tctrace
Discussion:
From http://phenoelit-us.org/irpas/docu.html#tctrace:
TCtrace is like itrace a traceroute(1) brother – but it uses TCP SYN packets to trace. This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside.
Notice that qualification: You have to know at least one TCP service running on the host. There are, of course, numerous ways to discover this, for instance using DNS records (on the internet) or a simple NET SHOW.
Stage:
Information Gathering
Home Page:
http://phenoelit-us.org/irpas/docu.html#tctrace
Tutorial:
From http://phenoelit-us.org/irpas/docu.html#tctrace:
Usage: ./tctrace -i eth0 -d www.phenoelit.de
-v verbose
-n reverse lookup answering IPs (slow!)
-p x send x probes per hop (default=3)
-m x set TTL max to x (default=30)
-t x timout after x seconds (default=3)
-D x Destination port x (default=80)
-S x Source port x (default=1064)
-i interface the normal eth0 stuff
-d destination Name or IP of destination