Traceroute: Difference between revisions
No edit summary |
m hop count -> hop limit |
||
(6 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
Traceroute is a program to trace the routers between two computers on the [[Internet]]. The original program was written by Van Jacobson. It uses raw [[socket]]s to output and receive [[UDP]] and [[ICMP]] packets. It is prone to faulty data and should not be trusted completely. | Traceroute is a program to trace the routers between two computers on the [[Internet]]. The original program was written by Van Jacobson. It uses raw [[socket]]s to output and receive [[UDP]] and [[ICMP]] packets. It is prone to faulty data and should not be trusted completely. | ||
In detail and in the default mode traceroute outputs [[UDP]] packets on a high [[UDP]] [[port]] (starting at 32768 + 666) and incrementing the port number by one per packet sent. The packet includes a timestamp (obscured in [[OpenBSD]]) and the [[IP]] Time-to-live starts at 1 and increments by one every three packets. At each router that the packets reach with the Time-to-live of 1 | In Windows: | ||
Start - Run -> Command | |||
and the in the terminal you can use "tracert" which is close as you'll get to equivalent. | |||
In detail and in the default mode traceroute outputs [[UDP]] packets on a high [[UDP]] [[ports|port]] (starting at 32768 + 666) and incrementing the port number by one per packet sent. The packet includes a timestamp (obscured in [[OpenBSD]]) and the [[IP]] Time-to-live starts at 1 and increments by one every three packets. At each router that the packets reach with the Time-to-live of 1 an [[ICMP]] Time Exceeded (type 11) message is sent back (see [[RFC]] 791 page 6). | |||
Another mode for traceroute is to use the [[ICMP]] protocol instead of the [[UDP]] packets. The [[ICMP]] type used is 8 (ECHO REQUEST) (see [[ping]]). In ICMP mode no ports are used since the protocol does not support it. | Another mode for traceroute is to use the [[ICMP]] protocol instead of the [[UDP]] packets. The [[ICMP]] type used is 8 (ECHO REQUEST) (see [[ping]]). In ICMP mode no ports are used since the protocol does not support it. | ||
Line 20: | Line 24: | ||
... | ... | ||
Routers which [[firewall]] traceroute packets (either by protocol or by Time-to-live) appear as a *. In [[FreeBSD]] a STEALTH mode can be turned on which prevents a forwarded | Routers which [[firewall]] traceroute packets (either by protocol or by Time-to-live) appear as a *. In [[FreeBSD]] a STEALTH mode can be turned on which prevents a forwarded packets TTL to be decremented by one causing no [[ICMP]] Time Exceeded message to be sent causing the computer to be omitted in a traceroute. | ||
[http://www.bitwizard.nl/mtr/ mtr] combines the functionality of the traceroute and ping programs in a single network diagnostic tool. There are also several GUI versions of traceroute available that will include the geographic position of each host (although the accuracy of that feature is questionable). | [http://www.bitwizard.nl/mtr/ mtr] combines the functionality of the traceroute and ping programs in a single network diagnostic tool. There are also several GUI versions of traceroute available that will include the geographic position of each host (although the accuracy of that feature is questionable). | ||
In [[IPv6]] the BSD traceroute the concept is exactly the same, with the [[UDP]] port numbers, as the IPv4 implementation. The main difference is that the protocol uses a 'hop limit' instead of a time to live (ttl). A sample traceroute6 looks like this: | |||
margaret$ traceroute6 ipv6.google.com | |||
traceroute6 to ipv6.l.google.com (2001:4860:a003::68) from 2001:a60:f074::2, 64 | |||
hops max, 12 byte packets | |||
1 * uranus 0.392 ms 0.214 ms | |||
2 gw-154.muc-02.de.sixxs.net 63.686 ms 44.845 ms 44.629 ms | |||
3 2001:a60:0:30::1 45.105 ms 45.199 ms 45.668 ms | |||
4 2001:4860::23 67.845 ms 54.864 ms 55.502 ms | |||
5 2001:4860:a003::68 52.851 ms 54.862 ms 54.491 ms |
Latest revision as of 08:52, 1 April 2009
Traceroute is a program to trace the routers between two computers on the Internet. The original program was written by Van Jacobson. It uses raw sockets to output and receive UDP and ICMP packets. It is prone to faulty data and should not be trusted completely.
In Windows: Start - Run -> Command and the in the terminal you can use "tracert" which is close as you'll get to equivalent.
In detail and in the default mode traceroute outputs UDP packets on a high UDP port (starting at 32768 + 666) and incrementing the port number by one per packet sent. The packet includes a timestamp (obscured in OpenBSD) and the IP Time-to-live starts at 1 and increments by one every three packets. At each router that the packets reach with the Time-to-live of 1 an ICMP Time Exceeded (type 11) message is sent back (see RFC 791 page 6).
Another mode for traceroute is to use the ICMP protocol instead of the UDP packets. The ICMP type used is 8 (ECHO REQUEST) (see ping). In ICMP mode no ports are used since the protocol does not support it.
A sample traceroute:
$ traceroute www.yashy.com traceroute to mail.yashy.com (206.248.137.44), 64 hops max, 40 byte packets 1 * * * 2 ae2-200.ffm4-j.mcbone.net (62.104.198.228) 46.601 ms 46.218 ms 47.653 ms 3 t2a4-p8-2.de-fra.eu.bt.net (166.49.147.169) 46.621 ms 45.928 ms 46.692 ms 4 t2c2-ge6-0.de-fra.eu.bt.net (166.49.172.12) 45.956 ms 47.142 ms 46.439 ms 5 t2c2-p3-0.uk-glo.eu.bt.net (166.49.208.102) 68.83 ms 66.141 ms 66.159 ms 6 t2c2-p4-2.uk-eal.eu.bt.net (166.49.208.13) 67.817 ms 66.317 ms 65.847 ms 7 t2c2-p4-0.us-ash.eu.bt.net (166.49.164.62) 142.317 ms 140.801 ms 142.35 ms 8 equinixexchange.peer1.net (206.223.115.30) 139.271 ms 139.238 ms 141.776 ms 9 OC48-POS0-0.wdc-sp2-cor-1.peer1.net (216.187.115.234) 139.534 ms 140.229 ms 141.74 ms ...
Routers which firewall traceroute packets (either by protocol or by Time-to-live) appear as a *. In FreeBSD a STEALTH mode can be turned on which prevents a forwarded packets TTL to be decremented by one causing no ICMP Time Exceeded message to be sent causing the computer to be omitted in a traceroute.
mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool. There are also several GUI versions of traceroute available that will include the geographic position of each host (although the accuracy of that feature is questionable).
In IPv6 the BSD traceroute the concept is exactly the same, with the UDP port numbers, as the IPv4 implementation. The main difference is that the protocol uses a 'hop limit' instead of a time to live (ttl). A sample traceroute6 looks like this:
margaret$ traceroute6 ipv6.google.com traceroute6 to ipv6.l.google.com (2001:4860:a003::68) from 2001:a60:f074::2, 64 hops max, 12 byte packets 1 * uranus 0.392 ms 0.214 ms 2 gw-154.muc-02.de.sixxs.net 63.686 ms 44.845 ms 44.629 ms 3 2001:a60:0:30::1 45.105 ms 45.199 ms 45.668 ms 4 2001:4860::23 67.845 ms 54.864 ms 55.502 ms 5 2001:4860:a003::68 52.851 ms 54.862 ms 54.491 ms