|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
|
|
|
|
<pkgmetadata>
|
|
|
|
<maintainer type="project">
|
|
|
|
<email>netmon@gentoo.org</email>
|
|
|
|
<name>Gentoo network monitoring and analysis project</name>
|
|
|
|
</maintainer>
|
|
|
|
<longdescription>
|
|
|
|
(Note that version 3.80 is really 3.8, but released after 3.79.)
|
|
|
|
|
|
|
|
LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often
|
|
|
|
works much faster (than the commonly-used Van Jacobson method) and goes through
|
|
|
|
many configurations of packet-filters (firewalls). More importantly, LFT
|
|
|
|
implements numerous other features including AS number lookups through several
|
|
|
|
reliable sources, loose source routing, netblock name lookups, et al. What
|
|
|
|
makes LFT unique? LFT is the all-in-one traceroute tool because it can launch a
|
|
|
|
variety of different probes using ICMP, UDP, and TCP protocols, or the RFC1393
|
|
|
|
trace method. For example, rather than only launching UDP probes in an attempt
|
|
|
|
to elicit ICMP "TTL exceeded" from hosts in the path, LFT can send TCP SYN or
|
|
|
|
FIN probes to target arbitrary services. Then, LFT listens for "TTL exceeded"
|
|
|
|
messages, TCP RST (reset), and various other interesting heuristics from
|
|
|
|
firewalls or other gateways in the path. LFT also distinguishes between
|
|
|
|
TCP-based protocols (source and destination), which make its statistics
|
|
|
|
slightly more realistic, and gives a savvy user the ability to trace protocol
|
|
|
|
routes, not just layer-3 (IP) hops. With LFT's verbose output, much can be
|
|
|
|
discovered about a target network.
|
|
|
|
|
|
|
|
WhoB is a likable whois client (see whois(1)) designed to provide everything a
|
|
|
|
network engineer needs to know about a routed IP address by typing one line and
|
|
|
|
reading one line. But even so, it's worth typing a few more lines because WhoB
|
|
|
|
can do lots of other cool things for you! It can display the origin-ASN based
|
|
|
|
on the global routing table at that time (according to Prefix WhoIs, RIPE NCC,
|
|
|
|
or Cymru), the 'origin' ASN registered in the RADB (IRR), the netname and
|
|
|
|
orgname, etc. By querying pWhoIs, WhoB can even show you all prefixes being
|
|
|
|
announced by a specific Origin-ASN. WhoB performs the lookups quickly, the
|
|
|
|
output is easily parsed by automated programs, and it's included as part of the
|
|
|
|
Layer Four Traceroute (LFT) software package. LFT uses WhoB as a framework (and
|
|
|
|
you can too, quite easily--see whois.h). Recent LFT releases (as of version
|
|
|
|
2.5) include WhoB functionality through a standalone "whob" client/command
|
|
|
|
placed in the LFT binary directory.
|
|
|
|
|
|
|
|
LFT and WhoB continue to evolve and provide more and more useful data to
|
|
|
|
network engineers and to anyone else that cares how IP datagrams are being
|
|
|
|
routed. With the advent of smarter firewalls, traffic engineering, QoS, and
|
|
|
|
per-protocol packet forwarding, LFT and WhoB have become invaluable tools for
|
|
|
|
many network managers worldwide.
|
|
|
|
</longdescription>
|
|
|
|
</pkgmetadata>
|