Traceroute

From Hackepedia
Jump to: navigation, search

Traceroute is a program to trace the routers between two computers on the Internet. The original program was written by Van Jacobson. It uses raw sockets to output and receive UDP and ICMP packets. It is prone to faulty data and should not be trusted completely.

In Windows: Start - Run -> Command and the in the terminal you can use "tracert" which is close as you'll get to equivalent.

In detail and in the default mode traceroute outputs UDP packets on a high UDP port (starting at 32768 + 666) and incrementing the port number by one per packet sent. The packet includes a timestamp (obscured in OpenBSD) and the IP Time-to-live starts at 1 and increments by one every three packets. At each router that the packets reach with the Time-to-live of 1 an ICMP Time Exceeded (type 11) message is sent back (see RFC 791 page 6).

Another mode for traceroute is to use the ICMP protocol instead of the UDP packets. The ICMP type used is 8 (ECHO REQUEST) (see ping). In ICMP mode no ports are used since the protocol does not support it.

A sample traceroute:

$ traceroute www.yashy.com
traceroute to mail.yashy.com (206.248.137.44), 64 hops max, 40 byte packets
1  * * *
2  ae2-200.ffm4-j.mcbone.net (62.104.198.228)  46.601 ms  46.218 ms  47.653 ms
3  t2a4-p8-2.de-fra.eu.bt.net (166.49.147.169)  46.621 ms  45.928 ms  46.692 ms
4  t2c2-ge6-0.de-fra.eu.bt.net (166.49.172.12)  45.956 ms  47.142 ms  46.439 ms
5  t2c2-p3-0.uk-glo.eu.bt.net (166.49.208.102)  68.83 ms  66.141 ms  66.159 ms
6  t2c2-p4-2.uk-eal.eu.bt.net (166.49.208.13)  67.817 ms  66.317 ms  65.847 ms
7  t2c2-p4-0.us-ash.eu.bt.net (166.49.164.62)  142.317 ms  140.801 ms  142.35 ms
8  equinixexchange.peer1.net (206.223.115.30)  139.271 ms  139.238 ms  141.776 ms
9  OC48-POS0-0.wdc-sp2-cor-1.peer1.net (216.187.115.234)  139.534 ms  140.229 ms  141.74 ms
...

Routers which firewall traceroute packets (either by protocol or by Time-to-live) appear as a *. In FreeBSD a STEALTH mode can be turned on which prevents a forwarded packets TTL to be decremented by one causing no ICMP Time Exceeded message to be sent causing the computer to be omitted in a traceroute.

mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool. There are also several GUI versions of traceroute available that will include the geographic position of each host (although the accuracy of that feature is questionable).

In IPv6 the BSD traceroute the concept is exactly the same, with the UDP port numbers, as the IPv4 implementation. The main difference is that the protocol uses a 'hop limit' instead of a time to live (ttl). A sample traceroute6 looks like this:

margaret$ traceroute6 ipv6.google.com 
traceroute6 to ipv6.l.google.com (2001:4860:a003::68) from 2001:a60:f074::2, 64 
hops max, 12 byte packets
1  * uranus  0.392 ms  0.214 ms
2  gw-154.muc-02.de.sixxs.net  63.686 ms  44.845 ms  44.629 ms
3  2001:a60:0:30::1  45.105 ms  45.199 ms  45.668 ms
4  2001:4860::23  67.845 ms  54.864 ms  55.502 ms
5  2001:4860:a003::68  52.851 ms  54.862 ms  54.491 ms