Scribd Logo
Upload

Welcome to Scribd!

  • 82 views

    Trace Route & Analyse Path

    Uploaded by

    SAM7028
    Traceroute is a network diagnostic tool that sends packets to trace the route and measure latency along the path to a destination. It works by sending packets with increasing Time-To-Live (TTL) values, causing routers to send ICMP Time Exceeded messages. These messages reveal the IP addresses of successive routers. When the destination is reached, it responds with ICMP Port Unreachable messages, showing the full path and latency at each hop.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Trace Route & Analyse Path

    Uploaded by

    SAM7028
    82 views20 pages
    Traceroute is a network diagnostic tool that sends packets to trace the route and measure latency along the path to a destination. It works by sending packets with increasing Time-To-Live (TTL) values, causing routers to send ICMP Time Exceeded messages. These messages reveal the IP addresses of successive routers. When the destination is reached, it responds with ICMP Port Unreachable messages, showing the full path and latency at each hop.

    Original Description:

    Trace Route

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Traceroute is a network diagnostic tool that sends packets to trace the route and measure latency along the path to a destination. It works by sending packets with increasing Time-To-Live (TTL) values, causing routers to send ICMP Time Exceeded messages. These messages reveal the IP addresses of successive routers. When the destination is reached, it responds with ICMP Port Unreachable messages, showing the full path and latency at each hop.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    82 views20 pages

    Trace Route & Analyse Path

    Uploaded by

    SAM7028
    Traceroute is a network diagnostic tool that sends packets to trace the route and measure latency along the path to a destination. It works by sending packets with increasing Time-To-Live (TTL) values, causing routers to send ICMP Time Exceeded messages. These messages reveal the IP addresses of successive routers. When the destination is reached, it responds with ICMP Port Unreachable messages, showing the full path and latency at each hop.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 20

    TRACE ROUTE &

    ANALYSE PATH

    Company

    LOGO

    A network diagnostic tool


    Originally written by Van
    Jacobson
    Whether routing problems
    exist on the network?

    3 primary objectives of the


    TRACEROUTE tool

    The entire path the packet travels


    through

    The name & identity of routers &


    devices in your path

    Network Latency : The time taken to

    TTL ???
    Time To Live
    Time . Is it measured in
    seconds ???
    Hopes
    Hops are nothing but the computers,
    routers, or any devices that comes in
    between the source and the
    destination.

    ?What if there was no TTL


    at all !!!

    But the router which discards the


    packet will inform the original sender
    that the TTL value has exceeded.!

    ICMP TTL exceeded


    messages
    But how does Traceroute uses TTL
    exceeded message to find out

    traceroute to google's publicly


    available DNS server(8.8.8.8)

    root@workstation:~# tcpdump -n '(icmp or udp)' vvv


    12:13:06.585187 IP (tos 0x0, ttl 1, id 37285, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.43143 > 8.8.8.8.33434: [bad udp cksum 0xd157 -> 0x0e59!] UDP, length
    32
    12:13:06.585218 IP (tos 0x0, ttl 1, id 37286, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.38682 > 8.8.8.8.33435: [bad udp cksum 0xd157 -> 0x1fc5!] UDP, length
    32
    12:13:06.585228 IP (tos 0x0, ttl 1, id 37287, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.48381 > 8.8.8.8.33436: [bad udp cksum 0xd157 -> 0xf9e0!] UDP, length
    32
    12:13:06.585237 IP (tos 0x0, ttl 2, id 37288, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.57602 > 8.8.8.8.33437: [bad udp cksum 0xd157 -> 0xd5da!] UDP, length
    32
    12:13:06.585247 IP (tos 0x0, ttl 2, id 37289, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.39195 > 8.8.8.8.33438: [bad udp cksum 0xd157 -> 0x1dc1!] UDP, length
    32
    12:13:06.585256 IP (tos 0x0, ttl 2, id 37290, offset 0, flags [none], proto UDP (17),
    length 60)

    This UDP packet will contain the following


    things.
    My Source Address (Which is my IP address)
    Destination address (Which is 8.8.8.8)
    And A destination UDP port number which is
    invalid. Means the traceroute utility will send
    packet to a UDP port in the range of 33434
    to 33534, Which is normally unused.

    My Source address will make a packet


    with destination ip address of 8.8.8.8
    and a destination port number between
    33434 to 33534. And the important
    thing it does it to make the TTL
    Value 1

    On receiving this TTL Time exceeded


    message, my traceroute program will
    come to know the source address
    and other details about the first hop
    (Which is my gateway server.)
    Again sends a UDP packet with
    different port number and TTL value

    192.168.0.1 > 192.168.0.102: ICMP time exceeded in-transit, length 68


    IP (tos 0x0, ttl 1, id 37285, offset 0, flags [none], proto UDP (17), length 60)
    192.168.0.1 > 192.168.0.102: ICMP time exceeded in-transit, length 68
    IP (tos 0x0, ttl 1, id 37286, offset 0, flags [none], proto UDP (17), length 60)
    183.83.192.1 > 192.168.0.102: ICMP time exceeded in-transit, length 60
    IP (tos 0x0, id 37288, offset 0, flags [none], proto UDP (17), length 60)
    192.168.0.1 > 192.168.0.102: ICMP time exceeded in-transit, length 68
    IP (tos 0x0, ttl 1, id 37287, offset 0, flags [none], proto UDP (17), length 60)

    Why 3 UDP Packets with TTL


    value 1???

    root@workstation:~# tcpdump -n '(icmp or udp)' vvv


    12:13:06.585187 IP (tos 0x0, ttl 1, id 37285, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.43143 > 8.8.8.8.33434: [bad udp cksum 0xd157 -> 0x0e59!] UDP, length
    32
    12:13:06.585218 IP (tos 0x0, ttl 1, id 37286, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.38682 > 8.8.8.8.33435: [bad udp cksum 0xd157 -> 0x1fc5!] UDP, length
    32
    12:13:06.585228 IP (tos 0x0, ttl 1, id 37287, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.48381 > 8.8.8.8.33436: [bad udp cksum 0xd157 -> 0xf9e0!] UDP, length
    32
    12:13:06.585237 IP (tos 0x0, ttl 2, id 37288, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.57602 > 8.8.8.8.33437: [bad udp cksum 0xd157 -> 0xd5da!] UDP, length
    32
    12:13:06.585247 IP (tos 0x0, ttl 2, id 37289, offset 0, flags [none], proto UDP (17),
    length 60)
    192.168.0.102.39195 > 8.8.8.8.33438: [bad udp cksum 0xd157 -> 0x1dc1!] UDP, length
    32
    12:13:06.585256 IP (tos 0x0, ttl 2, id 37290, offset 0, flags [none], proto UDP (17),
    length 60)

    Why 3 UDP Packets with TTL


    value 1???
    RTP : Round Trip Time

    How the Traceroute program will


    come to
    know that the destination is
    reached ??
    ICMP Port/Destination
    UNREACHABLE

    8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8


    udp port 33458 unreachable, length 68
    IP (tos 0x80, ttl 2, id 37309, offset 0, flags [none], proto
    UDP (17), length 60)
    8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
    udp port 33457 unreachable, length 68
    IP (tos 0x80, ttl 1, id 37308, offset 0, flags [none], proto
    UDP (17), length 60)
    8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
    udp port 33459 unreachable, length 68
    IP (tos 0x80, ttl 2, id 37310, offset 0, flags [none], proto
    UDP (17), length 60)

    8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8


    udp port 33458 unreachable, length 68
    IP (tos 0x80, ttl 2, id 37309, offset 0, flags [none], proto
    UDP (17), length 60)
    8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
    udp port 33457 unreachable, length 68
    IP (tos 0x80, ttl 1, id 37308, offset 0, flags [none], proto
    UDP (17), length 60)
    8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
    udp port 33459 unreachable, length 68
    IP (tos 0x80, ttl 2, id 37310, offset 0, flags [none], proto
    UDP (17), length 60)

    Traceroute program will


    come to know that our
    destination has reached

    Different types of
    Traceroute program

    UDP Traceroute
    ICMP traceroute
    TCP Traceroute

    You might also like