Route mapping was originally used as a diagnostic tool that allows you to view the route that an IP packet follows from one host to the next. Using the Time To Live (TTL) field in an IP packet, each hop from one point to the next elicits an ICMPTIME_EXCEEDED message from the receiving router, decrementing the value in the TTL field by 1. The packets count the number of hops and the route taken.
From an attacker's or penetration tester's perspective, the traceroute data yields the following important data:
- The exact path between the attacker and the target
- Hints pertaining to the network's external topology
- Identification of accessing control devices (firewalls and packet-filtering routers) that may be filtering ...