Networks Horizon

share

Wednesday, 1 February 2012


How Traceroute Works

The traceroute command is used to discover the routes that packets actually take when traveling to their destination. The device (for example, a router or a PC) sends out a sequence of User Datagram Protocol (UDP) datagrams to an invalid port address at the remote host. Below is the step by step traceroute process.
1.       PC1 will send 3 UDP packets(with unidentified UDP port number) and  with TTL (time to live) of 1. When these packets reach the first router(Router1), router will decrease the TTL value to ZERO and reject the packet with ICMP message(Time-to-live exceeded) back to PC1(source). It also contains the IP of itself(Router1) in the message. This way PC1 will come to know about the location(address) of first router in the path.

Topology::
PC1===>>Router1=========Router2=========Router3===Destination

2.       PC1 will send 3 more UDP packets towards destination with TTL value of 2 this time. When packet reaches to Router1, it will decrease the TTL value by 1 and now packet is forwarded to next router(Router2) in the path with new TTL value of 1 (2 minus 1). When packet reaches to Router2, it will decrease the TTL value to 0 and sends "TTL exceeded" ICMP back to the source with its IP and round trip delay (latency in msec).  All three packets with this TTL value get the same treatment.
3.       This process goes on and every time PC1 sends 3 packets with increased TTL value until packet reaches the destination Router (R3). Once packets reach the last hop, router3 matches destination ip in ICMP request packet with its own IP address but do not identify UDP port number. So Router 3 rejects the packet with ICMP message reply (Destination Unreachable or Port Unreachable).
4.       Once this reply message reaches to the source (PC1), PC1 will come to know that it has found the destination. So instead of showing the Destination Unreachable message, it will break (end) the traceroute.

Asterix (*) means source did not get any ICMP message in reply (TTL exceeded or Destination Unreachable) or reply was too small that it cannot reach the source (PC1). When 3 asterixs (***) are seen, it means traceroute will not stop and source (PC!) will keep sending packets with a incremental (by 1) TTL value (max 255). It goes on upto default 30 hops(TTL value 30). Traceroute option max-ttl is used to alter this value.
This asterix (*) can be due to some intentional block (firewall or other security measures). It can also be caused due to some problem in the backpath (routing/policy) or due to a router with buggy software.

TTL is used to prevent loops in IP network. It is 8 bit field in IP header. Since the Layer 2 header does not support a time to live (TTL), STP (Spanning Tree Protocol) is used to prevent loops in switching network.

Example


Router A>enable
Router A#traceroute
Protocol [ip]:
Target IP address: 192.168.40.2  

!--- The address to which the path is traced.

Source address: 172.16.23.2
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:Number of packets at a time.
Minimum Time to Live [1]:
Maximum Time to Live [30]: maximum Allowed TTL value
Port Number [33434]: Destination UPD port number
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.40.2

  1 172.31.20.2 16 msec 16 msec 16 msec (round trip delay for 3 packets)
  2 172.20.10.2 28 msec 28 msec 32 msec
  3 192.168.40.2 32 msec 28 msec *  

!--- The traceroute is successful.



Traceroute options/terms

·         max-ttl=sets a limit on how long traceroute keeps trying. If the target host is farther than default value 30 hops away, you'll need to increase this value.
·         port=strange port numbers that nothing will be listening on. So destination should ignore the packet with these UDP port number.
·         Queries=How many packets should be sent for each TTL value. The default is 3.
·         wait=number of seconds packets have to generate replies before traceroute assumes they will never reply and moves on.
·         Inverse DNS lookups= used to represent DNS names in the traceroute path.



No comments:

Post a Comment