1
00:00:00,200 --> 00:00:07,910
Some routers and firewalls are configured to not pass ICMP echo requests or echo reply requests.

2
00:00:08,270 --> 00:00:15,380
Attackers sometimes try to map out remote networks by pinging all the possible addresses and collecting

3
00:00:15,380 --> 00:00:16,219
replies.

4
00:00:16,219 --> 00:00:20,840
So blocking this type of traffic at the perimeter is fairly common.

5
00:00:21,480 --> 00:00:28,470
Just because you do not receive a reply to a ping does not necessarily mean that the host is not available.

6
00:00:29,030 --> 00:00:36,800
Traceroute is a computer network diagnostic tool for displaying the route or path of packets through

7
00:00:36,800 --> 00:00:40,940
the internet between your computer and a specified destination computer.

8
00:00:41,710 --> 00:00:45,370
It also measures the amount of time each hop took.

9
00:00:46,860 --> 00:00:52,890
When you run the utility, it initiates the sending of a packet, including in the packet, a TTL,

10
00:00:52,920 --> 00:00:56,370
a Time to Live Value, which is also known as a hop limit.

11
00:00:57,630 --> 00:01:00,120
As the packet passes through a router.

12
00:01:00,120 --> 00:01:08,880
The TTL is Decremented until when the TTL reaches zero, the packet is destroyed and an ICMP time exceeded

13
00:01:08,880 --> 00:01:10,620
message is returned.

14
00:01:11,390 --> 00:01:17,990
Traceroute works by setting the TTL for a packet to one, sending it towards the requested destination

15
00:01:17,990 --> 00:01:20,360
host and listening for the reply.

16
00:01:21,140 --> 00:01:28,250
When the initiation machine receives a time exceeded response, it examines a packet to determine where

17
00:01:28,250 --> 00:01:29,690
the packet came from.

18
00:01:29,690 --> 00:01:33,170
So this identifies the machine one hop away.

19
00:01:33,560 --> 00:01:40,520
Then the tracing machine generates a new packet with TTL two and uses that response to determine the

20
00:01:40,520 --> 00:01:43,220
machine two hops away and so on.

21
00:01:50,920 --> 00:01:56,230
The command trace route is available on many modern operating systems.

22
00:01:57,130 --> 00:02:01,960
On Unix like systems such as FreeBSD, macOS and Linux.

23
00:02:01,990 --> 00:02:04,270
It's available as a command line tool.

24
00:02:05,540 --> 00:02:11,270
On Unix like systems traceroute sends by default a sequence of UDP packets.

25
00:02:11,600 --> 00:02:17,540
Traceroute is also graphically accessible in macOS with a network utility suite.

26
00:02:18,480 --> 00:02:20,040
In Microsoft Windows.

27
00:02:20,130 --> 00:02:21,960
It's named Tracert.

28
00:02:23,530 --> 00:02:29,020
In Windows Traceroute sends ICMP echo requests instead of UDP packets.

29
00:02:29,700 --> 00:02:35,910
For IPV six the tool sometimes has a name traceroute six or tracert six.

30
00:02:36,660 --> 00:02:42,060
Let's look how the traceroute command operates in our host machine and virtual machines as well.

31
00:02:43,630 --> 00:02:45,100
So I'm on my host machine.

32
00:02:45,100 --> 00:02:52,480
This is Mac OS and I'll open a terminal screen command space to open the spotlight search bar and type

33
00:02:52,510 --> 00:02:53,170
terminal.

34
00:02:54,870 --> 00:02:58,770
Start the terminal app and now I'm on a terminal screen.

35
00:02:59,770 --> 00:03:02,350
Traceroute is the command I'll use.

36
00:03:02,740 --> 00:03:09,010
So if you run it with no parameter, you get a brief help about the usage of the command.

37
00:03:09,730 --> 00:03:13,210
So now let's run the command with a target host.

38
00:03:19,260 --> 00:03:21,090
We timed out in the first hop.

39
00:03:25,340 --> 00:03:28,430
And in the second one as well, where it happens, no worries.

40
00:03:28,940 --> 00:03:31,220
And yes, here are the other hops.

41
00:03:31,250 --> 00:03:36,890
This is the path that the packets follow from my host machine to the target web server.

42
00:03:37,340 --> 00:03:43,530
In macOS, you can also trace the packets with a graphical UI, which I mentioned before.

43
00:03:43,550 --> 00:03:45,870
So go to the network utility tool.

44
00:03:45,890 --> 00:03:53,630
Press Command and Space bar once more to open spotlight and type network utility and find it and open

45
00:03:53,630 --> 00:03:54,110
it.

46
00:03:54,980 --> 00:03:58,250
There's a trace route tab in the network utility window.

47
00:03:58,550 --> 00:04:03,050
Just type the target host and click the trace button.

48
00:04:08,400 --> 00:04:10,350
Let's see how it all works in Cali.

49
00:04:11,530 --> 00:04:18,070
So now I'm in Cali and I have a terminal screen open type traceroute and hit enter.

50
00:04:18,980 --> 00:04:21,920
So you'll see the help for this particular command.

51
00:04:21,920 --> 00:04:25,880
And it's a bit more detailed than the one in Mac OS.

52
00:04:27,120 --> 00:04:30,660
So now I want to show you the network configuration of Michael.

53
00:04:31,400 --> 00:04:32,760
Go to Cali settings.

54
00:04:32,780 --> 00:04:34,760
Click Network adapter.

55
00:04:35,030 --> 00:04:43,910
And as you see, we run Cali in net mode where the host machine Mac provides network address resolution.

56
00:04:44,000 --> 00:04:51,710
We'll talk about that soon for all network traffic and Cali shares the IP address of the host.

57
00:04:52,750 --> 00:05:01,960
Now I want to test the network connection first, so I'll ping the Google DNS 8.8.8.8 and right, that's

58
00:05:01,960 --> 00:05:02,890
no problem at all.

59
00:05:04,220 --> 00:05:07,640
You can use Ctrl C Keys to End the Pink Man.

60
00:05:08,260 --> 00:05:11,690
Well, not just don't use Ctrl L.

61
00:05:12,660 --> 00:05:13,160
Okay.

62
00:05:13,170 --> 00:05:16,980
Now I'll run the trace route with the target host and call.

63
00:05:18,110 --> 00:05:22,250
The first hop is a gateway prepared by VMware for my virtual machines.

64
00:05:23,130 --> 00:05:27,060
And as you can see, all the other hops are blocked.

65
00:05:27,090 --> 00:05:30,690
We cannot trace packets from the VM in Nat mode.

66
00:05:37,610 --> 00:05:41,780
So let's have a look at the traceroute command options once more.

67
00:05:42,350 --> 00:05:48,260
Here there's an option uppercase T which sends TCP syn packets.

68
00:05:49,070 --> 00:05:52,880
Now I'd like to try the command once more with this option.

69
00:05:54,630 --> 00:05:58,020
Okay, so we have the first and the last hop this time.

70
00:05:59,910 --> 00:06:03,720
So now I want to show you the command in a Windows system.

71
00:06:04,830 --> 00:06:08,190
Here is my up to date Windows 8 system.

72
00:06:08,930 --> 00:06:10,010
It has an IP.

73
00:06:11,270 --> 00:06:13,460
Check the connection ping.

74
00:06:13,460 --> 00:06:16,610
And yes, the network is running good.

75
00:06:16,610 --> 00:06:17,900
Just where we want it.

76
00:06:17,990 --> 00:06:20,690
Let's look at the network details first.

77
00:06:21,200 --> 00:06:27,350
From the network and sharing center, click Ethernet zero and then the details button.

78
00:06:27,350 --> 00:06:28,880
And here are the details.

79
00:06:29,500 --> 00:06:32,530
Default gateway is 99.2.

80
00:06:32,560 --> 00:06:35,920
Dhcp is 99.254.

81
00:06:35,950 --> 00:06:41,560
As you know, these are the devices prepared by VMware for our Nat network.

82
00:06:42,110 --> 00:06:47,560
So now I go to the settings of the VMware Fusion In network adapter.

83
00:06:47,570 --> 00:06:51,620
We confirm that the VM is in net network mode.

84
00:06:51,830 --> 00:06:54,500
Now I'm in the command prompt.

85
00:06:54,530 --> 00:07:02,960
As I mentioned, the command is Tracert in Microsoft Systems, so write down the target host and press

86
00:07:02,960 --> 00:07:03,410
enter.

87
00:07:04,330 --> 00:07:06,670
So the first top is again the gateway.

88
00:07:07,710 --> 00:07:16,110
And just like in Cali, since this is also in that mode, the requests for other hops are timed out.

89
00:07:23,750 --> 00:07:27,500
So while the command is running, I'd like to show you the command help.

90
00:07:30,530 --> 00:07:33,770
So just type tracert and hit enter.

91
00:07:34,310 --> 00:07:37,340
So we didn't enter the host this time.

92
00:07:37,340 --> 00:07:40,400
And here is a usage of the Tracert command.

93
00:07:48,010 --> 00:07:54,730
Trace completed and there is no result given as expected, because we're in that mode.

94
00:07:55,240 --> 00:07:58,120
I know you knew that, but I just wanted to make sure.

95
00:07:58,150 --> 00:08:05,080
So now I'm going to run my Windows VM and bridge mode and try the command once more.

96
00:08:06,460 --> 00:08:13,090
And once again click the hardware settings icon on the menu bar of VMware Fusion and Select Network

97
00:08:13,090 --> 00:08:13,900
adapter.

98
00:08:14,600 --> 00:08:21,440
So I'm using wi fi to connect to the internet right now, so I choose wi fi under the bridged networking

99
00:08:21,440 --> 00:08:22,130
section.

100
00:08:23,370 --> 00:08:31,620
Now this is the IP address assigned by the Dhcp and the subnet mask of the network again is set by Dhcp.

101
00:08:32,950 --> 00:08:36,270
So we'll see how the Dhcp works.

102
00:08:36,280 --> 00:08:38,320
Just stay with me here.

103
00:08:38,590 --> 00:08:43,720
So as you see in the network and sharing center window, the active network disappeared as soon as I

104
00:08:43,720 --> 00:08:45,910
changed the network adapter of the VM.

105
00:08:47,020 --> 00:08:50,080
And a second, the new network is activated.

106
00:08:50,350 --> 00:08:55,180
Click Ethernet zero and look at that the details button.

107
00:08:55,180 --> 00:08:57,880
So click on that to see the network settings.

108
00:08:57,880 --> 00:08:59,370
And those are the new ones.

109
00:08:59,380 --> 00:09:09,610
So now we're in the 192.168.12. x IP block and we have a different Dhcp and gateway run by the network

110
00:09:09,610 --> 00:09:11,200
admins of my office building.

111
00:09:11,890 --> 00:09:17,320
So let's go back to the command prompt and trace the route of the packets once more.

112
00:09:17,470 --> 00:09:20,740
So first I want to check the network, as I always do.

113
00:09:20,770 --> 00:09:25,420
So I'll ping the Google DNS and yes, we have the Internet connection.

114
00:09:25,810 --> 00:09:28,480
So now is the time to trace the route.

115
00:09:33,330 --> 00:09:34,920
The first request is timed out.

116
00:09:34,950 --> 00:09:37,410
Remember the results of my host machine?

117
00:09:41,410 --> 00:09:43,270
The second request timed out as well.

118
00:09:46,000 --> 00:09:48,550
And here are the other hops.

119
00:09:48,820 --> 00:09:50,710
We now have the results.