Traceroute - Tracing Route

From eLinux.org
Jump to: navigation, search

"traceroute" (or tracert in Windows) is a Networking tool used to determine the "route" taken by packets across an IP network.

How Traceroute Works

Before knowing how traceroute works let's understand what is "TTL'.

TTL

Time-to-live (abbreviated TTL) is a limit on the period of time (or number of iterations/transmissions) in computer network, that a unit of data (e.g. a packet) can experience before it should be discarded.

The time to live value can be thought of as an upper bound on the time that an IP datagram can exist in an internet system.

The TTL field is set by the sender of the datagram, and reduced by every host on the route to its destination. If the TTL field reaches zero before the datagram arrives at its destination, then the datagram is discarded and an ICMP error datagram (Time Exceeded) is sent back to the sender.

The purpose of the TTL field is to avoid a situation in which an undeliverable datagram keeps circulating on an internet system, and such a system eventually becoming swamped by such immortal datagrams.

In IPv4, time to live (TTL) is an 8-bit field in the IP header.

TraceRoute

Traceroute works by increasing the "time-to-live" value of each successive batch of packets sent.

1. As shown in figure below the first three packets sent have a time-to-live (TTL) value of one (implying that they are not forwarded by the next router and make only a single hop).

2. The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an "ICMP time exceeded" packet to the sender.

3. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination. The three timestamp values returned for each host along the path are the delay (latency) values for each packet in the batch.

4. If a packet does not return within the expected timeout window, a star (asterisk) is traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is at one hop, the second host at two hops, etc. IP does not guarantee that all the packets take the same route. Also note that if the host at hop number N does not reply, the hop will be skipped in the output.

5. On Linux, the traceroute utility by default uses UDP datagrams with destination ports number from 33434 to 33534.

     +--------+                                          +--------+   
     | SENDER |                                          | TARGET |   
     +--------+                                          +--------+   
         |                                                   ^|     
      [============( Router )=====( Router )=====( Router )==|====]
                  ^              ^              ^            |  
                  | TTL=1        | TTL=2        | TTL=3      | TTL=4  
 Traceroute       |              |              |            |        
 shows these -----+--------------+--------------+------------/       

Sample Traceroute Session

At the end it shows at the gateway "64.129.234.132: returning ICMP message "Destination net unreachable" Probably, either the router has a configuration problem, or the 64.129.234.132 network does not exist, reflecting a bad IP address.

tracert 205.57.75.75
traceroute to 205.57.75.75 (205.57.75.75), 30 hops max, 40 byte packets
1  192.168.6.6 (192.168.6.6)  0.511 ms  0.498 ms  0.511 ms
2  203.76.128.204 (203.76.128.204)  5.168 ms  5.385 ms  7.538 ms
3  10.130.2.181 (10.130.2.181)  6.816 ms  7.043 ms  7.253 ms
4  203.90.114.89 (203.90.114.89)  174.514 ms  174.743 ms  174.963 ms
5  mumbbr.hclinfinet.com (203.90.78.137)  41.823 ms  42.140 ms  42.384 ms
6  mumint.hclinfinet.com (203.90.78.139)  45.320 ms  44.404 ms  44.574 ms
7  125.21.187.105 (125.21.187.105)  37.485 ms  33.500 ms  33.483 ms
8  203.101.100.73 (203.101.100.73)  34.472 ms 203.101.100.78 (203.101.100.78)  44.238 ms  44.821 ms
9  125.21.168.169 (125.21.168.169)  81.200 ms  90.114 ms  90.698 ms
10  203.101.95.30 (203.101.95.30)  90.902 ms  88.439 ms  88.420 ms
11  so-6-0-0-zcr2.lnt.cw.net (166.63.222.169)  221.542 ms  221.529 ms  220.834 ms
12  ae0-zcr1.lnt.cw.net (166.63.222.41)  218.313 ms  218.521 ms  216.900 ms
13  so-3-0-0-bcr1.lnd.cw.net (166.63.163.221)  234.371 ms  236.298 ms  235.996 ms
14  xe-0-3-0.xcr1.lnd.cw.net (195.2.25.1)  258.137 ms  xe-5-0-0-xcr1.lnd.cw.net (195.2.25.121)  240.164 ms xe-0-3-0.xcr1.lnd.cw.net
(195.2.25.1)  258.139 ms
15  ge-11-0-0.xcr1.nyk.cw.net (195.2.25.18)  327.318 ms  ge-11-1-0.xcr1.nyk.cw.net (195.2.25.22)  294.545 ms
ge-11-0-0.xcr1.nyk.cw.net (195.2.25.18)  300.028 ms
16  NYCL-PEER-03.twtelecom.net (198.32.118.36)  343.879 ms  338.914 ms 339.103 ms
18  64.129.234.132  reports: Destination net unreachable.