The Mac Orchard - HomeHelpFAQALEMIAForumsDrew's Picks

Network Applications

LFT and WhoB

Home Page Release Notes License:
Open source; $0

Current Version: 2.5 (August 24, 2005) / 3.1 (May 13, 2008)

From the LFT/WhoB home page:

"LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filter based firewalls. More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? Rather than launching UDP probes in an attempt to elicit ICMP "TTL exceeded" from hosts in the path, LFT accomplishes substantively the same effect using TCP SYN or FIN probes. Then, LFT listens for "TTL exceeded" messages, TCP RST (reset), and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source and destination), which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 (IP) hops.

"WhoB is a no-frills whois client (see whois(1)) designed to provide everything a network engineer needs to know about a routed IP address by typing one line and reading one line. But even so, it's worth typing a few more lines because WhoB can do lots of other cool things for you! It can display the origin-ASN based on the global routing table at that time (according to Prefix WhoIs, RIPE NCC, or Cymru), the 'origin' ASN registered in the RADB (IRR), the netname and orgname, etc. By querying pWhoIs, WhoB can even show you all prefixes being announced by a specific Origin-ASN. WhoB performs the lookups quickly, the output is easily parsed by automated programs, and it's included as part of the Layer Four Traceroute (LFT) software package. LFT uses WhoB as a framework (and you can too, quite easily--see whois.h). Recent LFT releases (as of version 2.5) include WhoB functionality through a standalone "whob" client/command placed in the LFT binary directory."

Please note that these are command-line utilities for Mac OS X (in other words, they do not have a graphical user interface). This combo is one of only a few command-line utilities I include here on the Orchard, but those who need its functionality are likely to be comfortable with the OS X command line, making this (I hope) a non-issue.

Version 2.5 - the latest release available as an executable binary - added/changed the following:

  • Inclusive of betas 2.32 to 2.4x
  • Added -z option to pseudo-randomize source port
  • Added behavior to automatically select the most appropriate interface based on routing (this was on the most wanted list)
  • Improved OpenBSD compatibility (IP length nonzero)
  • OpenBSD is now detected by autoconf (for configuring the above)
  • Darwin is now detected by autoconf and its definition disables some BSD features to make it compatible with Mac OS X and Darwin
  • LFT now indicates it has reached the target by printing a 'T' character in the status display (if status is enabled)
  • Cleanups were made to the verbose output levels (-VVV)
  • Significantly revamped whois framework makes it easy to include whois functionality into other programs
  • Added -C and -R and -r options to force alternate ASN sources
  • Default ASN source (-A) is now Prefix WhoIs (see pwhois.org)
  • LFT now queries for ASNs in bulk format after completing a trace if pwhois (default), RIPE NCC RIS, or Cymru is selected
  • Added dst/src port autoselection based on user-supplied hostname
  • Vastly improved standalone whois client "whob" see whob.8 (whob manpage)
  • Makefile now installs 'whob' no-frills whois client (try ./whob)
  • "Smart" mode is now referred to as "Adaptive" mode (-E)

Version 3.1 - the latest release, but available only as source code - includes WhoB 2.0, and adds/changes the following:

  • New configure options: --enable-gtod Forces LFT to use gettimeofday() on each packet instead of using the BPF timestamp. This is critical on platforms that have enabled 'fastts' or that do not have high-precision BPF timestamping. --enable-universal generates binaries including both PPC and Intel architecture (for users running Mac OS X/Darwin).
  • Improved compatibility with NetBSD and Darwin/Mac OS X.
  • Added autoconf support for NetBSD.
  • Improved compatibility with older.
  • Updated autoconf bits and pieces.
  • By popular request, reversed the -g option of WhoB. WhoB now uses gigo mode by default unless -g is specified which turns ON its parser and enables the other various options.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Also See . . .

Can't find what you're looking for? Try a search:

Also, if you have an older Mac, be sure to check out the "Classic" applications page for more options.

Finally, take a look at ALEMIA if you think you know that name of an application, but aren't quite sure.

Related Links

For an interesting and objective third-party view of Apple's networking technology - from MacTCP through Open Transport and beywond - Peter Sichel's Sustainable Softworks page is unparalleled.

Also Consider . . .

These are applications that are newer and of potential interest, but which I haven't yet selected for permanent inclusion. Have a look, and let me know if you think they deserve to be part of the permanent collection!