Scribd
Upload
113 views20 pages

Trace Route & Analyse Path

Traceroute is a network diagnostic tool that sends packets to trace the route and measure latency along the path to a destination. It works by sending packets with increasing Time-To-Live (TTL) values, causing routers to send ICMP Time Exceeded messages. These messages reveal the IP addresses of successive routers. When the destination is reached, it responds with ICMP Port Unreachable messages, showing the full path and latency at each hop.

Uploaded by

SAM7028
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
113 views20 pages

Trace Route & Analyse Path

Traceroute is a network diagnostic tool that sends packets to trace the route and measure latency along the path to a destination. It works by sending packets with increasing Time-To-Live (TTL) values, causing routers to send ICMP Time Exceeded messages. These messages reveal the IP addresses of successive routers. When the destination is reached, it responds with ICMP Port Unreachable messages, showing the full path and latency at each hop.

Uploaded by

SAM7028
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

TRACE ROUTE &

ANALYSE PATH

Company

LOGO

A network diagnostic tool


Originally written by Van
Jacobson
Whether routing problems
exist on the network?

3 primary objectives of the


TRACEROUTE tool

The entire path the packet travels


through

The name & identity of routers &


devices in your path

Network Latency : The time taken to

TTL ???
Time To Live
Time . Is it measured in
seconds ???
Hopes
Hops are nothing but the computers,
routers, or any devices that comes in
between the source and the
destination.

?What if there was no TTL


at all !!!

But the router which discards the


packet will inform the original sender
that the TTL value has exceeded.!

ICMP TTL exceeded


messages
But how does Traceroute uses TTL
exceeded message to find out

traceroute to google's publicly


available DNS server(8.8.8.8)

root@workstation:~# tcpdump -n '(icmp or udp)' vvv


12:13:06.585187 IP (tos 0x0, ttl 1, id 37285, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.43143 > 8.8.8.8.33434: [bad udp cksum 0xd157 -> 0x0e59!] UDP, length
32
12:13:06.585218 IP (tos 0x0, ttl 1, id 37286, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.38682 > 8.8.8.8.33435: [bad udp cksum 0xd157 -> 0x1fc5!] UDP, length
32
12:13:06.585228 IP (tos 0x0, ttl 1, id 37287, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.48381 > 8.8.8.8.33436: [bad udp cksum 0xd157 -> 0xf9e0!] UDP, length
32
12:13:06.585237 IP (tos 0x0, ttl 2, id 37288, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.57602 > 8.8.8.8.33437: [bad udp cksum 0xd157 -> 0xd5da!] UDP, length
32
12:13:06.585247 IP (tos 0x0, ttl 2, id 37289, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.39195 > 8.8.8.8.33438: [bad udp cksum 0xd157 -> 0x1dc1!] UDP, length
32
12:13:06.585256 IP (tos 0x0, ttl 2, id 37290, offset 0, flags [none], proto UDP (17),
length 60)

This UDP packet will contain the following


things.
My Source Address (Which is my IP address)
Destination address (Which is 8.8.8.8)
And A destination UDP port number which is
invalid. Means the traceroute utility will send
packet to a UDP port in the range of 33434
to 33534, Which is normally unused.

My Source address will make a packet


with destination ip address of 8.8.8.8
and a destination port number between
33434 to 33534. And the important
thing it does it to make the TTL
Value 1

On receiving this TTL Time exceeded


message, my traceroute program will
come to know the source address
and other details about the first hop
(Which is my gateway server.)
Again sends a UDP packet with
different port number and TTL value

192.168.0.1 > 192.168.0.102: ICMP time exceeded in-transit, length 68


IP (tos 0x0, ttl 1, id 37285, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.1 > 192.168.0.102: ICMP time exceeded in-transit, length 68
IP (tos 0x0, ttl 1, id 37286, offset 0, flags [none], proto UDP (17), length 60)
183.83.192.1 > 192.168.0.102: ICMP time exceeded in-transit, length 60
IP (tos 0x0, id 37288, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.1 > 192.168.0.102: ICMP time exceeded in-transit, length 68
IP (tos 0x0, ttl 1, id 37287, offset 0, flags [none], proto UDP (17), length 60)

Why 3 UDP Packets with TTL


value 1???

root@workstation:~# tcpdump -n '(icmp or udp)' vvv


12:13:06.585187 IP (tos 0x0, ttl 1, id 37285, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.43143 > 8.8.8.8.33434: [bad udp cksum 0xd157 -> 0x0e59!] UDP, length
32
12:13:06.585218 IP (tos 0x0, ttl 1, id 37286, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.38682 > 8.8.8.8.33435: [bad udp cksum 0xd157 -> 0x1fc5!] UDP, length
32
12:13:06.585228 IP (tos 0x0, ttl 1, id 37287, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.48381 > 8.8.8.8.33436: [bad udp cksum 0xd157 -> 0xf9e0!] UDP, length
32
12:13:06.585237 IP (tos 0x0, ttl 2, id 37288, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.57602 > 8.8.8.8.33437: [bad udp cksum 0xd157 -> 0xd5da!] UDP, length
32
12:13:06.585247 IP (tos 0x0, ttl 2, id 37289, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.39195 > 8.8.8.8.33438: [bad udp cksum 0xd157 -> 0x1dc1!] UDP, length
32
12:13:06.585256 IP (tos 0x0, ttl 2, id 37290, offset 0, flags [none], proto UDP (17),
length 60)

Why 3 UDP Packets with TTL


value 1???
RTP : Round Trip Time

How the Traceroute program will


come to
know that the destination is
reached ??
ICMP Port/Destination
UNREACHABLE

8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8


udp port 33458 unreachable, length 68
IP (tos 0x80, ttl 2, id 37309, offset 0, flags [none], proto
UDP (17), length 60)
8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33457 unreachable, length 68
IP (tos 0x80, ttl 1, id 37308, offset 0, flags [none], proto
UDP (17), length 60)
8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33459 unreachable, length 68
IP (tos 0x80, ttl 2, id 37310, offset 0, flags [none], proto
UDP (17), length 60)

8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8


udp port 33458 unreachable, length 68
IP (tos 0x80, ttl 2, id 37309, offset 0, flags [none], proto
UDP (17), length 60)
8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33457 unreachable, length 68
IP (tos 0x80, ttl 1, id 37308, offset 0, flags [none], proto
UDP (17), length 60)
8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33459 unreachable, length 68
IP (tos 0x80, ttl 2, id 37310, offset 0, flags [none], proto
UDP (17), length 60)

Traceroute program will


come to know that our
destination has reached

Different types of
Traceroute program

UDP Traceroute
ICMP traceroute
TCP Traceroute

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy