From aldeid
Jump to: navigation, search


Tctrace comes as part of the IRPas suite of tools. Like itrace, it is kind of a traceroute but it uses TCP SYN packets to trace. This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside. In addition, using TCP SYN makes the tool very fast.


$ sudo apt-get install irpas


Basic syntax

Install tctrace via the irpass package:

$ tctrace [-vn] [-pX] [-mX] [-tX] [-DX] [-SX] -i<dev> -d<destination>

Then optionally create a symbolic link in your /pentest/ directory:

$ mkdir -p /pentest/enumeration/tctrace/
$ ln -s /usr/sbin/tctrace /pentest/enumeration/tctrace/tctrace


reverse lookup IPs
send X probes (default=3)
maximum TTL (default=30)
timeout X sec (default=3)
destination port (default=80)
source port (default=1064)
use this device
trace to this destination


Following example shows the traceroute obtained with tctrace for a given host.

$ sudo tctrace -i wlan0 -d **************.fr
 1(1)   []
 2(1)   []
 3(1)   []
 4(1)   []
 5(1)   []
 6(1)   []
 7(1)   []
 8(1)   []
 9(1)   []
10(1)   []
11(1)   []
12(1)   [84.246.***.***] (reached; open)

As compared, here are the results for the same host, tested with itrace:

$ sudo itrace -i wlan0 -d **************.fr
 1(1)   []
 2(1)   []
 3(1)   []
 4(1)   []
 5(1)   []
 6(1)   []
 7(1)   []
 8(1)   []
 9(1)   []
10(1)   []
11(1)   []
12(all) Timeout
13(all) Timeout
14(all) Timeout
15(all) Timeout
16(all) Timeout
17(all) Timeout
18(all) Timeout
19(all) Timeout
20(all) Timeout
21(all) Timeout
22(all) Timeout
23(all) Timeout
24(all) Timeout
25(all) Timeout
26(all) Timeout
27(all) Timeout
28(all) Timeout
29(all) Timeout
30(all) Timeout