traceroute not wroking

[vikerneso]

Hi,

I am connected to a school PC through ssh and I need to do a traceroute to a site... The problem is that when I do traceroute google.com (or any other site) I get something like this:

Code:

traceroute: Warning: google.com has multiple addresses; using 72.14.207.99
traceroute to google.com (72.14.207.99), 30 hops max, 52 byte packets
traceroute: sendto: Operation not permitted
 1 traceroute: wrote google.com 52 chars, ret=-1
 *traceroute: sendto: Operation not permitted
traceroute: wrote google.com 52 chars, ret=-1

And it goes on like this. I did some search and found out that I need to change the rules in IPTABLES or something (noob here). Whatever I tried with iptables it says this:

Code:

iptables v1.3.6: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Obviously I can't do anything about this and I'm supposed to do a traceroute and it supposedly should work.

Can anyone help me out?

[Kieren]

You wont be able to modify iptables unless you have root access to the PC. Since this is a school PC I don't think you will have?

[julesh]

traceroute, also, requires root to work. It is usually installed setuid root, but your school may have decided not to do this for security reasons (I recall my old university killed the setuid bit on 'ping' due to security concerns at one point).

[vikerneso]

Yeah, I know I can't modify iptables. But is there another way to do a traceroute without being root (or modifying iptables)?

This is an assignment I was given, and it's supposed to be doable.

[julesh]

I think the suggestion that you need to change your iptables setup is wrong. If you had a firewall rule preventing you sending traceroute packets, you wouldn't get an error message like you are; instead you'd see a lot of lines like:

1 * * *
2 * * *
3 * * *

etc. Traceroute depends on sending ICMP packets, which can only be done by root. Usually, the traceroute program is installed setuid root. I'd suggest asking your local system administrator why it hasn't been done this way, and if it can be switched back.

[Lazydog]

Yeah, I know I can't modify iptables. But is there another way to do a traceroute without being root (or modifying iptables)?

This is an assignment I was given, and it's supposed to be doable.

If this is an assignment from school then please go back to the person who assigned this to you and have them explain how you should proceed.

I am thinking that this is part of the lesson to figure out why it is not working and what would be the fix.

I see too many students too lazy to do their homework and want answers handed o them.