Layer four traceroute

Layer Four Traceroute (LFT) is a fast, multi-protocol traceroute engine, that also implements numerous other features including AS number lookups through Regional Internet Registries and other reliable sources, Loose Source Routing, firewall and load balancer detection, etc. LFT is best known for its use by network security practitioners to trace a route to a destination host through many configurations of packet-filters / firewalls, and to detect network connectivity, performance or latency problems.

How it Works

LFT sends various TCP SYN and FIN probes (differing from Van Jacobson's UDP-based method) or UDP probes utilizing the IP protocol 'time to live' field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host. LFT also listens for various TCP, UDP, and ICMP messages along the way to assist network managers in ascertaining per-protocol heuristic routing information, and can optionally retrieve various information about the networks it traverses. The operation of layer four traceroute is described in detail in several prominent security books.^[1]^[2]

Origins

The lft command first appeared in 1998 as 'fft'. Renamed as a result of confusion with Fast Fourier transforms, lft stands for 'layer four traceroute.' Results are often referred to as a 'layer four trace.'

External links

Layer Four Traceroute Project

Sources

↑ Extreme Exploits: Advanced Defenses Against Hardcore Hacks (2005) McGraw-Hill ISBN 0-07-225955-8
↑ The Tao of Network Security Monitoring (2004) Addison-Wesley ISBN 0-321-24677-2

This article is issued from Wikipedia - version of the 11/19/2013. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.