stefan k has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks,

I sitting here behind a very restricted firewall and can't traceroute outside. Now I'd like to have a CGI script do that for me on some webserver. Unfortunately (as my research on every single executable within $ENV{'PATH'} up there showed) there is no traceroute installed at that site. Thus I'm in need of a Perl-intern possibility (just like gethostbyaddr can replace nslookup in a way).
Any Help or Tip really apprecitated!
Regards
Stefan K 
$dom = "skamphausen.de";   ##   May The Open Source Be With You!
$Mail = "mail@$dom;  $Url = "http://www.$dom";

[download]

Replies are listed 'Best First'.
Re: traceroute without shell
by lhoward (Vicar) on Jan 24, 2001 at 17:40 UTC
    Since you specified "on some webserver" and not necessarily "on my webserver" how about using LWP to hit someone elses web-based traceroute tool? Something like tracert.com or traceroute gateway.
[reply]
      That's (almost) exactly what I want :-) (It would be nice to have another source but ...hey!)
      Definetly worth a ++-vote ;-)
      Regards
      Stefan K
      $dom = "skamphausen.de";   ##   May The Open Source Be With You!
$Mail = "mail@$dom;  $Url = "http://www.$dom";

      [download]
[reply]
[d/l]
Re: traceroute without shell
by Corion (Patriarch) on Jan 24, 2001 at 15:43 UTC

    From what I've gathered on ping and traceroute, both use ICMP IP packets with an unlimited (in the case of ping) respective limited (in the case of traceroute) Time To Live (TTL). As only real OSes give you access to ICMP as a normal user, you've got the same problems within Perl as you've got within the shell. You could try to locate traceroute, but I guess that it is located in /usr/sbin and that it is not suid, so you won't be able to use the ICMP protocol.

[reply]
      Contrary to what most people think, traceroute actually (by default at least) sends UDP packets to high-numbered ports, not ICMP. The ICMP responses along the way is how it figures out the route, but it doesn't have to send these.

      However, the UDP packets are somewhat mangled in order to get the proper TTL values (as you indicate), so root/administrative privileges are still required.

[reply]
      I tried to locate traceroute, but it isn't there, not even in /usr/sbin
      Don't ask me why ...
      Regards
      Stefan K
      $dom = "skamphausen.de";   ##   May The Open Source Be With You!
$Mail = "mail@$dom;  $Url = "http://www.$dom";

      [download]
[reply]
[d/l]
      As you correctly remark, sometimes programs can be set setuid, allowing its usage by non privileged users also in ideal OSes :)

      Flavio
      perl -ple'$_=reverse' <<<ti.xittelop@oivalf

      Don't fool yourself.
[reply]
[d/l]
Re: traceroute without shell
by arhuman (Vicar) on Jan 24, 2001 at 16:15 UTC
    Why re-invent the wheel ?
    (Beccause TIMTOWTDI !)

    Anyway if you can install perl modules on the site, Net::Traceroute could be an easy way..

[reply]
      According to the docs, that module just parses system traceroute output. So, it's no use.

      Jeroen
      "We are not alone"(FZ)

[reply]
[reply]
Re: traceroute without shell
by Anonymous Monk on Jan 24, 2001 at 23:34 UTC
    If you have access to ping you might be okay. Depending on the version you have installed you can replicate traceroute manually by setting the TTL (time to live) of the ICMP packets. This is exactly what traceroute does.

    The command:
    ping -t 1 www.google.com 1

    Does a ping with the TTL set to 1 (the -t option). The 1 following the host is the number of times to attempt to connect. So this sends out one packet with the TTL set to 1. The first host that this hits decrements the TTL and checks that it is > 0. If the TTL is not > 0 then it sends an ICMP packet back to the sender telling it that the it is undeliverable since there were too many hops. Next you send another packet with a TTL of 2 and see which host refused it. Keep doing this until you hit the target (or send some maximum number of packets to prevent looping forever) and you will have some path through the network.

    My output on Solaris 2.7 looks like:

    ICMP Time exceeded in transit from pos5-0-2488m.cr1.snv3.GBLX.net (64.
+211.147.14)
 for icmp from bbsun (216.91.233.128) to www-su.GOOGLE.com (64.208.32.
+100)
no answer from google.lb.google.com

    [download]

    And on Linux 2.2:

    PING google.lb.google.com (64.208.32.100) from 208.176.85.42 : 56(84) 
+bytes of data.
From 208.176.85.41: Time to live exceeded

--- google.lb.google.com ping statistics ---
1 packets transmitted, 0 packets received, +1 errors, 100% packet loss

    [download]

    So you will have to parse the response for your machine (also the arguments are different).

    Unfortunately the Net::Ping module does not support setting the TTL. But if it did you would need to be root to send ICMP packets. And if you have root access you may as well compile traceroute for that machine :-)

    -ben

[reply]
[d/l]
[select]
      Hi,
      this is a nice piece of knowledge. Thx for that. As a matter of fact this firewall is _very_ restrictive and doesn't allow ping, too.
      Regards
      Stefan K 
      $dom = "skamphausen.de";   ##   May The Open Source Be With You!
$Mail = "mail@$dom;  $Url = "http://www.$dom";

      [download]
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom