Tag Archives: network

The Following – S01E04 – Mad Love

Screen Shot 2013-02-11 at 23.36.24

There are so many things wrong with this.

  • Once again, the window on the left is source code, because we always have source code up.  The code is unp.h from http://socketprogrammer.blogspot.com/2009/04/unix-network-programming.html
    /* OSF/1 actually disables recv() and send() in <sys/socket.h> */
    #ifdef	__osf__
    #undef	recv
    #undef	send
    #define	recv(a,b,c,d)	recvfrom(a,b,c,d,0,0)
    #define	send(a,b,c,d)	sendto(a,b,c,d,0,0)
  • North Korea does not have a gigabit uplink to the rest of the world.
  • While none of the IP addresses are (understandably) valid (all have one octet > 255), the last few hops are multicast addresses which are not traceable.  See Wikipedia – Multicast address.
  • The real command is “traceroute” (or “tracert” in Windows land) and it shows you the path from the computer you are running it on to another IP address.  You can trace back to a mail/web/ftp/etc. server (cpanengine.com if it actually existed), but not to an email address.  Some mail servers add a header line that shows the client IP, which you can trace back to.
  • If the recipient of the message was at Host A (126.55.341.66), and the sender was Host B (cpanengine.com), an investigator at Host C (shown above) cannot run a traceroute to see how Host A would talk to Host B.
  • The hop times are simply replicated, 160ms/240ms 174ms/436ms alternating.
  • The normal traceroute does not show the type of device, ie., wifi router, satellite, etc.  It is possible to determine the type of device from its MAC address, but only the next/previous hop sees the MAC address, and it is not passed along.
  • Traffic going through a satellite would be layer 1 (the satellite does not have an IP on the customer traffic side) and thus the satellite would not show up as a hop.  This article is from 2008 but still valid – Identifying undersea fibre and satellite links with traceroute.
  • Why would traffic bounce through 10 satellites?
  • traceroute does not show the local computer’s network card as the first hop.
  • Why would every window have a WiFi menu?

A real traceroute looks like this:

Screen Shot 2013-06-09 at 16.04.25

Be Sociable, Share!