How Traceroute Works
The traceroute command is used to discover the routes that
packets actually take when traveling to their destination. The device (for
example, a router or a PC) sends out a sequence of User Datagram Protocol (UDP)
datagrams to an invalid port address at the remote host. Below is the step by
step traceroute process.
1.
PC1 will send 3 UDP packets(with unidentified
UDP port number) and with TTL (time to
live) of 1. When these packets reach the first router(Router1), router will
decrease the TTL value to ZERO and reject the packet with ICMP message(Time-to-live
exceeded) back to PC1(source). It also contains the IP of itself(Router1) in
the message. This way PC1 will come to know about the location(address) of
first router in the path.
Topology::
PC1===>>Router1=========Router2=========Router3===Destination
2.
PC1 will send 3 more UDP packets towards
destination with TTL value of 2 this time. When packet reaches to Router1, it
will decrease the TTL value by 1 and now packet is forwarded to next router(Router2)
in the path with new TTL value of 1 (2 minus 1). When packet reaches to
Router2, it will decrease the TTL value to 0 and sends "TTL exceeded"
ICMP back to the source with its IP and round trip delay (latency in msec). All three packets with this TTL value get the
same treatment.
3.
This process goes on and every time PC1 sends 3
packets with increased TTL value until packet reaches the destination Router (R3).
Once packets reach the last hop, router3 matches destination ip in ICMP request
packet with its own IP address but do not identify UDP port number. So Router 3
rejects the packet with ICMP message reply (Destination Unreachable or Port
Unreachable).
4.
Once this reply message reaches to the source (PC1),
PC1 will come to know that it has found the destination. So instead of showing
the Destination Unreachable message, it will break (end) the traceroute.
Asterix (*) means source did not get any ICMP message in
reply (TTL exceeded or Destination Unreachable) or reply was too small that it
cannot reach the source (PC1). When 3 asterixs (***) are seen, it means traceroute will not stop and source (PC!) will keep sending packets with a incremental (by 1) TTL value (max 255). It goes on upto default 30 hops(TTL value 30). Traceroute option max-ttl is used to alter this value.
This asterix (*) can be due to some intentional block (firewall
or other security measures). It can also be caused due to some problem in the backpath
(routing/policy) or due to a router with buggy software.
TTL is used to prevent loops in IP network. It is 8 bit field in IP header. Since the Layer
2 header does not support a time to live (TTL), STP (Spanning Tree Protocol) is
used to prevent loops in switching network.
Example
Router A>enable
Router A#traceroute
Protocol [ip]:
Target IP address: 192.168.40.2
!--- The address to which the path is traced.
Source address: 172.16.23.2
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:Number of packets at a time.
Minimum Time to Live [1]:
Maximum Time to Live [30]: maximum Allowed TTL value
Port Number [33434]: Destination UPD port number
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.40.2
1 172.31.20.2 16 msec 16 msec 16 msec (round trip delay for 3 packets)
2 172.20.10.2 28 msec 28 msec 32 msec
3 192.168.40.2 32 msec 28 msec *
!--- The traceroute is successful.
Example
Router A>enable
Router A#traceroute
Protocol [ip]:
Target IP address: 192.168.40.2
!--- The address to which the path is traced.
Source address: 172.16.23.2
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:Number of packets at a time.
Minimum Time to Live [1]:
Maximum Time to Live [30]: maximum Allowed TTL value
Port Number [33434]: Destination UPD port number
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.40.2
1 172.31.20.2 16 msec 16 msec 16 msec (round trip delay for 3 packets)
2 172.20.10.2 28 msec 28 msec 32 msec
3 192.168.40.2 32 msec 28 msec *
!--- The traceroute is successful.
Traceroute options/terms
·
max-ttl=sets a limit on how long traceroute
keeps trying. If the target host is farther than default value 30 hops away,
you'll need to increase this value.
·
port=strange port numbers that nothing will be
listening on. So destination should ignore the packet with these UDP port
number.
·
Queries=How many packets should be sent for each
TTL value. The default is 3.
·
wait=number of seconds packets have to generate
replies before traceroute assumes they will never reply and moves on.
·
Inverse DNS lookups= used to represent DNS names
in the traceroute path.
No comments:
Post a Comment