1 00:00:00,330 --> 00:00:09,150 Some routers and firewalls are configured to not pass ICMP Echo requests or echo reply requests, attackers 2 00:00:09,240 --> 00:00:16,160 sometimes try to map out remote networks by pinging all the possible addresses and collecting replies. 3 00:00:16,410 --> 00:00:20,720 So blocking this type of traffic at the perimeter is fairly common. 4 00:00:21,660 --> 00:00:28,320 Just because you do not receive a reply to a ping does not necessarily mean that the host is not available. 5 00:00:29,260 --> 00:00:36,850 Traceroute is a computer network diagnostic tool for displaying the route or path of packet's through 6 00:00:36,850 --> 00:00:40,840 the Internet between your computer and a specified destination computer. 7 00:00:41,850 --> 00:00:45,240 It also measures the amount of time each hop took. 8 00:00:47,050 --> 00:00:52,980 When you run the utility, it initiates the sending of a packet, including in the packet, a TTL, 9 00:00:53,020 --> 00:00:56,230 a time to live value, which is also known as a hop limit. 10 00:00:57,720 --> 00:01:05,250 As the packet passes through a router that TTL is decrement it until when the TTL reaches zero, the 11 00:01:05,250 --> 00:01:10,440 packet is destroyed and an ICMP time exceeded message is returned. 12 00:01:11,590 --> 00:01:18,070 Traceroute works by setting the ttle for a packet to what, sending it towards the requested destination 13 00:01:18,070 --> 00:01:20,170 host and listening for the reply. 14 00:01:21,440 --> 00:01:28,340 When the initiation machine receives a time exceeded response, it examines a packet to determine where 15 00:01:28,340 --> 00:01:29,520 the packet came from. 16 00:01:30,020 --> 00:01:32,870 So this identifies the machine one hop away. 17 00:01:33,830 --> 00:01:37,730 Then the tracing machine generates a new packet with TTYL to. 18 00:01:38,640 --> 00:01:43,100 And uses that response to determine the machine to hops away and so on. 19 00:01:51,140 --> 00:01:56,060 The command traceroute is available on many modern operating systems. 20 00:01:57,290 --> 00:02:04,130 On Unix, like systems such as FreeBSD, Mac OS and Linux, it's available as a command line tool. 21 00:02:05,670 --> 00:02:13,260 On Unix like systems, Traceroute says, by default, a sequence of UDP packets, Traceroute is also 22 00:02:13,260 --> 00:02:17,430 graphically accessible in Mac OS within the network utility suite. 23 00:02:18,610 --> 00:02:21,790 And Microsoft Windows, it's named Traceroute. 24 00:02:23,690 --> 00:02:28,850 And Windows Traceroute sends ICMP a request instead of UDP packets. 25 00:02:29,910 --> 00:02:35,730 For IPV six, the tools sometimes has a name traceroute six or traceroute six. 26 00:02:36,880 --> 00:02:41,920 Let's look at the traceroute command operates in our host machine and virtual machines as well. 27 00:02:43,900 --> 00:02:50,500 So I'm on my host machine, this is Mac OS, and I'll open a terminal screen command space to open the 28 00:02:50,500 --> 00:02:53,050 spotlight search bar and type terminal. 29 00:02:55,030 --> 00:02:58,600 Start the terminal lap and now I'm on a terminal screen. 30 00:02:59,960 --> 00:03:07,430 Traceroute is the command I'll use, so if you run it with no parameter, you got a brief help about 31 00:03:07,430 --> 00:03:08,780 the usage of the command. 32 00:03:10,040 --> 00:03:13,010 So now let's run the command with a target host. 33 00:03:19,480 --> 00:03:20,920 We timed out in the first top. 34 00:03:25,460 --> 00:03:30,990 And in the second one as well, where it happens, no worries and yes, here are the other jobs. 35 00:03:31,560 --> 00:03:33,020 This is the path at the back. 36 00:03:33,020 --> 00:03:36,680 It's follow from my host machine to the target web server. 37 00:03:37,610 --> 00:03:43,500 In Mac OS, you can also trace the packets with a graphical UI, which I mentioned before. 38 00:03:43,670 --> 00:03:50,600 So go to the network utility tool, press command and Space Bar once more to open spotlight and type 39 00:03:50,600 --> 00:03:53,890 network utility and find it and open it. 40 00:03:55,280 --> 00:03:58,070 There's a traceroute tab in the network utility window. 41 00:03:58,880 --> 00:04:02,870 Just type the target host and click the trace button. 42 00:04:08,580 --> 00:04:10,140 Let's see how it all works in Cali. 43 00:04:11,820 --> 00:04:17,910 So now I'm in Cali and I have a terminal screen, open type trace round and hit enter. 44 00:04:19,170 --> 00:04:25,680 So you'll see the help for this particular command and it's a bit more detail than the one in Mac OS. 45 00:04:27,350 --> 00:04:30,740 So now I want to show you the network configuration of my colleague. 46 00:04:31,590 --> 00:04:40,050 Go to college settings, click network adapter, and as you see, we run in that mode where the host 47 00:04:40,050 --> 00:04:47,880 machine Mac provides network address resolution, we'll talk about that soon for all network traffic 48 00:04:48,300 --> 00:04:51,570 and college shares, the IP address of the host. 49 00:04:52,920 --> 00:05:01,080 Now, I want to test the network connection first, so I'll ping the Google DNS 888 Daddy, Daddy and. 50 00:05:01,440 --> 00:05:02,730 Right, that's no problem at all. 51 00:05:04,380 --> 00:05:11,350 You can use control, see keys to end the Pinkman, you know, not just don't use control. 52 00:05:12,740 --> 00:05:17,000 OK, now I'll run the trace route with the target hosting Collie. 53 00:05:18,280 --> 00:05:22,090 The first stop is a gateway prepared by VMware for my virtual machines. 54 00:05:23,240 --> 00:05:26,850 And as you can see, all the other hops are blocked. 55 00:05:27,350 --> 00:05:30,530 We cannot trace packets from the PVM in that mode. 56 00:05:37,890 --> 00:05:41,580 So let's have a look at the traceroute command options once more. 57 00:05:42,600 --> 00:05:48,030 Here there's an option uppercase T, which sends TCP send packets. 58 00:05:49,300 --> 00:05:52,690 Now, I'd like to try the command once more with this option. 59 00:05:54,620 --> 00:05:57,860 OK, so we have the first and the last hop this time. 60 00:06:00,200 --> 00:06:03,500 So now I want to show you the command in a window system. 61 00:06:05,000 --> 00:06:07,970 Here is my up to date Windows eight system. 62 00:06:09,180 --> 00:06:10,200 It has an IP. 63 00:06:11,470 --> 00:06:17,740 Check the connection, Ping, and yes, the network is running good just where we want. 64 00:06:18,310 --> 00:06:23,230 Let's look at the network details first from the network and sharing center. 65 00:06:23,230 --> 00:06:28,720 Click either had zero and then the details button and hear the details. 66 00:06:29,630 --> 00:06:38,270 Default Gateway is nine nine point to DHP is not nine to five four, as you know, these are the devices 67 00:06:38,270 --> 00:06:41,420 prepared by VMware for our net network. 68 00:06:42,300 --> 00:06:50,340 So now I go to the settings of the VMware Fusion in network adapter, we confirm that the VM is in that 69 00:06:50,370 --> 00:06:51,420 network mode. 70 00:06:52,170 --> 00:06:54,300 Now I'm in the command prompt. 71 00:06:54,780 --> 00:07:00,180 As I mentioned, the command is traceroute in Microsoft systems. 72 00:07:00,540 --> 00:07:03,300 So write down the target host and press enter. 73 00:07:04,550 --> 00:07:06,470 So the first stop is, again, the gateway. 74 00:07:07,900 --> 00:07:15,910 And just like in Cali, since this VM is also in that mode, the requests for other hops are timed out. 75 00:07:23,940 --> 00:07:27,330 So while the command is running, I'd like to show you the command help. 76 00:07:30,720 --> 00:07:33,600 So just type traceroute and hit enter. 77 00:07:34,600 --> 00:07:40,240 So we didn't enter the host this time, and here is a usage of the tracer command. 78 00:07:48,140 --> 00:07:54,710 Trece completed, and there is no result given as expected, because we're in that mode. 79 00:07:55,370 --> 00:07:57,870 I know you knew that, but I just wanted to make sure. 80 00:07:58,430 --> 00:08:04,970 So now I'm going to run my Windows VM in bridge mode and try the command once more. 81 00:08:06,510 --> 00:08:13,170 And once again, click the hardware settings icon on the menu bar, VMware Fusion and Select Network 82 00:08:13,170 --> 00:08:13,770 Adapter. 83 00:08:14,810 --> 00:08:21,530 So I'm using Wi-Fi to connect to the Internet right now, so I choose Wi-Fi under the bridge networking 84 00:08:21,530 --> 00:08:21,980 section. 85 00:08:23,430 --> 00:08:30,480 Now, this is the IP address assigned by the DHC peak and the subnet mask of the network, again, is 86 00:08:30,480 --> 00:08:31,800 set by the A.P.. 87 00:08:33,130 --> 00:08:36,200 So we'll see how the DHP works. 88 00:08:36,520 --> 00:08:38,140 Just stay with me here. 89 00:08:38,980 --> 00:08:44,200 As you see in the network and sharing center window, the active network disappeared as soon as I changed 90 00:08:44,200 --> 00:08:45,730 the network adapter of the VM. 91 00:08:47,070 --> 00:08:55,290 And a second, the new network is activated, click Ethernet zero and look at that, the details button. 92 00:08:55,320 --> 00:08:59,140 So click on that to see the network settings and those are the new ones. 93 00:08:59,670 --> 00:09:04,320 So now we're in the one nine two to one six eight dot one two x IP block. 94 00:09:04,980 --> 00:09:11,040 And we have a different DHP and gateway run by the network admins of my office building. 95 00:09:12,060 --> 00:09:17,080 So let's go back to the command prompt and trace the route of the package once more. 96 00:09:17,790 --> 00:09:22,980 So first I want to check the network as I always do, so I'll ping the Google DNS. 97 00:09:22,980 --> 00:09:25,230 And yes, we have the Internet connection. 98 00:09:26,060 --> 00:09:28,330 I mean, now is it time to trace the route? 99 00:09:33,480 --> 00:09:37,790 The first request is timed out, remember the results of my host machine, right? 100 00:09:41,490 --> 00:09:43,110 The second request timed out as well. 101 00:09:46,190 --> 00:09:50,570 And here are the other hops, we now have the results.