Hello world!
Here we will perform Info-gathering using using Scapy tool.  That is TCP-DNS traceroute.
After following this tutorial you’ll know about:
1.What is TCP-DNS?
2. How to perform Information gathering using Scapy.
3. you’ll get graph of TCP-DNS architecture by scapy tool

DNS(Domain Name System):
DNS is a internet service that transaltes Domain names into IP address. Because domain names are alphabetic, they’re easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 194.131.34.2.

Why it is needed?
It’s very difficult to identify any websites from it’s IP address. to simplify that DNS was introduced.
DNS has it’s own Database which is used to store all the Domains of websites (Name of websites) and it has IP address of website. when we request the DNS to reslove any Domains it fetch it’s database and returns it’s IP address so that we can visit site using browser. this all work is done by our DNS reslovers.

TCP-DNS Traceroute:
DNS runs over TCP 53 Port or UDP ports if the DNS on TCP port. we can perform TCP-DNS traceroute and we can perform any attacks like DNS ZONE TRANSFER.

Scap Tool:

Scapy is a packet manipulation tool for computer networks. It can  forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery.
Download scapy from here Clone it(Git Clone)

Scapy tool comes with Kali-Linux. pre-installed.

STEP-1:
Get the IP address of the website which you’ve targeted.
do nmap scan over it to find whether the TCP 53 DNS port is open..
nmap -sS your_website_name.com
as you got the TCP-DNS port you can start with scapy.

STEP-2:
Go to terminal type scapy and hit enter it’ll start it’s application framework on terminal it self.
then type you target:
traceroute(["www.websitename.com"],maxttl=20)
maxttl specifies how much ttl you set on incoming packets
TTL means time to live on incoming and outgoing packets.
after this command you’ll get 20 IP address on your console.\

TCP-DNS Traceroute

STEP-2:
result,unans=_
result.show()

type this command as given in 2 lines
this will fetch 20 IP addresses.
which are in the route of packets going through.

STEP-3:
r1,unans=traceroute(["websitename.com"],maxttl=20)

This command gives 20 IP addresses on the way coming to your system on network.
this command queries to the DNS server to give all the IP address on the route from your destination

STEP-4:

r2=result+r1
Type this command and this will add the 2 scans which have previously done for getting whole trace-route in graph.

STEP-5:
r2.show()
r2.graph()

After this command you’ll get whole graph of the DNS server and all the incoming and outgoing paths of server and DNS.
The graph may look like this:
Final Result of TCP-DNS traceroute

Final result of TCP-DNS traceroute

Hurray you’ve done it.
by this TCP-DNS traceroute graph you can get to know the site which you have scanned. and you can get to know about parked DNS name servers of the site this will be helpful for your further attacks.