What is tunneltrace?

                               TUNNELTRACE-RS v1.0<br />                               ===================<br /><br />What is tunneltrace?<br />--------------------<br /><br />Tunneltrace is a tool used for detecting IPv6 in IPv4 tunnels. More precisely,<br />Tunneltrace can run in 2 modes:<br />Mode 1:<br />  Given two IPv4 Addresses it checks if there is a tunnel between them. If there<br />is evidence of the presence of a tunnel, tunneltrace outputs a confidence<br />value, which provides a measure of the probability that the tunnel exists, and<br />tries to determine the IPv6 addresses of the endpoints. <br />Mode 2:<br />  Tunneltrace can also determine, given an IPv6 Address, the full Path from the<br />node where tunneltrace is launched to the given address. From the Path <br />determined tunneltrace identifies the Path MTU and all the tunnels inside the path, and for<br />each tunnel found it tries to find the IPv4 addresses of the endpoints and <br />outputs a confidence value. <br /><br />Techniques used<br />---------------<br /><br />Tunneltrace uses three techniques to detect tunnels:<br /><br />1) IPv4 spoofing<br />2) DNS lookups<br />3) Queries to the 6bone registry<br /><br />Each of the above techniques has a degree of confidence. The confidence value<br />output by tunneltrace is the sum of the confidence values of each technique<br />that succeeded.<br /><br /><br />Brief description of the techniques<br />-----------------------------------<br /><br />1. IPv4 spoofing<br /><br />These are the main techniques used by tunneltrace. By encapsulating an IPv6<br />packet in an IPv4 packet having the source address of one of the tunnel<br />endpoints, tunneltrace can trick the other endpoint into treating the packet as<br />if it had come from the tunnel.<br /><br />Tunneltrace uses four spoofing techniques:<br /><br />    a) Injected Ping<br />       Encapsulated IPv6 echo request to a pingable IPv6 interface. Used to<br />       determine if there is a tunnel.<br /><br />    b) Dying Packet<br />       Similar to the above, but injects packets with a Hop Count field of 1.<br />       Used to determine the IPv6 addresses of the tunnel endpoints.<br /><br />    c) Ping Pong Packet<br />       Similar to the above, but attempts to determine the address of one<br />       endpoint if the address of the other endpoint is known.<br /><br />    d) Fragmented Injection<br />       As Injected Ping but puts the IPv6 echo request message into three IPv4 fragments<br /><br />2. DNS Lookups<br /><br />Looks for AAAA records with the endpoint hostnames, if we are running tunneltrace in <br />mode 1.<br /><br />Looks for A records with the endpoint hostnames (retreived by a reverse-lookup),if we<br />are running tunneltrace in mode 2.<br /><br />3. Queries to the 6bone registry<br /><br />Looks for a corresponding entry in the 6bone registries. Tunneltrace requires<br />a copy of the 6bone registry file to be stored locally in /etc/6bone.db or <br />in the directory where tunneltrace is installed.<br />You may download this file from ftp://whois.6bone.net/6bone/6bone.db.gz<br /><br />A detailed description of the techniques used can be found in the papers<br />available at the URL:<br /><br />http://www.dia.uniroma3.it/~compunet/tunneldiscovery/tunneling-noms.pdf<br /><br />4) Path MTU Discovery<br /><br />Tunneltrace tries to send ICMPv6 packets with the MTU of the node where it is running<br />and using Hop Limit manipulation for determining the Path (Modifing the HL field). <br />If it receives a ICMPv6 message of Packet-Too-Big, from that point on it will send<br />packets with the MTU specified in the Packet-Too-Big messagge, until it doesn't <br />receive antoher packet too big messagge, and so on. <br /><br />5) Fragmented IPv6 in IPv4 Path MTU Discovery<br /><br />If Tunneltrace finds on its Path a Tunnel, it tryes to use the outern endpoint of it as Vantage Point <br />for Path MTU Discovery , by creating an IPv6 Packet of the MTU of the source node in IPv4 Fragments<br />of 68 bytes. So to be able to do Path MTU Discovery (and PATH TRACING with Hop Limit manipulation)<br />from the Vantage Point. This repeatably for every new Vantage Point that Tunneltrace finds further<br />on in the Path.<br /><br />How confidence values are calculated<br />------------------------------------<br /><br />The Confidence value output by tunneltrace is calculated using the following<br />criteria:<br /><br />Spoofing Techniques -><br />  Injected Ping success on 1 Endpoint only  : 5 Confidence Points  <br />  Injected Ping success of both Endpoints   : 7 Confidence Points<br />  Dying Packet success on each Endpoint     : 1 Confidence point<br />  Ping Pong Packet success on one Endpoint (if Dying Packet didn't work)<br />                                            : 1 Confidence point<br /><br />If Spoofing Techniques succeeded, then -><br />  6bone registries lookup success           : 1 Confidence points<br /><br /><br />If no Spoofing Technique succeeded, then -><br />  DNS lookups success                             : 1 Confidence points<br />  6bone registries lookup success           : 4 Confidence points<br /><br /><br />Compiling tunneltrace<br />---------------------<br /><br />To compile tunneltrace, run the build.sh script in the distribution.<br />Compilation requires the C++ development libraries to be installed.<br /><br />Tunneltrace is known to compile on Linux and FreeBSD, but should also compile<br />and run on other platforms such as Solaris.<br /><br />Tunneltrace runs on both littleEndian and bigEndian machines.<br /><br />Using tunneltrace<br />-----------------<br /><br />1. Prerequisites<br /><br />Due to the use of spoofing techniques that require raw sockets, you must be<br />root to run tunneltrace.<br /><br />Some of the techniques used by tunneltrace require a reference IPv6 address.<br />This address must be globally routed or, at a minimum, reachable from the<br />tunnel endpoints. The reference IPv6 address may be specified on the command<br />line using the -h parameter or in the file /etc/tunneltrace.ip.<br /><br />As stated previously, tunneltrace also requires a 6bone registry dump in the<br />file /etc/6bone.db or in the directory where tunneltrace is installed.<br /><br />You may run multiple istances of tunneltrace in parallel, since each one recognizes its<br />own packets.<br /><br />2. Usage<br /><br />Tunneltrace's syntax is the following :<br /><br />Mode 1:<br /><br />tunneltrace [ -h reference IPv6 ] [ -v ] <source IPv4> <dest IPv4><br />    Where <source IPv4> AND <dest IPv4>: IPv4 addresses or hostnames<br /><br />Mode 2:<br /><br />tunneltrace [ -h reference IPv6 ] <dest IPv6><br />    Where <dest IPv6>: IPv6 address or hostname<br /><br />Tunneltrace exits with an error if <source IPv4> or <dest IPv4> are not valid<br />IPv4 addresses or resolvable hostnames or if the reference IPv6 is not a valid<br />IPv6 address or <dest IPv6> is not a valid IPv6 address or resolvable hostname<br />or is not reachable.<br /><br />The -v option is used for generating Parametric OUTPUT (on one line) in order to <br />see the techniques that worked in detail<br /><br /><br />Output format<br />-------------<br /><br />The output format of tunneltrace is the following:<br /><br />Mode 1:<br /><br /># tunneltrace <source IPv4> <dest IPv4><br /><br />source_host(source_IPv4) -> dest_host(dest_IPv4)<br />source_IPv6 -> dest_IPv6 ; CONFIDENCE X/10<br /><br />Mode 2:<br /><br /># tunneltrace <dest IPv6><br /><br />1         host_1(IPv6_1)  MTU<br />2         host_2(IPv6_2)  MTU <br />source_host1(source_IPv4_1) -> dest_host2(dest_IPv4_2)<br />source_IPv6_1 -> dest_IPv6_2 ; CONFIDENCE X/10<br />3         host_3(IPv6_3)  MTU<br />.<br />.<br />8         host_dest(IPv6_dest)  MTU<br />If none of the techniques worked, tunneltrace will output a confidence value of<br />zero and one or both of the IPv6 addresses will be shown as "unknown".<br /><br /><br />Credits<br />-------<br /><br />Tunneltrace was developed as part of Davide De Micco's master thesis in<br />collaboration with the Computer Networks research group at Roma Tre University.<br /><br />Contributors are:<br /><br />Davide De Micco<br />Lorenzo Colitti<br />Giuseppe Di Battista<br />Emanuele Conti<br />Maurizio Patrignani

What is tunneltrace?

Tukiyooo 0 19:15

                               TUNNELTRACE-RS v1.0                               ===================What is tunneltrace?--------------------Tunneltrace is a tool used for detecting IPv6 in IPv4 tunnels. More precisely,Tunneltrace can run in 2 modes:M… Read more »

Read more »