Traceproto was originally written for the
standard reason that quite a bit of software gets written:
frustration.  Give the nessasary proliferation of firewalls
and traffic filtering, the original traceroute is no longer
as useful as it once was.  The concept is still quite
valid, but the implimentation is predicated on the concept
that all ports on a node will be equally reachable even if
the ports are not equally open.

Traceproto uses the same idea that traceroute uses, that is
to send a series of packets to the target machine where the
time-to-live field of the ip protocol is intended to time
out before reaching the target, generating an ICMP TIME-
EXCEEDED packet from the hop that decremented the ttl to
zero.  The returning packets are caught and recorded, and
the trip time noted.

The difference comes in that traceproto sends packets based
on the protocol and destination port of the users choice.
This allows for far more troubleshooting possibilities in
a number of situations, such as when a particular protocol
is disappearing into the ether while others work properly.
In cases where multiple firewalls may be blocking traffic,
traceproto quickly lets you determine which hop is the
cause.

Traceproto assumes that the user has some understanding of
the protocols involved; users who are unfamilier with them
may find that traceproto's options or output are hard to
decipher.  Information on how the protocols function is
widely available on the internet and is recommended
reading for the traceproto user.

Traceproto currently requires both libnet (version 1.1.0
or higher!) and pcap.  See
http://www.packetfactory.net/Projects/Libnet/ for libnet
and http://www.tcpdump.org/ for pcap.  Future versions of
traceproto may avoid the need for one or the other, but
that is in the future.

Traceproto needs to use raw sockets, which typically means
root rights and setuid installation to be usable for regular
users. Under Linux, Traceproto can use libcap to shed all
the other root capabilities it does not need as soon as 
possible. See
ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/
for libcap and information on Linux capabilities.

There are several other packages that do similar things to
traceproto.  If it doesn't do what you want --  or if you
are curious -- check them out.  They're all worth taking
a look at.

http://michael.toren.net/code/tcptraceroute/
http://www.hping.org/
http://www.bitwizard.nl/mtr/
http://oppleman.com/lft/

PCAP Note:
There is a problem with the pcap library on linux -- the
timeout when waiting to capture a packet that hasn't arrived
fails so that the function waits indefinately.  The work
around for this that I developed was to break the
encapsulation of the pcap library to get at the socket
file descriptor.  This is sub-optimal for a variety of
obvious reasons.

From reading the tcptraceroute code by Michael Toren I learned
that Michael used the pcap function pcap_fileno() to access the
socket descriptor.  His solution is definately better, the
problem is that the pcap documentation says that pcap_fileno
does something completely different.  Comments about the
horrendously wrong documentation are left to the reader.
Feel free to vent your spleens -- this one deserves it.

In any case a compile option has been added to allow the
choice of which you wish to use. 
