Network tools for exploring the internet (traceroute, whois)?

Question

I just recently discovered traceroute and whois. As a newbie discovering these tools, I feel like I can potentially learn and explore a lot just from accessing random websites. Can anyone tell me about other useful tools/information I could use to explore the internet?

I just found out about nmap and wireshark. Haven't used either yet.

Is there a limit to what I can do from using an ISP like Comcast, as opposed to open internet access? I'm assuming ISPs place some kind of restriction on what users can do.

What else can I legally do/learn for fun by using network tools?

As of right now, this prospect of exploring is very exciting to me! Any suggestions would be very welcome.

Answer 1

I'm not sure what you mean with "Open Internet Access". There is no other way to connect a client to the internet than using an ISP. The internet is a set of machines that has different tasks and your ISP provides you with DNS, DHCP, Routing and Bandwidth so you are able to connect to other endpoints. I wouldn't say ISP's "restrict" what you can do. For example you can't spoof your IP address by sending packets with another IP address, but this is by design, it has to do with how traffic are routed, not an active restriction. The router expects you to have your assigned IP address, and doesn't understand any other traffic.

Trace route and ping are using ICMP to explore the internet. Read more about ICMP on Wikipedia. ICMP is not used by some routers for security or performance reasons. NAT is also invisible to ICMP.

DNS and Domain Lookup etc is using databases that store information about host names. Also a good article on Wikipedia about DNS. Use wireshark and go to a domain you haven’t visited before to see DNS in action. Domain Lookups is useful to learn if domains looks valid for example (You wouldn't trust an internet bank with an hotmail address as its contact email.)

Nmap scans for services and non filtered ports by using different kinds of port sniffing techniques. Some hosts will automatically block you if you as port sniffing are usually used by hackers to find exploitable services. Port scanning yourself is an excellent way to test your security and find weaknesses.

Answer 2

You have discovered network diagnostic tool, well done. What legitimate things can you doing with them, well diagnose the network faults.

Illegitimate uses, find broken networks to take advantage of.

Yes, your ISP may block some forms of tools, or monitor traffic patterns they may be believe to be hacking.

Answer 3

mtr is like traceroute and ping combined into one tool; it's very handy for diagnosing network issues.

dig is a great tool for playing around with and exploring DNS.

netcat is a good tool for quickly testing out network services, and doing things like piping the output of programs or shell scripts over the network. socat is like netcat on steroids, with options for wrapping things in SSL/TLS, support for IPv6, SCTP, and various other protocols, etc.

You've already mentioned wireshark, but I'll link it here for completeness; it is a great tool for analyzing network protocols. tcpdump can also be useful for sniffing traffic, and is recommended if you expect to be in a hostile environment; because of its complexity, wireshark fairly commonly has security holes, and must be run as root since it needs raw access to the network. Thus, it generally isn't a good idea to run wireshark if you suspect you may be attacked.

nmap is also a wonderful tool, but be careful of doing any kind of scanning with it too aggressively; there are a lot of networks that have intrusion detections systems that will block you if they detect a port scan. It's generally polite to only run this against systems that you should have access to or that you have permission to scan.

curl is a good tool for testing HTTP servers, allowing you to set arbitrary headers, view headers sent from the server, download and upload files, set cookies, etc. It's a good tool for debugging HTTP problems, as well as being good for downloading files from the web (HTTP, FTP, SFTP, etc).

telnet is a venerable tool; some people use it like netcat (acting as a general tool for connecting to TCP based services and playing with them manually), though it's not ideal for that as certain control characters have special meaning so sending binary data over it doesn't work well.

Have fun exploring the network. Remember to do so responsibly; don't be looking through people's private data, and don't do large scale port scans of networks that aren't yours. Be aware that certain kinds of scanning may be frowned upon, even if for completely legitimate purposes (some people get upset over a couple of simple pings; it's somewhat frustrating for network researchers).

edit: Oh, and while you're looking, it will help to refer to the RFCs for the protocols that you're looking into. RFC 791 for IPv4 and RFC 2616 for IPv6. RFC 783 for TCP, and RFC 768 for UDP. RFC 1034 and 1035 for DNS (plus many others that expand on those), RFC 822 for the basic format that email and HTTP use for message headers, RFC 2616 for HTTP 1.1, RFC 2821 for SMTP, RFC 854 for telnet, RFC 1459 (and later 2810, 2811, 2812, and 2813) for IRC. There are many other protocols out there, and many updates to the protocols I've listed, so I recommend Googling to find out more information about all of the various protocols you'll be playing with.

Answer 4

One of the neater tools for exploring how the internet works is something called a looking-glass server, which I learned about from the book Network Warrior. Internet backbones maintain servers (usually big Cisco routers) that you can telnet into and explore the internet routing tables. See the book for more information.

For example, this server run by AT&T has a routing table with almost 300,000 paths between different networks.

$ telnet route-server.ip.att.net
Trying 12.0.1.28...
Connected to route-server.ip.att.net.
Escape character is '^]'.

...

route-server>sho ip bgp summary
BGP router identifier 12.0.1.28, local AS number 65000
BGP table version is 29153790, main routing table version 29153790
278671 network entries using 33719191 bytes of memory
5155572 path entries using 268089744 bytes of memory
295859/48964 BGP path/bestpath attribute entries using 41420260 bytes of memory
63452 BGP AS-PATH entries using 1663254 bytes of memory
162 BGP community entries using 3888 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 344896337 total bytes of memory
Dampening enabled. 1013 history paths, 747 dampened paths
BGP activity 550356/271685 prefixes, 20211607/15056035 paths, scan interval 60 s
ecs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
12.0.1.26       4  7018       0       0        0    0    0 never    Active
12.122.83.91    4  7018 1291609  125027 29153796    0    0 1w6d        69953
12.122.125.4    4  7018 2155629  247496 29153796    0    0 1w6d        69949
12.123.1.236    4  7018 4161501  125028 29153796    0    0 1w6d       278594
12.123.5.240    4  7018 4332955  125025 29153796    0    0 1w6d       278593
12.123.9.241    4  7018 3975030  125019 29153796    0    0 3w2d       278594
12.123.13.241   4  7018 7796628  125023 29153796    0    0 1w6d       278589
12.123.17.244   4  7018 4176784  125018 29153796    0    0 7w3d       278589
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
12.123.21.243   4  7018 4839720  125028 29153796    0    0 1w6d       278594
12.123.25.245   4  7018 4498424  125018 29153796    0    0 3w3d       278592
12.123.29.249   4  7018 4025618  125021 29153796    0    0 1w6d       278589
12.123.33.249   4  7018 4280002  125013 29153796    0    0 1w6d       278593
12.123.37.250   4  7018 5165492  125029 29153796    0    0 1w6d       278589
12.123.41.250   4  7018 4059934  125026 29153796    0    0 1w6d       278594
12.123.45.252   4  7018 4170029  125006 29153796    0    0 6w2d       278593
12.123.133.124  4  7018 4064370  125025 29153796    0    0 1w6d       278589
12.123.134.124  4  7018 3966381  125022 29153796    0    0 12w4d      278588
12.123.137.124  4  7018 5176767  125024 29153796    0    0 5w1d       278594
12.123.139.124  4  7018 4909971  125027 29153796    0    0 1w6d       278593
12.123.142.124  4  7018 4070518  125022 29153796    0    0 12w4d      278588
12.123.145.124  4  7018 3949319  125027 29153796    0    0 1w6d       278588
route-server>quit

Answer 5

your question sounds like you want to do some network exploits, since you didn't specify the information you are interested in learning. If you do, remember to only hack your own boxes, or you'll get in trouble, that being said check out metasploit and the phrack archives. http://www.metasploit.com/