Traceroute

From Hackepedia
Revision as of 11:44, 24 October 2005 by Sysadmin (talk | contribs)
Jump to navigationJump to search

Traceroute is a program to trace the routers between two computers on the Internet. The program was written by Van Jacobson. It uses raw sockets to output and receive UDP and ICMP packets. It is prone to faulty data and should not be trusted completely.

In detail and in the default mode traceroute outputs UDP packets on a high UDP port (starting at 32768 + 666) and incrementing the port number by one per packet sent. The packet includes a timestamp (obscured in OpenBSD) and the IP Time-to-live starts at 1 and increments by one every three packets. At each router that the packets reach with the Time-to-live of 1 a ICMP Time Exceeded (type 11) message is sent back (see RFC 791 page 6).

Another mode for traceroute is to use the ICMP protocol instead of the UDP packets, the ICMP type used is 8 (ECHO REQUEST) (see ping). In ICMP mode no ports are used since the protocol does not support it.

A sample traceroute:

$ traceroute www.yashy.com
traceroute to mail.yashy.com (206.248.137.44), 64 hops max, 40 byte packets
1  * * *
2  ae2-200.ffm4-j.mcbone.net (62.104.198.228)  46.601 ms  46.218 ms  47.653 ms
3  t2a4-p8-2.de-fra.eu.bt.net (166.49.147.169)  46.621 ms  45.928 ms  46.692 ms
4  t2c2-ge6-0.de-fra.eu.bt.net (166.49.172.12)  45.956 ms  47.142 ms  46.439 ms
5  t2c2-p3-0.uk-glo.eu.bt.net (166.49.208.102)  68.83 ms  66.141 ms  66.159 ms
6  t2c2-p4-2.uk-eal.eu.bt.net (166.49.208.13)  67.817 ms  66.317 ms  65.847 ms
7  t2c2-p4-0.us-ash.eu.bt.net (166.49.164.62)  142.317 ms  140.801 ms  142.35 ms
8  equinixexchange.peer1.net (206.223.115.30)  139.271 ms  139.238 ms  141.776 ms
9  OC48-POS0-0.wdc-sp2-cor-1.peer1.net (216.187.115.234)  139.534 ms  140.229 ms  141.74 ms
...

Routers which firewall traceroute packets (either by protocol or by Time-to-live) appear as a *. In FreeBSD a STEALTH mode can be turned on which prevents a forwarded packet to be decremented by one causing no ICMP Time Exceeded message to be sent causing the computer to be omitted in a traceroute.

mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool. There are also several GUI versions of traceroute available that will include the geographic position of each host.