~ Stalking Lore ~
         Petit image    Stalking
Lore
Updated in June 2006
   
some simple stalking tools
http://www.searchlores.org ~ http://www.searchlore.org ~ http://www.fravia.com


~ Some simple stalking tools ~

Introduction       Methodology
~
traceroute       lookup       Windoze's own tools       Tools you can download and use       variae
~


Introduction 

The following tools (traceroute, lookup) are web-based stalking tools that you will use whenever you need to ascertain who {owns / uses / is responsible for} a given a site. Keep in mind that it is relatively easy, nowadays, to drown your traces 1) using for registering purposes -say- a completely unrelated friend (or unsuspecting zombie) in order to bury your real traces under the sand and 2) giving anyway completely bogus information when you register a site.


Methodology 

As usual let's begin "combing" the web, i.e. finding those that have already worked a lot on this lore. Well, who may they be? Of course, first of all, the spammers! They do not want to be found, nor do they enjoy leaving many traces. So it could be useful to learn all kind of tricks used by these scumbags


Traceroute 

Traceroute are PC-based or web-based utilities that trace a packet from a computer to an Internet host, showing how many hops the packet requires to reach the host and how long each hop takes. If you're visiting a Web site and pages are appearing slowly, you can use traceroute to figure out where the longest delays are occurring.

The original traceroute is a UNIX utility, but nearly all platforms have something similar. Windows includes a traceroute utility called tracert.
In Windows, you can run tracert by selecting Start->Run, and then entering tracert followed by the domain name of the host. For example:

tracert www.fravia.com

Traceroute utilities work by sending packets with low time-to-live (TTL) fields.
The TTL value specifies how many hops the packet is allowed before it is returned. When a packet can't reach its destination because the TTL value is too low, the last host returns the packet and identifies itself.
By sending a series of packets and incrementing the TTL value with each successive packet, traceroute finds out who all the intermediary hosts are.

Related techniques: Firewalking
Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. Also, using this technique, an attacker can map routers behind a packet-filtering device.



http://network-tools.com/default.asp?prog=trace&Netnic=whois.arin.net&host=www.searchlores.org: change "www.searchlores.org" with whatever you want.


Convert Base-10 to IP
 Note: Many registrars block whois queries from network-tools due to the large volume of requests





http://www.rack66.com/trace.php: rack66 traceroute
Enter IP or Host




Whois tools 

There are many on line Whois tools: the best one seems to be:
http://www.whois.sc
that you'll call from your bookmarks while viewing the site you want to "whois". For instance: http://www.whois.sc/pookmail.com (scroll down for contact names and info)

Another good on-line tool is betterwhois







Lookup tools 

There are many on line Lookup tools: one of the best seems to be:
http://www.dnsstuff.com/

Here you'll find a bucketload of other on line tools as well.

Another very good tool is http://www.dnsreport.com/
For instance: http://www.dnsreport.com/tools/dnsreport.ch?domain=akadns.net

This is an on-line tool for reverse IP and NS lookup: http://www.domainsdb.net/


Remember that the DNS windoze xp cache stores BOTH negative (unsuccessful) and positive (successful) entries. The positive entries are those that the DNS lookup found, where you could connect to the website. Negative entries are the opposite: those where the DNS lookup failed and you could not connect to the website.
A problem can arise here because if windoze's DNS cache hold a previous negative entry while the website you want to view is now OK to view, XP will still give you a DNS error.
So first of all flush the cache: enter ipconfig /flushdns in a command prompt.
Then modify the registry to avoid the problem:
1) Block Negative Entries
To force Windows XP NOT to cache negative entries we need to add a new DWORD to the following Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\Dnscache\Parameters
DWORD: MaxNegativeCacheTtl   Value: 0
This will now ensure that no negative entries will be stored.



A note about windoze's own tools 


I am assuming here that you are using windows XP. I am not saying that you should use windows xp, in fact you should use gnulinux, I am just assuming that you are using windows xp.
If you want to work seriously with it you'll need windows xp-pro sp2 (easy to find on the web if you don't feel like throwing even more money out of the gates). And if you have it you should by all means install the complete set of support tools. Here is how you do it:
To install Windows Support Tools: 
1.	Insert the Windows XP CD-ROM in the drive.	
2.	Double-click My Computer, right-click the CD-ROM drive, and then click Explore.	
3.	Go to Support\Tools, and then double-click Setup.exe. 	
4.	When the Windows Support Wizard starts, click Next. 	
5.	Click I agree on the End User License Agreement.	
6.	Type your name and organization and click Next.	
7.	Click either the Typical or Complete installation type, and then click Next.	
8.	Verify the installation location, and then click Install.	
The Windows Support Tools are installed to the folder specified in step eight and a Windows Support 
Tools folder is added to the Program Files folder on the Start menu.

The following is a list of all Support Tools in Service Pack 2:
(For a description of these and other useful tools, please check the l33t windoz3r ad hoc section)
acldiag.exe
activate.exe
addiag.exe
adprop.dll
adsiedit.msc
apimon.exe
apmstat.exe
bindiff.exe
bitsadmin.exe
browstat.exe
cabarc.exe
clonepr.dll
depends.exe
dfsutil.exe
dhcploc.exe
diruse.exe
dmdiag.exe
dnscmd.exe
dsacls.exe
dsastat.exe
dskprobe.exe
dumpchk.exe
dupfinder.exe
efsinfo.exe
exctrlst.exe
extract.exe
filever.exe
ftonline.exe
getsid.exe
gflags.exe
httpcfg.exe
iadstools.dll
ipseccmd.exe
ksetup.exe
ktpass.exe
ldp.exe
memsnap.exe
movetree.exe
msicuu.exe
msizap.exe
netcap.exe
netdiag.exe
netdom.exe
netset.exe
nltest.exe
ntdetect.chk
ntfrsapi.dll
ntfrsutl.exe
pfmon.exe
pmon.exe
poolmon.exe
pptpclnt.exe
pptpsrv.exe
pstat.exe
pviewer.exe
rasdiag.exe
remote.exe
replmon.exe
rsdiag.exe
rsdir.exe
sdcheck.exe
search.vbs
setspn.exe
setx.exe
showaccs.exe
showperf.exe
sidhist.vbs
sidwalk.exe
sidwalk.msc
snmputilg.exe
spcheck.exe
timezone.exe
tracefmt.exe
tracelog.exe
tracepdb.exe
vfi.exe
whoami.exe
windiff.exe
wsremote.exe
xcacls.exe




Tools you can download and use 

netlab.zip ~ 228735 bytes netlab.zip
[Swiss pinging knife]
Netlab, version 1.35, by Alexander Danileiko (1997): useful tool, must have for pinging, tracerouting and port-listening...
Netlab, upon starting, contacts the time server at 198.83.19.241 through port 37



~ Stalking Lore ~
         Petit image    Stalking
Lore
Back to stalking


(c) III Millennium: [fravia+] , all rights reserved and reversed