Information Technology Reference
In-Depth Information
from the employees (coombs 2008). After gathering the information one should document
the important aspects of it. Mostly people dislike the paperwork, but no one can ignore the
importance of it. To get a good start one should keep the profile of a target.
The network range determination
After gathering the initial information like server names and some IP
addresses the very next step is to determine the network range for scanning. If you put the
IP address of web server obtained earlier and enters this value in the field whois lookup at
web site Arin.net (2011), the range of the IP addresses can be determined. This will provide
almost all the addresses in that network. If this information is not satisfactory and we want
some more information then we can use trace route utility. This utility is used to find the
path of a target host. Trace route is available for both windows and UNIX operating sys-
tems. In windows platform. This utility known as tracert. Trace route is being use to view
the path of packet from source to destination. Trace route performs it functionality with the
support of IP header TTL (time to live) field. TTL works as a decrementing counter. The
working of TTL field is briefly explained by (Gregg 2006) as whenever a data gram passes
a hop TTL value is reduced by one .If the value of the TTL is reached to zero, the datagram
is discarded and an ICMP message is generated to inform the source about the activity. To
get a better idea how trace route works let's consider an example in windows platform.
Suppose the target host resides three hops away. First the windows would transmit a packet
with a TTL of 1. When it will reach the first router the value of the TTL would be decre-
mented and will become 0. The message will be generated that this packet has not reached
to the destination host and the IP address of the device where the datagram timeout oc-
curred will be displayed. On receiving this message windows would increase the TTL value
to 2. This datagram will travel through the first router where its value will de decremented
to 1. Then it will pass through the second router where its value would be decremented to 0
and the packet expires. The router will generate the transit error message along with the IP
address of the device where this event took place. This message would be displayed on the
source computer. This process will continue until it reaches the final destination. When it
reaches the final destination the normal ICMP ping response will be issued. In this way the
IP address of the intermediate devices between source and destination can be determined.
There are also other tools available to determine the path information such as Neo Trace
and Visual Route .
Active machine identification
After knowing the network range the next step is to identify the active machine in that
particular network. To identify the active machines the hackers can use a technique called
