Traceroute is most commonly used to troubleshoot connectivity issues. If all you know is that you can't get to host D from host A, traceroute will show you whether the connectivity loss exists at one of the intermediate routers—B or C or elsewhere. Note that traceroute works at Layer 3 and is most commonly implemented for IP using UDP.
In the first set of packets sent, the time-to-live (TTL) field is set to 1 and the port number is set to a port that is not likely to be valid, most commonly 33434. The consequence of setting TTL to 1 is that the first node receiving this packet will decrement the TTL, notice that the TTL is now 0, drop the packet, and return an ICMP timeout message. The TTL and port
Traceroute determines that the destination has been reached when it receives an ICMP destination port unreachable message. Note that you are actually discovering the path that the ICMP timeout messages are taking when they come back. In most cases, this will be the same as the forward path, but not always.
An example of using traceroute is to trace the path from one router to another. Figure 8-1 contains an example network. Starting from the router chelliot-isdn and tracing the route to nms-comm1, the results are shown in Example 8-1.
Figure 8-1. Example Network for Traceroute
Example 8-1 Results of a traceroute.
chelliot-isdn# traceroute nms-comm1 Type escape sequence to abort. Tracing the route to nms-comm1 (18.104.22.168) 1 rtp-isdn (22.214.171.124) 28 msec 28 msec 28 msec 2 rtp-telascon-gw2 (126.96.36.199) 32 msec 28 msec 28 msec 3 rtp-hardwood-gw1 (188.8.131.52) 56 msec 32 msec 28 msec 4 nms-comm1 (184.108.40.206) 32 msec * 40 msec chelliot-isdn#
By default, Cisco IOS devices repeat the traceroute for each TTL three times, as indicated by the three time measurements on each line of the output. Notice that the last line has an asterisk instead of the middle time measurement. This is because Cisco routers limit the rate of ICMP destination unreachable messages it outputs. Therefore, the second message is dropped before the destination sends it back.
are used for many purposes in network management, including
Telnet is the traditional way of obtaining terminal emulation access to network devices. Cisco IOS devices also support remote shell, or rsh.
Cisco IOS software provides two
IPSec with VPN provides a standards-based method to implement security and includes the capability to secure a terminal emulation session. Cisco IOS devices started supporting IPSec with VPN in IOS 12.0(5)T.
If a program or script needs to obtain information through a terminal session, it needs to be able to watch for prompts from the device and enter commands at the right time and speed so that they are recognized by the device and do not
See Example 19-9 in Chapter 19, "Frequently Asked Questions," for an example of an Expect script written in PERL.