firewalk
HackingPenTest Tools

Guide to Using Firewalk for Firewall Analysis

Posted on

Firewalk is a tool used for determining whether a given packet can pass through a firewall or packet filtering device by analyzing TTL (Time to Live) values of ICMP Time Exceeded messages. Below is a guide on how to use Firewalk:

1. Install Firewalk:

  • Download: Firewalk is available from its GitHub repository. Clone or download the repository to your local machine.
  • Compile: After downloading the source code, compile Firewalk using the provided instructions.

2. Prepare Target Network:

  • Identify Target Network: Determine the IP range or specific target IP address that you want to analyze with Firewalk.

3. Run Firewalk:

  • Basic Usage:
  firewalk -p <protocol> <target_IP_range>

Replace <protocol> with the protocol you want to analyze (e.g., TCP, UDP) and <target_IP_range> with the IP range of the target network.

  • Advanced Options:
  • -S <source_IP>: Specify the source IP address for Firewalk.
  • -n <hop_count>: Specify the maximum number of hops to analyze.
  • -e <start_port>-<end_port>: Specify the range of ports to analyze.
  • -T <timeout>: Set the timeout value for each probe.
  • -F <firewall_IP>: Specify the IP address of the firewall to analyze.

4. Analyze Results:

  • Review Output: Firewalk will display the TTL values of ICMP Time Exceeded messages received from each hop.
  • Interpret Results: Analyze the TTL values to determine whether packets for the specified protocol are allowed through the firewall or packet filtering device.

Tips and Considerations:

  • Protocol Selection: Choose the appropriate protocol (TCP or UDP) based on the services you want to analyze.
  • Firewall Identification: If the target network contains multiple firewalls, specify the IP address of the specific firewall you want to analyze using the -F option.
  • Hop Count: Adjust the maximum hop count (-n option) based on the network topology and distance to the target network.
  • Timeout: Set an appropriate timeout value (-T option) to balance between the accuracy of results and the time taken to complete the analysis.
  • Authorization: Obtain proper authorization before running Firewalk, as scanning networks without permission may be illegal or violate network policies.

By following this guide, you can effectively use Firewalk for firewall analysis to determine whether packets for a specific protocol can pass through a firewall or packet filtering device. Always use such tools responsibly and ethically, and ensure compliance with applicable laws and regulations.