1
00:00:00,330 --> 00:00:07,650
‫Some routers and firewalls are configured to not pass ICMP Echo requests or Echo reply requests.

2
00:00:08,460 --> 00:00:15,420
‫Attackers sometimes try to map out remote networks by pinging all the possible addresses and collecting

3
00:00:15,420 --> 00:00:16,170
‫replies.

4
00:00:16,410 --> 00:00:20,730
‫So blocking this type of traffic at the perimeter is fairly common.

5
00:00:21,660 --> 00:00:28,320
‫Just because you do not receive a reply to a ping does not necessarily mean that the host is not available.

6
00:00:29,200 --> 00:00:36,850
‫Trace Route is a computer network diagnostic tool for displaying the route or path of packets through

7
00:00:36,850 --> 00:00:40,810
‫the internet between your computer and a specified destination computer.

8
00:00:41,880 --> 00:00:45,180
‫It also measures the amount of time each hop took.

9
00:00:47,020 --> 00:00:53,350
‫When you run the utility, it initiates the sending of a packet, including in the packet at TTL a time

10
00:00:53,350 --> 00:00:56,200
‫to live value, which is also known as a hop limit.

11
00:00:57,750 --> 00:01:04,740
‫As the packet passes through a router, the title is decrement it until when the title reaches zero.

12
00:01:05,070 --> 00:01:10,410
‫The packet is destroyed and an ICMP time exceeded message is returned.

13
00:01:11,590 --> 00:01:18,040
‫Trace route works by setting the total for a packet to one, sending it towards the requested destination

14
00:01:18,040 --> 00:01:20,170
‫host and listening for the reply.

15
00:01:21,410 --> 00:01:28,310
‫When the initiation machine receives a time exceeded response, it examines a packet to determine where

16
00:01:28,310 --> 00:01:29,480
‫the packet came from.

17
00:01:30,020 --> 00:01:31,670
‫So this identifies the machine.

18
00:01:31,790 --> 00:01:37,700
‫One hop away, then the tracing machine generates a new packet with detail to.

19
00:01:38,670 --> 00:01:43,080
‫And uses that response to determine the machine to hops away and so on.

20
00:01:51,170 --> 00:01:56,030
‫The command trace route is available on many modern operating systems.

21
00:01:57,290 --> 00:02:04,100
‫On Unix like systems such as free BSD, Mac, OS and Linux, it's available as a command line tool.

22
00:02:05,670 --> 00:02:13,830
‫On Unix like systems, Trace Root sends by default a sequence of UDP packets, trace root is also graphically

23
00:02:13,830 --> 00:02:17,400
‫accessible in Mac OS within the network utility suite.

24
00:02:18,640 --> 00:02:19,840
‫And Microsoft Windows.

25
00:02:20,440 --> 00:02:21,780
‫It's named traceroute.

26
00:02:23,720 --> 00:02:28,820
‫And Windows traceroute sends ICMP Echo request instead of UDP packets.

27
00:02:29,880 --> 00:02:35,730
‫For IPV six, the tools sometimes has a name trace route six or TRACEROUTE six.

28
00:02:36,880 --> 00:02:41,890
‫Let's look how the Trace Route Command operates in our host machine and virtual machines as well.

29
00:02:43,900 --> 00:02:50,470
‫So I'm on my host machine, this is Mac OS, and I'll open a terminal screen command space to open the

30
00:02:50,470 --> 00:02:53,020
‫Spotlight Search Bar and type terminal.

31
00:02:55,060 --> 00:02:58,600
‫Start the terminal app, and now I'm on a terminal screen.

32
00:02:59,960 --> 00:03:02,120
‫Trace route is the command I'll use.

33
00:03:03,050 --> 00:03:08,750
‫So if you run out with no parameter, you get a brief help about the usage of the command.

34
00:03:10,040 --> 00:03:12,980
‫So now let's run the command with a target host.

35
00:03:19,480 --> 00:03:20,890
‫We timed out in the first hop.

36
00:03:25,490 --> 00:03:27,570
‫And in the second one as well, where it happens.

37
00:03:27,590 --> 00:03:28,190
‫No worries.

38
00:03:29,240 --> 00:03:31,040
‫And yes, here are the other halves.

39
00:03:31,580 --> 00:03:32,980
‫This is the path at the back.

40
00:03:32,990 --> 00:03:36,680
‫It's follow from my host machine to the target web server.

41
00:03:37,610 --> 00:03:43,520
‫In Mac OS, you can also trace the packets with a graphical UI, which I mentioned before.

42
00:03:43,700 --> 00:03:50,570
‫So go to the network utility tool, press command and spacebar once more to open spotlight and type

43
00:03:50,570 --> 00:03:53,870
‫network utility and find it and open it.

44
00:03:55,280 --> 00:03:58,070
‫There's a trace root tab in the network utility window.

45
00:03:58,880 --> 00:04:02,810
‫Just type the target host and click the Trace button.

46
00:04:08,610 --> 00:04:10,140
‫Let's see how it all works in Cali.

47
00:04:11,850 --> 00:04:17,910
‫So now I'm in Cali and I have a terminal screen, open type trace round and hit enter.

48
00:04:19,200 --> 00:04:25,110
‫So you'll see the help for this particular command, and it's a bit more detail than the one in Mac

49
00:04:25,110 --> 00:04:25,650
‫OS.

50
00:04:27,350 --> 00:04:30,710
‫So now I want to show you the network configuration of my colleague.

51
00:04:31,590 --> 00:04:39,450
‫Go to college settings, click network adapter, and as you see, we run college in that mode where

52
00:04:39,450 --> 00:04:43,680
‫the host machine Mac provides network address resolution.

53
00:04:44,250 --> 00:04:51,510
‫We'll talk about that soon for all network traffic, and Carly shares the IP address of the host.

54
00:04:52,950 --> 00:05:00,060
‫Now I want to test the network connection first, so I'll ping the Google DNS 8.8.8.8.

55
00:05:00,480 --> 00:05:02,730
‫And right, that's no problem at all.

56
00:05:04,410 --> 00:05:07,390
‫You can use control C Keys to end the Pinkman.

57
00:05:07,950 --> 00:05:11,490
‫You know, not just don't use control L.

58
00:05:12,800 --> 00:05:16,970
‫OK, now I'll run the trace route with the target hosting column.

59
00:05:18,280 --> 00:05:22,060
‫The first hop is a gateway prepared by VMware for my virtual machines.

60
00:05:23,240 --> 00:05:26,870
‫And as you can see, all the other hops are blocked.

61
00:05:27,350 --> 00:05:30,500
‫We cannot trace packets from the VMM in that mode.

62
00:05:37,920 --> 00:05:41,550
‫So let's have a look at the trace, our command options once more.

63
00:05:42,600 --> 00:05:48,000
‫Here there's an option uppercase T, which sends TCP syn packets.

64
00:05:49,330 --> 00:05:52,660
‫Now I'd like to try the command once more with this option.

65
00:05:54,680 --> 00:05:57,860
‫OK, so we have the first and the last hope this time.

66
00:06:00,230 --> 00:06:03,500
‫So now I want to show you the command in a Windows system.

67
00:06:04,970 --> 00:06:07,970
‫Here is my up to date Windows eight system.

68
00:06:09,180 --> 00:06:10,200
‫It has an IP.

69
00:06:11,470 --> 00:06:12,460
‫Check the connection.

70
00:06:12,820 --> 00:06:13,260
‫Ping.

71
00:06:13,720 --> 00:06:16,450
‫And yes, the network is running good.

72
00:06:16,810 --> 00:06:17,710
‫Just where we want it.

73
00:06:18,280 --> 00:06:25,780
‫Let's look at the network details first from the network and sharing center, click Ethernet zero and

74
00:06:25,780 --> 00:06:27,130
‫then the details button.

75
00:06:27,670 --> 00:06:28,690
‫And here are the details.

76
00:06:29,660 --> 00:06:35,690
‫Default Gateway is ninety nine point two, DHP is nine nine two five four.

77
00:06:36,110 --> 00:06:41,390
‫As you know, these are the devices prepared by VMware for our NAT network.

78
00:06:42,330 --> 00:06:47,500
‫So now I go to the settings of the VMware Fusion Inn network adapter.

79
00:06:47,730 --> 00:06:51,390
‫We confirm that the VM is in that network mode.

80
00:06:52,140 --> 00:06:54,270
‫Now I'm in the command prompt.

81
00:06:54,810 --> 00:07:00,150
‫As I mentioned, the command is traceroute in Microsoft systems.

82
00:07:00,510 --> 00:07:03,270
‫So right down the target, host and press enter.

83
00:07:04,580 --> 00:07:06,470
‫So the first hop is, again, the Gateway.

84
00:07:07,930 --> 00:07:15,880
‫And just like in Cali, since this VM is also in that mode, the requests for other hops are timed out.

85
00:07:23,940 --> 00:07:27,330
‫So while the command is running, I'd like to show you the command help.

86
00:07:30,750 --> 00:07:33,570
‫So just type tracer out and hit enter.

87
00:07:34,630 --> 00:07:40,210
‫So we didn't enter the host this time, and here is a usage of the tracer command.

88
00:07:48,140 --> 00:07:54,710
‫Trace completed, and there is no result given as expected, because we're in that mode.

89
00:07:55,370 --> 00:07:57,860
‫I know you knew that, but I just wanted to make sure.

90
00:07:58,460 --> 00:08:04,940
‫So now I'm going to run my Windows VM in bridge mode and try the command once more.

91
00:08:06,540 --> 00:08:13,170
‫And once again, click the hardware settings icon on the menu bar, VMware Fusion and select network

92
00:08:13,170 --> 00:08:13,740
‫adapter.

93
00:08:14,810 --> 00:08:21,500
‫So I'm using Wi-Fi to connect to the internet right now, so I choose Wi-Fi under the bridge networking

94
00:08:21,500 --> 00:08:21,970
‫section.

95
00:08:23,490 --> 00:08:29,790
‫Now, this is the IP address assigned by the DHC Heat and subnet mask of the Network.

96
00:08:29,940 --> 00:08:31,800
‫Again is set by DHP.

97
00:08:33,160 --> 00:08:36,190
‫So will see how the DHP works.

98
00:08:36,520 --> 00:08:42,460
‫Just stay with me here, so as you see in the network and sharing center window, the active network

99
00:08:42,460 --> 00:08:45,700
‫disappeared as soon as I changed the network adapter of the VM.

100
00:08:47,130 --> 00:08:48,030
‫And a second.

101
00:08:48,300 --> 00:08:55,980
‫The new network is activated, click Ethernet zero and look at that the details button, so click on

102
00:08:55,980 --> 00:08:59,130
‫that to see the network settings and those are the new ones.

103
00:08:59,700 --> 00:09:04,320
‫So now we're in the one nine two two one six eight one two Dot X IP block.

104
00:09:05,010 --> 00:09:11,030
‫And we have a different DHCP and gateway run by the network admins of my office building.

105
00:09:12,090 --> 00:09:17,100
‫So let's go back to the command prompt and trace the route of the packets once more.

106
00:09:17,820 --> 00:09:24,330
‫So first, I want to check the network as I always do, so I'll ping the Google DNS and yes, we have

107
00:09:24,330 --> 00:09:25,200
‫the internet connection.

108
00:09:26,180 --> 00:09:28,300
‫I mean, now, is it time to trace the route?

109
00:09:33,510 --> 00:09:34,980
‫The first request is timed out.

110
00:09:35,070 --> 00:09:37,770
‫Remember the results of my host machine, right?

111
00:09:41,460 --> 00:09:43,080
‫The second request timed out as well.

112
00:09:46,160 --> 00:09:50,540
‫And here are the other hops, we now have the results.