Tracking down a hacker who’s twisting the door handles on your servers from halfway across the world is a formidable task. One way to do it is to enter the questionable address into a text-based traceroute tool, such as OS X’s Network Utility, and get a listing of all the hops on the route — then you’ll look up the network information for each node, pull out your world atlas, and start drawing lines on the map. But try this for a series of different addresses listed in your logs, and you’ll soon start to appreciate the easy and rapid information retrieval that Visualware’s visual traceroute utility, VisualRoute, makes possible.
The newest version, VisualRoute 7.0, works on Macs running OS X (10.0 and later). Available in Personal, Server, and Professional editions, VisualRoute can function as a stand-alone utility on one workstation, or you can access it via the built-in HTTP server from any workstation with a compatible Web browser.
How Does It Do That?
VisualRoute integrates three popular Internet tools — ping, whois, and traceroute — to give you rapid visual feedback. You just enter the IP address of any possible intruder listed in your firewall’s or server’s log, and VisualRoute shows you a map of the world with the route from you to the intrusion’s source. You can apply the same approach to tracking down the source of spam, and since VisualRoute can display the domain registration information for any node or network with a simple click, you’re well on your way to reporting the abuse.
You can quickly zoom in on the map by clicking on it — and you zoom out by control-clicking on it. Select the Advanced Mode option in the upper right corner of the screen to see a table of the traceroute. The table, which displays a separate line for each hop on the route between the current host and the target, shows in different columns the percentage of packet loss, the IP address, the node name, the location (city, state, and country), the time zone, the average time it takes (in milliseconds) for a ping packet to get to the offending node and back, a graph of the ping time, and the name of the node’s network.
If you have more-accurate information than VisualRoute reports, you can use the Location Database tab in VisualWare’s preferences to specify locations for specific domains or hosts. This tab — and other dialog boxes — stymied us because some windows didn’t display completely. Resizing them revealed additional controls and buttons — but you’re unlikely to find these without calling technical support.
Tracking and eliminating spam has become a popular pastime for many people, and VisualRoute’s eMailTracker (automatically invoked when you type an e-mail address in VisualRoute’s Address field) may be worth the cost of admission for antispam activists. It lets you quickly find the mail server for an account that’s been spamming you or your organization. You can then trace the path to the host and send e-mail to the source domain’s technical or administrative contacts — and hope they’re good Internet citizens that will take action to stop the spammer.
Another embedded utility, PingGrapher, allows you to track ping responses on a continual basis. The graph plots a history of response time to help you determine whether access to a particular host is inconsistent and how widely the response times vary over an extended period.
The Server Edition
You can configure VisualRoute for Web access (using any port you specify); this allows you to share the program’s functionality with anyone who has a browser. To do this, you choose VisualRoute Server from the Tools menu to start the embedded HTTP server. Then you connect to this server using a browser, and the VisualRoute Java applet will download to your workstation.
Unfortunately, we found that VisualRoute worked reliably only with Microsoft Internet Explorer 5. We had mixed results with Mozilla 1.2, Netscape 7, and Opera 6. Problems ranged from display anomalies, similar to those discussed ear-lier, to stalled execution that made the Java applet unusable with anything other than Internet Explorer.
There are several situations in which access via a browser pays off. Many enterprise networks strictly limit the types of traffic that can traverse their firewall. By placing the VisualRoute server outside your firewall, you can access the server and perform route analysis from within a secure enterprise network. You can also include specially formatted links to a VisualRoute server on an existing Web site to troubleshoot user-reported problems with site performance or connectivity. Note that users accessing the server via a Web browser cannot use VisualRoute’s eMailTracker or PingGrapher features.
Macworld’s Buying Advice
At $50 for the Personal edition, VisualRoute is a real deal. By integrating three tried-and-true analysis tools, VisualRoute saves you time and provides information in easy-to-read tabular and map formats. The server feature’s reliance on Internet Explorer is apt to disappoint people who prefer another browser, but this incompatibility should diminish as Java-applet support improves.