C.6 USING traceroute TO TRACE PACKETS traceroute can be used to trace the route of IP packets through the Internet. traceroute not only outputs a list with IP nodes (routers or end systems); it also determines the quality of the connection to each of these nodes by measuring the time to reach these routers. Syntax traceroute [-m maxttl] [-n] [-p port] [-q query] [-r] [-s hostadr] [-t tos] [-w delay] host [packet size]
You can use traceroute to identify the route that packets actually take to the specified computer (host). Within local area networks, the path is only one hop, because the communication peer itself can be within this LAN it is simply the next hop. In contrast, the communication relationships in larger networks (e.g., in the Internet) use much larger routes (as in the accompanying example). Another benefit of traceroute is that it is suitable for analyzing connection problems. For example, if a computer in the Internet is not reachable, you can use traceroute to list all reachable routers on the path to this computer. If one of the intermediate systems does not respond, then it is easy to find the source of error. To identify a router on the way to the desired destination computer, traceroute applies a trick rather than using the IP option record route. Specifically, it creates IP packets with the destination address of the specified computer and sends these packets to that computer. The trick is that the TTL value in the IP packet header is initially set to one. This means that the packet, on its way to the destination computer, has to be dropped in the first router, because its maximum time to live (TTL) has expired. According to the IP standard, the router has to return an ICMP message to the sender. From this ICMP message, the sender learns the IP address of the router and so can identify the first switching node. This method is repeated each time with a TTL value larger by one until the destination computer is reached. Example: Connection in a LAN Directly Connected Station root@tux # traceroute www traceroute to www.Linux-netzwerkarchitektur.de (129.13.42.100), 30 hops max, 40-byte packets 1 www.Linux-netzwerkarchitektur.de (129.13.42.100) 13 ms 9 ms 9 ms
Example: Connection in the Internet root@tuc # traceroute www.tux.org traceroute to www.tux.org (207.96.122.8), 30 hops max. 40 Byte packets 1 router1.linux-netzwerkarchitektur.de (129.13.42.244) 10 ms 20 ms 20 ms 2 141.3.1.1 (141.3.1.1) 10 ms 10 ms 10 ms 3 Karlsruhel.BelWue.de (129.143.167.5) 10 ms 10 ms 10 ms 4 ZR-Karlsruhel.Win-IP.DFN.DE (188.1.174.1) 10 ms 10 ms 10 ms 5 ZR-Hannoverl.Win-IP.DFN.DE (188.1.144.177) 30 ms 30 ms 30 ms 6 IR-New-Yorkl.Win_IP.DFN.DE (188.1.144.86) 280 ms 130 ms 290 ms 7 dfn.nyl.ny.dante.net (212.1.200.65) 260 ms 120 ms 270 ms 8 * * * 9 501.ATM3-0.XR2.NYC4.ALTER.NET (152.63.22.6) 280 ms 270 ms 120 ms 10 192.ATM2-0-0.BR1.EWR1.ALTER.NET (146.188.176.53) 260 ms 280 ms 290 ms 11 UUNET-EWR-1-PEER.cw.net (137.39.23.66) 280 ms 140 ms 130 ms 12 corerouterl.WestOragne.cw.ent (204.70.9.138) 290 ms 130 ms 130 ms 13 core4.Washington.cw.net (204.70.4.105) 280 ms 290 ms 290 ms 14 fe0-1-0.gwl.spg.va.rcn.net (207.172.0.5) 140 ms 300 ms 270 ms 15 gwyn.tux.org (207.96.122.8) 160 ms 270 ms 270 ms
When traceroute doesn't receive a reply from the queried systems, it outputs *. If no connection to this system can be established, then several * signs appear, and traceroute eventually aborts. This gives one reason to assume that the famous digger cut a cable, or the cleaning person arranged the cables by color :-). If you do get a reply from the queried system despite several asterisks, this could mean that the system or the connected links are under heavy load. If no parameters are specified, traceroute sends data packets having length 38 bytes to the destination computer. At most 30 stations are addressed by packets with limited TTL values before it is assumed that a packet has not arrived. Traceroute uses the port range between 33, 434 and 33, 434 + max stations - 1 (i.e., 33, 434 to 33, 463 in the normal case). For each station, at most three attempts are made to get a reply, and each attempt waits at most three seconds for a reply. Parameters host is the DNS name or the IP address of the computer to which the route should be identified. The usual DNS mechanisms for name resolution are used. -m maxttl sets the maximum TTL value of request packets to maxttl, which means that a maximum of maxttl stations will be checked. -l specifies the remaining time to live (TTL) of each packet. -n specifies addresses in dotted decimal notation (i.e., no name resolution is done). -p port sets the basic port (i.e., the port number from which test packets should be sent). The default is 33,434. The port range depends on the number of participating stations. -q queries is the number of attempts to obtain a reply (default 3). -r means that routing tables will be ignored. A locally connected computer is addressed directly. An error is output, if the computer is a computer not locally reachable. This option can be used to test the routing situation or a computer without the existence of a route. -s hostadr uses the specified IP address as the sender address for packets for computers with several IP addresses. -t tos sets the value of the TOS field in the IP packet header. -w delay is the wait time in seconds for each attempt to address a computer (default 3). -s packet size specifies a different size for data packets (default 38 bytes).
| 
