Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Traceroute"

From NetSec
Jump to: navigation, search
 
(5 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{expand}}
+
Traceroute is a command-line tool that can be used to identify all of the routing hops between two hosts by intentionally exceeding response time from every gateway to a destination. It's usefulness is shown when findind an <i>intermediate</i> server for information gathering, or for checking where in a network a site is failing or bottlenecking.
Traceroute is a command-line tool that can be used to identify all of the routing hops between two hosts by intentionally exceeding response time from every gateway to a destination. It's usefulness is shown when you need to find an <i>intermediate</i> server for information gathering, or for checking where in a network a site is failing or bottlenecking.
+
  
 
==Performing a Traceroute==
 
==Performing a Traceroute==
Line 27: Line 26:
 
  11    *      123 ms  107 ms  74.125.237.9
 
  11    *      123 ms  107 ms  74.125.237.9
 
Trace complete.}}
 
Trace complete.}}
 +
 
This example shows 3 trace packets being sent, resulting in 3 columns of time between each hop. When the trace fails to reach its destination or expires, an asterisk appears in the appropriate column. Also note that in this example, there are 11 hops with the first being the router and the last being the destination (google.com).  
 
This example shows 3 trace packets being sent, resulting in 3 columns of time between each hop. When the trace fails to reach its destination or expires, an asterisk appears in the appropriate column. Also note that in this example, there are 11 hops with the first being the router and the last being the destination (google.com).  
  
Line 60: Line 60:
 
  7  203.208.149.25 (203.208.149.25)  317.534 ms  308.116 ms  307.507 ms
 
  7  203.208.149.25 (203.208.149.25)  317.534 ms  308.116 ms  307.507 ms
 
  8  203.208.186.10 (203.208.186.10)  245.835 ms  247.878 ms  248.862 ms
 
  8  203.208.186.10 (203.208.186.10)  245.835 ms  247.878 ms  248.862 ms
  9  so-1-1-0.pat1.dce.yahoo.com (216.115.101.129) 286.774 ms  289.702 ms so-1-1-0.pat2.dce.yahoo.com (216.115.101.131) 326.470 ms
+
  9  216.115.101.129  286.774 ms  289.702 ms 216.115.101.131  326.470 ms
 
  10  ge-2-1-0-p141.msr1.re1.yahoo.com (216.115.108.19)  324.044 ms  324.497 ms  326.011 ms
 
  10  ge-2-1-0-p141.msr1.re1.yahoo.com (216.115.108.19)  324.044 ms  324.497 ms  326.011 ms
  11  ge-1-32.bas-a1.re3.yahoo.com (66.196.112.35) 333.479 ms  333.019 ms ge-1-41.bas-2.re3.yahoo.com (66.196.112.201) 292.967 ms
+
  11  66.196.112.35  333.479 ms  333.019 ms 66.196.112.201  292.967 ms
 
  12  * * *
 
  12  * * *
 
  13  * * *
 
  13  * * *
Line 69: Line 69:
  
 
==Options for Traceroute==
 
==Options for Traceroute==
 +
 +
* -4
 +
** Force IPv4
 +
* -6
 +
** Force IPv6
 +
* -F
 +
** Do not fragment packets
 +
* -I
 +
** ICMP tracerouting
 +
* -T
 +
** TCP tracerouting
 +
* -i
 +
** Interface
 +
* -m
 +
** Maximum hops
 +
* -n
 +
** Do not resolve IP address
 +
*  -w waittime
 +
** Wait time for each packet
 +
*  -U
 +
** Use UDP tracerouting
 +
 +
== TCP Traceroute ==
 +
=== vs. UDP/ICMP ===
 +
 +
The problem with traceroutes nowadays is that most CPE and routing devices filter out unsolicited UDP packets, some even DROP the incoming packet so that it receives no icmp-port-unreachable reply, thus giving the famous * * *.
 +
 +
=== What you can do ===
 +
 +
==== Windows ====
 +
 +
[http://winmtr.sourceforge.net/ WinMTR]
 +
 +
  mtr combines the functionality of the '[[traceroute]]' and 'ping' programs in a single network diagnostic tool.
 +
 +
  As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network
 +
  hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running
 +
  statistics about each machine.
 +
 +
==== Linux ====
 +
 +
Some distributions (including [[http://www.gentoo.org/ gentoo]]) allow you to run the [[traceroute]] command from the command line as follows:
 +
 +
  traceroute -T -p 80 domain.tld
 +
 +
 +
[http://www.bitwizard.nl/mtr/ mtr]
 +
 +
  Same as above, only for [[Linux]]. 
 +
 +
{{expand}}
  
 
[[Category:Protocols]]
 
[[Category:Protocols]]
 +
[[Category:Administration]]

Latest revision as of 10:39, 20 October 2012

Traceroute is a command-line tool that can be used to identify all of the routing hops between two hosts by intentionally exceeding response time from every gateway to a destination. It's usefulness is shown when findind an intermediate server for information gathering, or for checking where in a network a site is failing or bottlenecking.

Performing a Traceroute

To perform from windows: from a command prompt type

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\> tracert domain.com

To perform in a Linux/Unix Terminal type

Terminal

localhost:~ $ traceroute domain.com

Example of Tracert

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\> tracert google.com

Tracing route to google.com [74.125.237.9] over a maximum of 30 hops:

 1     6 ms     4 ms     1 ms  192.168.0.1
 2    49 ms    33 ms    40 ms  123.123.123.123
 3    84 ms   173 ms   107 ms  172.11.11.11
 4    43 ms    84 ms    57 ms  172.22.22.22
 5     *       70 ms   136 ms  110.110.110.110
 6    86 ms    31 ms    33 ms  203.203.11.11
 7   170 ms     *       83 ms  203.203.22.22
 8   117 ms    68 ms    88 ms  74.125.50.1
 9   109 ms    69 ms    73 ms  66.249.50.1
10    85 ms    73 ms   152 ms  72.14.237.47
11     *      123 ms   107 ms  74.125.237.9
Trace complete.

This example shows 3 trace packets being sent, resulting in 3 columns of time between each hop. When the trace fails to reach its destination or expires, an asterisk appears in the appropriate column. Also note that in this example, there are 11 hops with the first being the router and the last being the destination (google.com).

Options for Tracert

  • -d
    • Do not resolve addresses of router interfaces to host names.
     E.g: wwwcomcast-vip.westchester.pa.bo.comcast.net [69.241.45.4] becomes 69.241.45.4.
  • -h < maximum_hops >
    • Limits number of hops to get to the specified domain.
  • -j < host_list >
    • Loose source routing along the host-list (IPV4-only).
  • -w < timeout >
    • Wait timeout milliseconds for each reply.
  • -R
    • Trace round-trip path (IPV6-only).
  • -S < srcaddr >
    • Source address to use (IPV6-only).
  • -4
    • Force IPV4
  • -6
    • Force IPV6

Example of Traceroute

Terminal

localhost:~ $ traceroute yahoo.com

traceroute to www.yahoo.com (69.147.114.210), 30 hops max, 40 byte packets
1  10.2.71.1 (10.2.71.1)  21.965 ms   22.035 ms   22.111 ms
2  (ISP) (ISP gateway)  22.510 ms   25.716 ms   26.073 ms
3  61.246.224.209 (61.246.224.209)  69.212 ms   59.778 ms   63.334 ms
4  59.145.6.1 (59.145.6.1)  65.632 ms   64.750 ms   64.868 ms
5  59.145.11.69 (59.145.11.69)  63.562 ms   64.219 ms   63.742 ms
6  203.208.143.241 (203.208.143.241)  318.632 ms   307.733 ms   316.650 ms
7  203.208.149.25 (203.208.149.25)  317.534 ms   308.116 ms   307.507 ms
8  203.208.186.10 (203.208.186.10)  245.835 ms   247.878 ms   248.862 ms
9  216.115.101.129  286.774 ms   289.702 ms 216.115.101.131  326.470 ms
10  ge-2-1-0-p141.msr1.re1.yahoo.com (216.115.108.19)  324.044 ms   324.497 ms   326.011 ms
11  66.196.112.35  333.479 ms   333.019 ms  66.196.112.201  292.967 ms
12  * * *
13  * * *
14  * * *
15  * * *

Options for Traceroute

  • -4
    • Force IPv4
  • -6
    • Force IPv6
  • -F
    • Do not fragment packets
  • -I
    • ICMP tracerouting
  • -T
    • TCP tracerouting
  • -i
    • Interface
  • -m
    • Maximum hops
  • -n
    • Do not resolve IP address
  • -w waittime
    • Wait time for each packet
  • -U
    • Use UDP tracerouting

TCP Traceroute

vs. UDP/ICMP

The problem with traceroutes nowadays is that most CPE and routing devices filter out unsolicited UDP packets, some even DROP the incoming packet so that it receives no icmp-port-unreachable reply, thus giving the famous * * *.

What you can do

Windows

WinMTR

 mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.
 As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network
 hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running
 statistics about each machine. 

Linux

Some distributions (including [gentoo]) allow you to run the traceroute command from the command line as follows:

 traceroute -T -p 80 domain.tld


mtr

 Same as above, only for Linux.   
This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.