traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. Traceroute is available on most operating systems.
On the Apple Mac, traceroute is available through opening 'Network Utilities' then selecting 'Traceroute' tab. On Microsoft Windows operating systems it is named tracert. Windows NT-based operating systems also provide PathPing, with similar functionality. Variants with similar functionality are also available, such as tracepath on Linux installations. For Internet Protocol Version 6 (IPv6) the tool sometimes has the name traceroute6.
Contents |
Traceroute sends a sequence of Internet Control Message Protocol (ICMP) echo request packets addressed to a destination host. Determining the intermediate routers traversed involves adjusting the time-to-live (TTL) aka hop limit Internet Protocol parameter. Frequently starting with a value like 128 (Windows) or 64 (Linux), routers decrement this and discard a packet when the TTL value has reached zero, returning the ICMP error message ICMP Time Exceeded.
Traceroute works by increasing the TTL value of each successive set of packets sent. The first set of packets sent have a hop limit value of 1, expecting that they are not forwarded by the first router. The next set have a hop limit value of 2, so that the second router will send the error reply. This continues until the destination host receives the packets and returns an ICMP Echo Reply message.
Traceroute uses the returned ICMP messages to produce a list of routers that the packets have traversed. The timestamp values returned for each router along the path are the delay (aka latency) values, typically measured in milliseconds for each packet.
Hop 192.168.1.2 Depth 1
Probe status: unsuccessful
Parent: ()
Return code: Label-switched at stack-depth 1
Sender timestamp: 2008-04-17 09:35:27 EDT 400.88 msec
Receiver timestamp: 2008-04-17 09:35:27 EDT 427.87 msec
Response time: 26.92 msec
MTU: Unknown
Multipath type: IP
Address Range 1: 127.0.0.64 ~ 127.0.0.127
Label Stack:
Label 1 Value 299792 Protocol RSVP-TE
The originating host expects a reply within a specified number of seconds. If a packet is not acknowledged within the expected timeout, an asterisk is displayed. The hosts listed may not be hosts used by other packets. The Internet Protocol does not require that packets between two hosts take the same route. Also note that if the host at hop number N does not reply, the hop will be skipped in the output.
On Unix-like operating systems, the traceroute utility by default uses User Datagram Protocol (UDP) datagrams with destination port numbers from 33434 to 33534. The traceroute utility usually has an option to specify use of ICMP echo request (type 8) instead, as used by the Windows tracert utility. If a network has a firewall and operates both MS Windows and Unix-like systems, both protocols must be enabled inbound through the firewall.
There are also traceroute implementations that use TCP packets, such as tcptraceroute or layer four traceroute. PathPing is a utility introduced with Windows NT that combines ping and traceroute functionality. MTR is an enhanced version of ICMP traceroute which is available for Unix-like and Windows systems. All implementations of traceroute rely on ICMP (type 11) packets being sent to the originator.
The implementations of traceroute shipped with Linux, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, and Mac OS X include an option to use ICMP Echo packets (-I) or any arbitrary protocol (-P) such as UDP, TCP, ICMP,
Most implementations include at least options to specify the number of queries to send per hop, time to wait for a response, the hop limit and port to use. Traceroute will display the options if invoked without any, man traceroute will display details including error flags displayed. Simple example on linux:
traceroute -w 3 -q 1 -m 16 example.com
Only wait 3 seconds (instead of 5), only send out 1 query to each hop (instead of 3), limit the maximum number of hops to 16 before giving up (instead of 30) with the final host example.com
This can help identify incorrect routing table definitions or firewalls that may be blocking ICMP traffic, or high port UDP in UNIX ping, to a site. Note that a firewall may permit ICMP packets but not permit packets of other protocols.
Traceroute is also used by penetration testers to gather information about network infrastructure and IP ranges around a given host.
It can also be used when downloading data, and if there are multiple mirrors available for the same piece of data, one can trace each mirror to get a good idea of which mirror would be the fastest to use.
The traceroute manual page states that the original traceroute program was written by Van Jacobson in 1987 from a suggestion by Steve Deering, with particularly cogent suggestions or fixes from C. Philip Wood, Tim Seaver and Ken Adelman. Also, the inventor of the ping program, Mike Muuss, states on his website, that traceroute was written using kernel ICMP support, that he had earlier coded, to enable raw ICMP sockets when he first wrote the ping program.[1]
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||
This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.