1 00:00:00,970 --> 00:00:02,430 Hello, my name is Stephan. 2 00:00:02,440 --> 00:00:08,170 In the previous lecture we delved into the topic of obtaining traceroute geolocation information using 3 00:00:08,200 --> 00:00:08,830 Nmap. 4 00:00:09,890 --> 00:00:17,720 Traceroute is a technique that maps network paths by tracing the hops between the origin and destination 5 00:00:17,720 --> 00:00:23,040 and adding geolocation information to the traceroute results can provide valuable insights. 6 00:00:23,060 --> 00:00:28,280 To accomplish this we can leverage nmap traceroute functionality along with the traceroute geolocation 7 00:00:28,280 --> 00:00:29,450 and c scripts. 8 00:00:29,450 --> 00:00:36,140 So to begin, let's explore how to obtain traceroute geolocation information of a remote target using 9 00:00:36,170 --> 00:00:37,000 nmap. 10 00:00:37,010 --> 00:00:43,550 Nmap can network paths by tracing the hosts between the origin and destination, so geographical information 11 00:00:43,550 --> 00:00:50,960 can be useful when tracing events and we can include it with the nmap traceroute functionalities with 12 00:00:50,960 --> 00:00:53,810 some help from traceroute location scripts. 13 00:00:53,810 --> 00:00:59,930 In this lecture we will use nmap to obtain traceroute geolocation information of a remote target. 14 00:00:59,960 --> 00:01:05,150 Now to obtain trace or geolocation information of the intermediary hops. 15 00:01:05,150 --> 00:01:09,330 You can use this pseudo nmap command. 16 00:01:09,330 --> 00:01:13,170 So we will use we will start the map with superuser privileges. 17 00:01:13,170 --> 00:01:15,270 So sudo nmap here. 18 00:01:15,270 --> 00:01:19,620 So we will add trace route and we will also add script here. 19 00:01:19,620 --> 00:01:25,080 So we will use the traceroute traceroute geolocation script and scripts. 20 00:01:25,080 --> 00:01:31,680 So trace route geolocation and after that you will enter the target. 21 00:01:31,680 --> 00:01:36,120 In this case it's going to be code.org code sally.org. 22 00:01:36,510 --> 00:01:38,130 You know it's code Silicom. 23 00:01:38,950 --> 00:01:41,740 Here and here. 24 00:01:41,740 --> 00:01:43,690 We will get an output here. 25 00:01:43,690 --> 00:01:47,710 And as you can see, it's not it will not take so much time here. 26 00:01:48,280 --> 00:01:53,740 Probably 20 or 30s depends on the Internet, speed and the. 27 00:01:55,150 --> 00:01:56,110 Uh, server here. 28 00:01:56,110 --> 00:01:58,330 And as you can see, it's a 42 here. 29 00:01:58,330 --> 00:02:05,080 But if you want to do faster, you can add SN here after Nmap. 30 00:02:05,080 --> 00:02:07,690 It will do much faster here. 31 00:02:08,560 --> 00:02:13,150 The depend here probably five or 10s. 32 00:02:26,470 --> 00:02:27,600 And here that's it. 33 00:02:27,610 --> 00:02:35,710 And as you can see here, the remote hopes will have your location information next to the host and 34 00:02:35,740 --> 00:02:38,470 IP address in the output here. 35 00:02:38,470 --> 00:02:40,600 This is the geo location here. 36 00:02:40,600 --> 00:02:43,630 And traceroute hop one, hop two. 37 00:02:43,630 --> 00:02:46,810 So hop one, hop two and this is the traceroute here. 38 00:02:46,810 --> 00:02:50,950 So we can also use the scan nmap here. 39 00:02:51,250 --> 00:02:51,820 Here. 40 00:02:51,820 --> 00:02:58,600 Let's actually scan me, scan me.nmap.org. 41 00:02:58,600 --> 00:03:04,210 I think this was this the nmap scan me here. 42 00:03:04,210 --> 00:03:05,560 Let me actually check that. 43 00:03:06,250 --> 00:03:08,710 Scan me here. 44 00:03:09,460 --> 00:03:10,010 Yes. 45 00:03:10,010 --> 00:03:10,690 Scan me in. 46 00:03:10,720 --> 00:03:12,270 Map.org it. 47 00:03:12,370 --> 00:03:13,840 It's supposed to be that. 48 00:03:14,920 --> 00:03:21,760 Now what we're going to do is we will scan the scan that map.org domain as well here, and then we will 49 00:03:21,760 --> 00:03:22,810 press enter. 50 00:03:22,810 --> 00:03:27,100 And as you can see here, it showed us two hops here. 51 00:03:27,250 --> 00:03:29,350 So this is how it works. 52 00:03:29,350 --> 00:03:31,690 The the traceroute geolocation. 53 00:03:31,690 --> 00:03:37,600 And this script shows that your location coordinates of each hop from traceroute results. 54 00:03:37,600 --> 00:03:46,960 So it depends on an external service from http.org plugin.com does not require an API key and has no 55 00:03:47,020 --> 00:03:50,440 limitations on the number of allowed queries. 56 00:03:50,440 --> 00:03:50,880 So. 57 00:03:50,890 --> 00:03:58,990 So the script must be run in conjunction with traceroute because Nmap is actually in charge of generating 58 00:03:58,990 --> 00:04:02,020 the traceroute information used by the script. 59 00:04:03,240 --> 00:04:10,080 And here you may save the results in XML format and plot them in Google Maps or Google Earth later by 60 00:04:10,080 --> 00:04:14,280 using trace or geolocation dot script argument as like that. 61 00:04:14,280 --> 00:04:17,130 So we will we will not change the. 62 00:04:18,860 --> 00:04:20,870 Uh, trace route here. 63 00:04:22,480 --> 00:04:25,000 Oops, we actually didn't use the tracers here. 64 00:04:25,150 --> 00:04:31,660 So now we are going to start it again because we had a little mis computer mis typing here. 65 00:04:31,660 --> 00:04:33,530 So it's the same here. 66 00:04:33,550 --> 00:04:40,330 Now what we're going to do is we will use the trace route script tracer geolocation, but after that, 67 00:04:40,690 --> 00:04:48,640 before the target, but after the tracer geolocation script, we will add new script arguments here. 68 00:04:48,640 --> 00:05:00,520 So script args here and it's going to be trace route dot geolocation, geolocation dot HTML file. 69 00:05:00,520 --> 00:05:09,910 And after that you will enter the output file directory in this case home Cali here and my my file dot 70 00:05:10,150 --> 00:05:12,400 HTML and after that you will enter here. 71 00:05:12,400 --> 00:05:20,770 So we have the script arguments problem with script arguments because we trace route geolocation here. 72 00:05:21,130 --> 00:05:24,140 So we will do a script arguments again. 73 00:05:26,920 --> 00:05:27,430 That's it. 74 00:05:27,520 --> 00:05:30,460 Now, here we have the file at. 75 00:05:31,300 --> 00:05:32,740 My color, my files. 76 00:05:32,890 --> 00:05:35,950 That here now. 77 00:05:36,830 --> 00:05:38,900 You will see that right now. 78 00:05:41,490 --> 00:05:46,620 And here we have it's not called typhoon here, so we need to change it. 79 00:05:48,230 --> 00:05:49,810 My home. 80 00:05:50,540 --> 00:05:52,550 Play the phone. 81 00:05:53,830 --> 00:05:54,310 That's it. 82 00:05:58,160 --> 00:06:00,270 And here, this is the file. 83 00:06:00,290 --> 00:06:03,680 Now, as you can see, it's a 272 bytes. 84 00:06:03,680 --> 00:06:05,150 And now we will open it. 85 00:06:07,020 --> 00:06:09,960 Here we can right click on it and open with Mousepad. 86 00:06:09,990 --> 00:06:16,800 As you can see here, we have several information here, so we will need to go to earth dot google.com 87 00:06:17,370 --> 00:06:24,240 here or we can also use the another online service provider for this reader here. 88 00:06:24,390 --> 00:06:26,760 So here. 89 00:06:29,500 --> 00:06:29,680 Here. 90 00:06:29,770 --> 00:06:33,550 Mail reader, email file reader here. 91 00:06:33,730 --> 00:06:35,590 So here, as you can see, there's. 92 00:06:36,760 --> 00:06:41,500 Also online websites you can upload this file to and just scan it. 93 00:06:41,650 --> 00:06:49,090 And here we will roast your home and my file dot HTML. 94 00:06:49,210 --> 00:06:50,050 That's it. 95 00:06:50,080 --> 00:06:52,330 Now what we're going to see is. 96 00:06:59,840 --> 00:07:03,770 As you can see here, this is our HTML here. 97 00:07:07,170 --> 00:07:10,260 It's on the California state and. 98 00:07:13,070 --> 00:07:14,180 Even on the map. 99 00:07:16,660 --> 00:07:19,480 You can also download the sample emails here. 100 00:07:23,840 --> 00:07:24,530 Here now. 101 00:07:24,530 --> 00:07:26,960 We will upload our file again. 102 00:07:31,890 --> 00:07:32,550 That's it. 103 00:07:33,380 --> 00:07:34,520 As you can see here. 104 00:07:47,700 --> 00:07:55,170 And if you open that file with a right click here, you will see this coordinates as well. 105 00:07:55,260 --> 00:07:59,040 So you can use these coordinates here. 106 00:08:03,170 --> 00:08:05,410 Even the map and so on. 107 00:08:05,420 --> 00:08:07,970 So you can play with that as well. 108 00:08:07,970 --> 00:08:08,360 Here. 109 00:08:08,360 --> 00:08:14,480 As you can see here, there's also samples where you can use it here. 110 00:08:15,980 --> 00:08:16,980 And so on. 111 00:08:17,030 --> 00:08:22,700 So here this is how the Geolocation of Trees Road works. 112 00:08:22,700 --> 00:08:28,730 So in summary and also remember, tracer geolocation provides valuable insight into the network path, 113 00:08:28,730 --> 00:08:35,270 highlighting the geographic location of the hops involved so it can aid in identifying potential bottlenecks, 114 00:08:35,270 --> 00:08:42,320 analyzing networks performance and investigating the geographical distribution of a network's infrastructure. 115 00:08:42,320 --> 00:08:48,770 So in summary, this lecture explored the practical aspects of obtaining tracer geolocation information 116 00:08:48,770 --> 00:08:55,970 using Nmap by utilizing the geolocation, tracer, geolocation and script in conjunction with a traceroute 117 00:08:56,000 --> 00:09:01,160 option so we can map the network path and gather geolocation details for each hop. 118 00:09:01,160 --> 00:09:08,690 So the script relies on an external service and allows for saving results in HTML format for visualization 119 00:09:08,690 --> 00:09:09,500 purposes. 120 00:09:10,100 --> 00:09:17,130 Incorporating tracer geolocation information enhances network analysis and provides a geographical perspective 121 00:09:17,160 --> 00:09:21,090 to assist in understanding network topology and performance. 122 00:09:21,090 --> 00:09:23,880 My name is Stefan and I'm waiting you in next lecture.