TCP/IP: Traceroute

Introduction to the

Traceroute is a networking tool that monitors the details of all routing nodes between the source host and the destination host. Using this tool, you can view the time between the source host and each sub-node router to determine which node is delayed or blocked between the source host and the destination host.

The principle of

Traceroute uses ICMP packets to monitor the path of each node.

The IP datagram has a TTL value at the head, which indicates the maximum number of nodes a datagram can pass through in a transport project. The default value is 64. Each time it passes a node, the TTL value automatically decreases by 1. When a node receives a TTL of 0 but the node is not the destination IP address, the router on the node sends an ICMP timeout data to the source host to report that the sent packet times out.

Traceroute uses this feature of ICMP to send a UDP packet with a TTL of 1 to the destination host. In this way, the TTL is reduced to 0 after passing through the first router node, and the first router node sends an ICMP packet back to the source host. The source ADDRESS of the ICMP packet is the router address. Traceroute obtains the first router address through this ICMP packet. It then proceeded to send the second UDP datagram, set the TTL to 2, and likewise get the second router node address. And so on, the TTL is incremented by one until the UDP datagram reaches the destination host. This will get every router node that passes through.

There is a problem, however. If the datagram happens to reach the destination host, the TTL is reduced to 0 but no ICMP datagram will be sent because the datagram has already reached the destination address. It is not possible to determine whether to continue sending the TTL plus 1 datagram or whether the datagram has reached its destination. Therefore, the Traceroute tool uses a clever method, that is, the destination port of the UDP packet is set to an impossible value, so that when the destination host cannot find the destination port, the source host will respond with an ICMP message that the port is unreachable. In this way, the source host stops sending UDP monitoring data as long as it determines that the received ICMP packet is a port unreachable packet. In this way, the source host obtains a complete link list based on the previous timeout ICMP packet.

application

xxx@MacBook-Air ~ % traceroute www.baidu.com
traceroute: Warning: www.baidu.com has multiple addresses; using 36.15244.95.
traceroute to www.a.shifen.com (36.15244.95.), 64 hops max, 52 byte packets
 1  192.1681.1. (192.1681.1.)  10.387 ms  3.317 ms  3.016 ms
 2  * * *
 3* * *...Copy the code

In the first line, 1 indicates the TTL value, followed by the router address 192.168.1.1, which happens to be the LAN gateway address of my host. Then there are three time values, indicating that the datagram has been sent three times. The round-trip time value of each datagram. That is, the interval between sending a datagram from the source host and receiving an ICMP response from the source host. By default, each TTL datagram traceroute is sent three times, with the first 10ms larger than the next 3ms because of the ARP request. When TTL is 2 and 3, three asterisks are output. Traceroute uses an asterisk to indicate that a datagram sent has not received an ICMP response within five seconds. This happens when some routers do not support sending ICMP timeout responses, but Traceroute continues to try until 64 attempts (64 hops Max) end.

Introduction to the

The principle of

application

Related Posts

Oracle LABS releases GraalVM 21.1 with SUPPORT for JDK16

JSPSSH consumables inventory management system MyEclipse development mysql database SSH structure Java programming

Lingo linear programming tutorial