How Traceroute Works (Building a Movie Scene 'Trace' Map) - Computerphile

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you've seen some some uh hacker moves in the 90s quite often included a certain scene where you'd have a lovely super villain style map of the world and somebody would say something like oh my goodness the police are intercepting the call and you see a lovely map and you see a little line working its way across the map what i would try and do is use some uh standard unix tools traceroute which uh a lot of people who've done system administration be very very familiar with i thought i'd hack up a bit of python and see what we can see see if we can get something that looks a little bit like that classic hacker movie scene we're going to auckland university in new zealand and now we can get up our result and we can see it's hopping from the uk oh to america over to the west coast america and then a massive transoceanic cable all the way into the ocean winding up in new zealand i'd like to talk about the traceroute command and uh is it as it sounds traces a route yeah but actually there's quite a quite beautiful little hack here it's quite a nice um nice way that it's working so i'd like to explain that show a few examples and sure you can be a little bit of a tourist using traceroute you can learn a bit about how the network is working this is the network the internet right the internet of course yes it works for the whole internet with some caveats which i'll explain so in theory we can find the route from anywhere that we've got access to a computer to anywhere else in theory let me draw a few routers or routers if you're an american and let's imagine i'm sitting here this is my laptop some server up here and there's some kind of network connecting all of these things and we want to be able to answer the question which way is the traffic really going before we learn about traceroute there's another command we need to think about and that's ping pings a lovely little utility that you use just to test if something's alive if a bit of network hardware is connected to the network written in 1983 it sends out an internet control message and the message is icmp echo request it asks a computer or a router to send back a message saying i'm live i'm working okay so if we want to check if a particular computer is working we send out that ping icmp echo request and if it is working that computer sends back icmp echo reply and the ping command gets that back and you know that you've got a connection to our computer now what we want to know now not just that this machine here is working and responding to pings but we also want to know the route now this wasn't actually designed into the internet this ability it was hacked in later something we need to know about here is what's called time to live every internet protocol packet when it's created is set up with this flag time to live it's as if they've all got a doomsday clock on them um we've got a little counter every time the packet goes through a router that time to live counter decrements by one so and there's a very good reason for that because if your network is misconfigured you can get what we call a routing loop so imagine somehow we'd messed up our configuration and traffic that was meant to go to this red router here ends up going around in a circle and that can happen now once that starts to happen the traffic's just going to carry on going around in that loop you've got big problem because that's going to fill up your network so they made this little design choice to have the time to live counter and when that reaches zero they just go this packet's stuck it's expired we're going to throw it away and this allows a really neat trick so this was created by van jacobson one of the great creators of the internet he's one of the men who made the internet work and helped in the fundamental design of transmission control protocol but also this is of just a brilliant contribution because he realized that this time to live counter could be exploited normally you'd set it very high so that the only reason it would expire is if your packet was stuck in one of these routing loops but if you cheat a bit if you set that route that time to live very very low you can set it to one so my packet sets off from here gets here the time to live was one and the packet is expired the router then must send back a ttl expired message which you can get back to your computer and now you've got a message from this first hop go again set the time to lift to two it decrements to one decrements again and now you're going to get ttl expired from this route here you're going to find out what your second hop is time to lift three get a message from this one time to live four you get a message from this one and by sending subsequent packets with different time to lives you can find out every hob on your journey very neat that's cool it's very cool there's a little catch because actually you're not really getting a root these are different packets so if you play with this command enough sometimes you'll see that in between this packet being sent and this packet being sent maybe the roots have changed sometimes changed so sometimes you get something where the second hop is here but then the third hop is also here because the route originally was like that and the route was switched to be like that and the route was changed halfway through your probe but it's it's a lovely little hack that can tell you the way packets find the way through a network what i thought i'd try and do is get a little bit of python together to sort of try and capture that that thing of uh the packets leaping across the map of the world so let's first let's just have a look at a basic ping command which i'm sure most of you see before so i'm going to use universe there's a very good reason i'm using universities we don't always have a huge budget so we we tend to have our web server being one machine somewhere in iraq um other companies big companies like google they're doing something a little more sophisticated so if i ping my university queen mary university we're gonna get ping back but we can also trace through to it so this is a traceroute going from my flat in south london well from my isp down to queen mary university and we can see in the middle here it's going through janna the giant academic network a little thing that's happened here it's going to the stars that means some network administrator in the intervening path is blocking our packets now there's a number of reasons that administrators decide i don't want these ping packets i don't want these tracery packets on my network there used to be an attack called a smurf attack where people used ping to to cause all kinds of network disruption but also you might decide you know what you don't want external people to know what your interior network wiring looks like so we when we get to these stars that means the administrator there has taken the decision to block my internet control message protocol my uh requests to see inside their network we'll try a nice long tray suit and we think sydney university is a good long way away so we might see something interesting each of these lines is one hop of the journey but there's actually each hop of the journey we've got three packets so we get three estimates of the round trip time so here we can see it's jumped from 52 milliseconds response to 250 milliseconds response so we can infer that between hot 11 and hop 15 here it's probably gone across an ocean and maybe here between hop where it's 250 at hops 17 and here probably it's gone across another ocean there so we're getting eventually 360. well i discovered something quite nice here if i actually go for the web server so i go to the www.sydney.edu.edu we'll see a little bit of a different story it stops a lot earlier it stops here at this akamai technologies i don't know if you know the company akamai is that like a local copy or something yes exactly that yeah brilliant yeah that's exactly what it is a lot of people don't know about them but these companies like akamai and limelight content cdn content distribution content delivery networks most of the traffic you get off the internet if you're going to youtube netflix whatever you aren't going to a single server somewhere in america you're going to the local copy they've mirrored and sydney university has quite sensibly decided you know what we're in australia we're a long way from a lot of people are trying to access our website we'll pay these people a bit of money and they'll they'll put a copy closer so that's quite an interesting thing we can see but the other thing i thought i'd do is to um turn this into that scene we sometimes see in the hacker movies or a little bit so let's look over here at some point we can do what we call ipg geolocation doesn't always work what we try and do is take an ip address and work out where it is in the world so here's a little bit of python code that takes a string that's an internet protocol address i'm using version 4 because i'm old-fashioned and i'm kind of used to that but this is taking that string sending out to this particular company getting back a response and we can pass out of that response that company gives us a latitude and a longitude now there's no mechanism in the internet that allows that all they've done is they've got a database and they're saying who owns that ip address so it's not always perfectly accurate you get some funny things coming up like if the only thing they know is that that company is in america it will return the latitude and longitude the center yeah the very geographical dead center of america that has some really peculiar effects uh people who think they know a little bit more than they actually know they go who's the ip address that's annoyed me i'll find the latitude longitude and show up there people who live in that middle address in america that's in the very middle of america sometimes find random strangers showing up at their house annoyed with them because they think some company lives there or they think somebody's trying to hack them from there sorry to those people living in that home yeah it's actually is really unfortunate for them because until ipg location was a thing it was just some address in america but now it's the very middle of america can work out very unhappily for them so this is the bit of code anyway that takes this string i p address sends out a request gets some jason back passes that jason and gets me a latin long and i've got some base error checking this is not brilliant code i hacked it together in an hour a couple of nights ago now the other thing i need to do is send out a traceroute command so here's a python sending out a traceroute to some ip address that i'm going to pass in from the command line i'm going to use some basic map plotting and i'm going to pass through the individual lines of my command line output split out the ip address on this line here do some basic passing to see if it's one of those stars or an error line and if i have a new latitude and longitude and if i've got some previous latitude and longitude i'm going to draw a great circle line so i'm just calling a library routine here to do it and plot that on the map so let's have a look at that working to somewhere interesting so if we go to the sydney dot edu dot ayu you'll take a little bit of time to go through the traceroute command and we'll see it's working there sending out those sequences of three packets and now it's going to pop up the map of the world and we can see more or less where it's going so there's one big great circle hop from london i suspect i'm not sure i suspect that that is that is that middle of america address i told you about that's definitely not new york is it no no no that's not new i suspect that all it knows about the server there is it's in america and that's the middle we've got a hop out to the west coast there looks like it's somewhere in california and then bang all the way down to australia i think we can also say look kink there as it comes in on the coast there and then makes its way down to sydney for the final bit can we try somewhere random somewhere different uct cape town today okay cape town very nice place yeah so now we're doing our route to cape town south africa i have no idea what this one will actually look like okay it's going by the way i'm always doing the web server because i i suspect that the web server will be a single machine on that oh well that's not as interesting as i uh we can't see too much i don't think that's a full great circle i think there's a there's a sort of central hop there if we hop over to tokyo so let's try and get us over to the university of tokyo which is in japan and again it's going to pop up the route we can see when we get a big jump from 27 to 100 that's it jumping over an ocean that's jumping over another one so it's interesting to me that it tends to go westly is that because of america being a powerhouse in the internet you can also find that sometimes different places even with their country will swap around and i have seen this i'm not going to run it until it does but i have seen this swap round and and at another time of day it will take the eastbound route blue cost of one and nothing else because we haven't yet switched on green so now our black is switched on blue direction the signal is moving in so the speed of those pulses tell us the rate we know which direction it is because we know which roller is coming from and we can look [MANUAL PUBLISH]

Info

Channel: Computerphile

Views: 116,888

Rating: 4.9660902 out of 5

Keywords: computers, computerphile, computer, science, network, programming, python, tracer, traceroute, networking, RichardGClegg, Ping, Map

Id: 75yKT3OuE44

Channel Id: undefined

Length: 15min 32sec (932 seconds)

Published: Fri Jan 29 2021