astraceroute - autonomous system trace route utility
astraceroute is a small utility to retrieve path information in a traceroute
like way, but with additional geographical location information. It tracks the
route of a packet from the local host to the remote host by successively
increasing the IP's TTL field, starting from 1, in the hope that each
intermediate node will send an ICMP TIME_EXCEEDED notification back to the
local host when the TTL value is decremented to 0.
astraceroute supports IPv4 and IPv6 queries and will display country and city
information, if available, the AS number the hop belongs to, and its ISP name.
astraceroute also displays timing information and reverse DNS data.
Due to astraceroute's configurability, it is also possible to gather some more
useful information about the hop regarding what it does and does not allow to
pass through. This is done by using clear text strings for probing DPIs or
``great firewalls'' to determine if they will filter out blacklisted critical
keywords. This tool might be a good start for further in-depth analysis of
Hostname or IPv4 or IPv6 address of the remote host where the AS route should be
traced to. In the case of an IPv6 address or host, option ''-6'' must be used.
IPv4 is the default.
TCP port for the remote host to use. If not specified, the default port used is
Networking device to start the trace route from, e.g. eth0, wlan0.
IP address to bind to other than the network device's address. You must specify
-6 for an IPv6 address.
Initial TTL value to be used. This option might be useful if you are not
interested in the first n hops, but only the following ones. The default
initial TTL value is 1.
Maximum TTL value to be used. If not otherwise specified, the maximum TTL value
is 30. Thus, after this has been reached astraceroute exits.
Specifies the number of queries to be done on a particular hop. The default is 2
Tells astraceroute the probe response timeout in seconds, in other words the
maximum time astraceroute must wait for an ICMP response from the current hop.
The default is 3 seconds.
Places an ASCII cleartext string into the packet payload. Cleartext that
contains whitespace must be put into quotes (e.g.: "censor me").
Specifies the total length of the packet. Payload that does not have a cleartext
string in it is padded with random garbage.
Use IPv4 only requests. This is the default.
Use IPv6 only requests. This must be used when passing an IPv6 host as an
Tells astraceroute to not perform reverse DNS lookup for hop replies. The
reverse option is ''-N''.
The built-in geo-database update mechanism will be invoked to get Maxmind's
latest version. To configure search locations for databases, the file
/etc/netsniff-ng/geoip.conf contains possible addresses. Thus, to save
bandwidth or for mirroring Maxmind's databases (to bypass their traffic limit
policy), different hosts or IP addresses can be placed into geoip.conf,
separated by a newline.
Also show latitude and longitude of hops.
Tells astraceroute to perform reverse DNS lookup for hop replies. The reverse
option is ''-n''.
Use TCP's SYN flag for the request.
Use TCP's ACK flag for the request.
Use TCP's FIN flag for the request.
Use TCP's PSH flag for the request.
Use TCP's URG flag for the request.
Use TCP's RST flag for the request.
Use TCP's ECN flag for the request.
Explicitly specify IP's TOS.
Set IP's no fragmentation flag.
Show and dissect the returned packet.
Show version information and exit.
Show user help and exit.
This sends out a TCP SYN probe via the ''eth0'' networking device to the remote
IPv4 host netsniff-ng.org. This request is most likely to pass. Also, tell
astraceroute to perform reverse DNS lookups for each hop.
In this example, a TCP SYN/ECN probe for the IPv6 host www.6bone.net is being
performed. Also in this case, the ''eth0'' device is being used as well as a
reverse DNS lookup for each hop.
Here, we send out a TCP FIN probe to the remote host netsniff-ng.org. Again, on
each hop a reverse DNS lookup is being done and the queries are transmitted
from ''eth0''. IPv4 is used.
As in most other examples, we perform a trace route to IPv4 host netsniff-ng.org
and do a TCP Xmas probe this time.
In this example, we have a Null probe to the remote host netsniff-ng.org, port
80 (default) and this time, we append the cleartext string
"censor-me" into the packet payload to test if a firewall or DPI
will let this string pass. Such a trace could be done once without, and once
with, a blacklisted string to gather possible information about censorship.
If a TCP-based probe fails after a number of retries, astraceroute will
automatically fall back to ICMP-based probes to pass through firewalls and
routers used in load balancing for example.
To gather more information about astraceroute's displayed AS numbers, see e.g.:
The geographical locations are estimated with the help of Maxmind's GeoIP
database and can differ from the real physical location. To decrease the
possible errors, update the database regularly using astraceroute's --update
At some point in time, we need a similar approach to gather more reliable path
information such as in the paris-traceroute tool.
Due to the generic nature of astraceroute, it currently has a built-in mechanism
to stop the trace after a fixed number of hops, since the configurable TCP
flags can have anything included. It is possible to decrease this number of
course. In the future, if a SYN probe is sent out, there should be a listener
so that we can stop the trace if we detect a handshake in progress.
astraceroute is licensed under the GNU GPL version 2.0.
was originally written for the netsniff-ng toolkit by Daniel
Borkmann. It is currently maintained by Tobias Klauser
<firstname.lastname@example.org> and Daniel Borkmann
Manpage was written by Daniel Borkmann.
This page is part of the Linux netsniff-ng toolkit project. A description of the
project, and information about reporting bugs, can be found at