|
Index of /projects/trt-scapy
|
Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory 04-Sep-2007 18:52 -
![[TXT]](/icons/text.gif)
scapy.py.txt 11-Jan-2007 00:32 411k
![[ ]](/icons/compressed.gif)
trt-scapy.tgz 11-Jan-2007 11:45 201k
trt-scapy.txt 11-Jan-2007 11:45 5k
trt-scapy.py - v0.0
===================
Another implementation of the M. Zalewski 0trace tool which performs hop
enumeration within "established" TCP connections. Trt-Scapy is based on the
Scapy tool (http://secdev.org/projects/scapy/) from P. Biondi and performs
enumeration for TCP "established" connections and UDP DNS requests streams.
Refer to the original http://lcamtuf.coredump.cx/soft/0trace.tgz.
===============================================================================
TCP to www.ebay.com on the TCP 80 port and ttl game with 0trace (refer to
announcement http://www.securityfocus.com/archive/1/456213/30/0/threaded)
> 13 4.68.110.81
> 14 4.68.97.33
> 15 64.159.1.130
> 16 4.68.123.48
> 17 166.90.140.134 <---
> 18 10.6.1.166 <--- new data
> 19 10.6.1.70 <---
Same game with trt-scapy :
# ./trt-scapy.py -i 66.135.192.124 -p 80 -r 1 -w .5
trt-scapy.py - v0.0
Connecting to 66.135.192.124:80
[...]
11 - 10.6.1.46 - 0 / time-exceeded
IPerror payload : -> 66.135.192.124
12 - 10.6.105.8 - 0 / time-exceeded
IPerror payload : -> 10.6.35.124
13 - 66.135.192.124
Done...
# ./trt-scapy.py -i sjc-dns2.ebaydns.com -p 53 -r 3 -w 4 -U
trt-scapy.py - v0.0
UDP - Connecting to sjc-dns2.ebaydns.com:53
[...]
9 - 166.90.140.134 - 0 / time-exceeded
IPerror payload : -> 66.135.207.138
10 - 10.6.1.162 - 0 / time-exceeded
IPerror payload : -> 66.135.207.138
11 - 10.6.1.78 - 0 / time-exceeded
IPerror payload : -> 66.135.207.138
12 - ?
13 - 66.135.207.138
===============================================================================
Thanks to TGW
J. - January 2007