07-Traceroute File

Download Report

Transcript 07-Traceroute File

Traceroute
• traceroute is a Unix utility designed by Van
Jacobson in 1987
• The Windows equivalent is called tracert
• The Linux equivalent is called tracepath
• It allows users to view the route (IP addresses,
hostnames of routers and RTTs) from their own
machine to any host on the Internet
• Traceroute servers will allow routes to traced from
other locations as well
23/11/10
07-Traceroute
1
Traceroute
• To understand how traceroute works, we
need to understand how IP uses its Time-toLive (TTL) field
• The IP designers wanted a facility in IP to
avoid packets circulating for ever if a
routing loop occurred
• Routing loops can occur when routing
protocols allow routing tables to become
inconsistent
23/11/10
07-Traceroute
2
Routing Loops
• Routing protocols which allow routers to update each other
with optimal routes to networks sometimes get into a state
where a routing loop occurs
• E.g. Router A thinks the best route to Network C is via
Router B and Router B thinks that the best route to Network
C is via Router A.
• Any packets arriving at Router A with the destination address
of Network C will be forwarded to Router B which will then
forward it to Router A which will forward it to Router B ……
• If more packets with the destination address of Network C
arrive at either router they will join the other packets in the
loop and the links in the loop will eventually become
unusable due to congestion
23/11/10
07-Traceroute
3
Time to Live (TTL)
• The IP designers wanted a way for packets in a routing loop to
be discovered and discarded
• They originally designed a Time to Live field based on actual
time, but this proved to be too difficult to manage, so they
simplified it
• TTL is now used to count the number of routers a packet has
been routed through
• In IPv6 the field has been more sensibly names as hopcount
• Examining changes in TTL may also be useful in your time-ofday experiment as any change in route will probably also cause
a change in TTL which may happen at the same time as a step
change in RTT
23/11/10
07-Traceroute
4
Time to Live
• Different IP implementations set the initial value of TTL to
different values
• TTL is usually initially set to a value between 30 and 128,
although some implementations (including ICMP) set it to
its maximum value of 255
• When a packet is launched onto the Internet, it has its TTL
field set to the initial value
• At every subsequent router it is decremented by one
• When a router decrements the TTL to 0 it must discard the
packet
• If it does this it should also issue an ICMP Time Expired
message to the originator
23/11/10
07-Traceroute
5
Traceroute
• Traceroute sends out three packets out with an initial TTL of 1
• These packets arrives at the first router. The TTL is
decremented to 0 and are the packet discarded. ICMP Time
Expired messages are sent back to the originator by the first
router and thus the IP address of the first router is discovered
• Traceroute then sends out three packets with an initial TTL of 2
• These packets arrive at the first router which decrements the
TTL to 1 and forwards the packets to the second router which
decrements the TTL to 0, discards the packet and issues ICMP
Time expired messages back to the originator thus revealing the
IP address of the second router
• Similarly for the third router and all the other routers on the path
to the host until the whole route to the host has been discovered
23/11/10
07-Traceroute
6
Traceroute
• Traceroute also does a reverse DNS look-up
to find any hostnames registered for router
IP addresses
• It reports on each line: the IP address,
hostname (if found) and the three measured
RTTs to the router
• It will (by default list) up to 30 routers on
the path and if the host has not been reached
before this limit is reached, it will give up
23/11/10
07-Traceroute
7
Traceroute
• Sometimes hostnames have not been registered for
routers, in which case traceroute only provides IP
addresses
• Routers sometimes do not issue the ICMP Time
Exceeded messages or they get lost or discarded, in
which case a * appears instead of the RTT
• Some versions of traceroute use ICMP echo request
packets (Windows), others use UDP (Unix) with
special port numbers
23/11/10
07-Traceroute
8
Traceroute Tips
• Sometimes ICMP packets get through when UDP packets do not
and vice versa, so it may be occasionally worth trying more than
one version of traceroute
• If there is no hostname or the hostname does not indicate a
location try looking up the IP address or hostname or parts of the
hostname in Google
• Try using IP address location tools, but beware these are not
always accurate
• Use a whois server (E.g. the one on www.DNSstuff.com) to look
up the organisation which owns the IP address. This will
sometimes indicate the country in which the router is located
• If the RTT makes a big jump (50 - 150 ms) the route is probably
going over a long fibre cable (possibly submarine)
• If the RTT jumps by more than 230 ms, the route is almosy going
over a satellite circuit
23/11/10
07-Traceroute
9