 --> 00:29.450
and c scripts.

00:29.450 --> 00:36.140
So to begin, let's explore how to obtain traceroute geolocation information of a remote target using

00:36.170 --> 00:37.000
nmap.

00:37.010 --> 00:43.550
Nmap can network paths by tracing the hosts between the origin and destination, so geographical information

00:43.550 --> 00:50.960
can be useful when tracing events and we can include it with the nmap traceroute functionalities with

00:50.960 --> 00:53.810
some help from traceroute location scripts.

00:53.810 --> 00:59.930
In this lecture we will use nmap to obtain traceroute geolocation information of a remote target.

00:59.960 --> 01:05.150
Now to obtain trace or geolocation information of the intermediary hops.

01:05.150 --> 01:09.330
You can use this pseudo nmap command.

01:09.330 --> 01:13.170
So we will use we will start the map with superuser privileges.

01:13.170 --> 01:15.270
So sudo nmap here.

01:15.270 --> 01:19.620
So we will add trace route and we will also add script here.

01:19.620 --> 01:25.080
So we will use the traceroute traceroute geolocation script and scripts.

01:25.080 --> 01:31.680
So trace route geolocation and after that you will enter the target.

01:31.680 --> 01:36.120
In this case it's going to be code.org code sally.org.

01:36.510 --> 01:38.130
You know it's code Silicom.

01:38.950 --> 01:41.740
Here and here.

01:41.740 --> 01:43.690
We will get an output here.

01:43.690 --> 01:47.710
And as you can see, it's not it will not take so much time here.

01:48.280 --> 01:53.740
Probably 20 or 30s depends on the Internet, speed and the.

01:55.150 --> 01:56.110
Uh, server here.

01:56.110 --> 01:58.330
And as you can see, it's a 42 here.

01:58.330 --> 02:05.080
But if you want to do faster, you can add SN here after Nmap.

02:05.080 --> 02:07.690
It will do much faster here.

02:08.560 --> 02:13.150
The depend here probably five or 10s.

02:26.470 --> 02:27.600
And here that's it.

02:27.610 --> 02:35.710
And as you can see here, the remote hopes will have your location information next to the host and

02:35.740 --> 02:38.470
IP address in the output here.

02:38.470 --> 02:40.600
This is the geo location here.

02:40.600 --> 02:43.630
And traceroute hop one, hop two.

02:43.630 --> 02:46.810
So hop one, hop two and this is the traceroute here.

02:46.810 --> 02:50.950
So we can also use the scan nmap here.

02:51.250 --> 02:51.820
Here.

02:51.820 --> 02:58.600
Let's actually scan me, scan me.nmap.org.

02:58.600 --> 03:04.210
I think this was this the nmap scan me here.

03:04.210 --> 03:05.560
Let me actually check that.

03:06.250 --> 03:08.710
Scan me here.

03:09.460 --> 03:10.010
Yes.

03:10.010 --> 03:10.690
Scan me in.

03:10.720 --> 03:12.270
Map.org it.

03:12.370 --> 03:13.840
It's supposed to be that.

03:14.920 --> 03:21.760
Now what we're going to do is we will scan the scan that map.org domain as well here, and then we will

03:21.760 --> 03:22.810
press enter.

03:22.810 --> 03:27.100
And as you can see here, it showed us two hops here.

03:27.250 --> 03:29.350
So this is how it works.

03:29.350 --> 03:31.690
The the traceroute geolocation.

03:31.690 --> 03:37.600
And this script shows that your location coordinates of each hop from traceroute results.

03:37.600 --> 03:46.960
So it depends on an external service from http.org plugin.com does not require an API key and has no

03:47.020 --> 03:50.440
limitations on the number of allowed queries.

03:50.440 --> 03:50.880
So.

03:50.890 --> 03:58.990
So the script must be run in conjunction with traceroute because Nmap is actually in charge of generating

03:58.990 --> 04:02.020
the traceroute information used by the script.

04:03.240 --> 04:10.080
And here you may save the results in XML format and plot them in Google Maps or Google Earth later by

04:10.080 --> 04:14.280
using trace or geolocation dot script argument as like that.

04:14.280 --> 04:17.130
So we will we will not change the.

04:18.860 --> 04:20.870
Uh, trace route here.

04:22.480 --> 04:25.000
Oops, we actually didn't use the tracers here.

04:25.150 --> 04:31.660
So now we are going to start it again because we had a little mis computer mis typing here.

04:31.660 --> 04:33.530
So it's the same here.

04:33.550 --> 04:40.330
Now what we're going to do is we will use the trace route script tracer geolocation, but after that,

04:40.690 --> 04:48.640
before the target, but after the tracer geolocation script, we will add new script arguments here.

04:48.640 --> 05:00.520
So script args here and it's going to be trace route dot geolocation, geolocation dot HTML file.

05:00.520 --> 05:09.910
And after that you will enter the output file directory in this case home Cali here and my my file dot

05:10.150 --> 05:12.400
HTML and after that you will enter here.

05:12.400 --> 05:20.770
So we have the script arguments problem with script arguments because we trace route geolocation here.

05:21.130 --> 05:24.140
So we will do a script arguments again.

05:26.920 --> 05:27.430
That's it.

05:27.520 --> 05:30.460
Now, here we have the file at.

05:31.300 --> 05:32.740
My color, my files.

05:32.890 --> 05:35.950
That here now.

05:36.830 --> 05:38.900
You will see that right now.

05:41.490 --> 05:46.620
And here we have it's not called typhoon here, so we need to change it.

05:48.230 --> 05:49.810
My home.

05:50.540 --> 05:52.550
Play the phone.

05:53.830 --> 05:54.310
That's it.

05:58.160 --> 06:00.270
And here, this is the file.

06:00.290 --> 06:03.680
Now, as you can see, it's a 272 bytes.

06:03.680 --> 06:05.150
And now we will open it.

06:07.020 --> 06:09.960
Here we can right click on it and open with Mousepad.

06:09.990 --> 06:16.800
As you can see here, we have several information here, so we will need to go to earth dot google.com

06:17.370 --> 06:24.240
here or we can also use the another online service provider for this reader here.

06:24.390 --> 06:26.760
So here.

06:29.500 --> 06:29.680
Here.

06:29.770 --> 06:33.550
Mail reader, email file reader here.

06:33.730 --> 06:35.590
So here, as you can see, there's.

06:36.760 --> 06:41.500
Also online websites you can upload this file to and just scan it.

06:41.650 --> 06:49.090
And here we will roast your home and my file dot HTML.

06:49.210 --> 06:50.050
That's it.

06:50.080 --> 06:52.330
Now what we're going to see is.

06:59.840 --> 07:03.770
As you can see here, this is our HTML here.

07:07.170 --> 07:10.260
It's on the California state and.

07:13.070 --> 07:14.180
Even on the map.

07:16.660 --> 07:19.480
You can also download the sample emails here.

07:23.840 --> 07:24.530
Here now.

07:24.530 --> 07:26.960
We will upload our file again.

07:31.890 --> 07:32.550
That's it.

07:33.380 --> 07:34.520
As you can see here.

07:47.700 --> 07:55.170
And if you open that file with a right click here, you will see this coordinates as well.

07:55.260 --> 07:59.040
So you can use these coordinates here.

08:03.170 --> 08:05.410
Even the map and so on.

08:05.420 --> 08:07.970
So you can play with that as well.

08:07.970 --> 08:08.360
Here.

08:08.360 --> 08:14.480
As you can see here, there's also samples where you can use it here.

08:15.980 --> 08:16.980
And so on.

08:17.030 --> 08:22.700
So here this is how the Geolocation of Trees Road works.

08:22.700 --> 08:28.730
So in summary and also remember, tracer geolocation provides valuable insight into the network path,

08:28.730 --> 08:35.270
highlighting the geographic location of the hops involved so it can aid in identifying potential bottlenecks,

08:35.270 --> 08:42.320
analyzing networks performance and investigating the geographical distribution of a network's infrastructure.

08:42.320 --> 08:48.770
So in summary, this lecture explored the practical aspects of obtaining tracer geolocation information

08:48.770 --> 08:55.970
using Nmap by utilizing the geolocation, tracer, geolocation and script in conjunction with a traceroute

08:56.000 --> 09:01.160
option so we can map the network path and gather geolocation details for each hop.

09:01.160 --> 09:08.690
So the script relies on an external service and allows for saving results in HTML format for visualization

09:08.690 --> 09:09.500
purposes.

09:10.100 --> 09:17.130
Incorporating tracer geolocation information enhances network analysis and provides a geographical perspective

09:17.160 --> 09:21.090
to assist in understanding network topology and performance.

09:21.090 --> 09:23.880
My name is Stefan and I'm waiting you in next lecture.