【My Study Note】Traceroute
Traceroute
With ping, you now have a way to determine if you can reach a certain computer from another one. You can also understand the general quality of the connection. But communications across networks, especially across the Internet usually, cross lots of intermediary nodes.
Sometimes, you need a way to determine where in the long chain of router hops the problems actually are. Traceroute to the rescue.
Traceroute is an awesome utility that lets you discover the paths between two nodes, and gives you information about each hop along the way.
The way traceroute works, is through a clever manipulation technique of the TTL field at the IP level. The TTL field is decremented by one, by every router that forwards the packet. When the TTL field reaches zero, the packet is discarded and an ICMP Time Exceeded message is sent back to the originating host.
Traceroute uses the TTL field by first setting it to one for the first packet, then two for the second, three for the third, and so on.
By doing this clever little action, traceroute makes sure that the very first packet sent will be discarded by the first router hop. This results in an ICMP Time Exceeded message, the second packet will make it to the second router, the third will make it to the third, and so on.
This continues until the packet finally makes it all the way to its destination. For each hop, traceroute will send three identical packets.
Just like with ping, the output of a traceroute command is pretty simple. On each line, you’ll see the number of the hop and the round trip time for all three packets.
You will also see the IP of the device at each hop, and a host name if traceroute can resolve one.
On Linux and MacOS, traceroute sends UDP packets to very high port numbers.
traceroute google.comOn Windows, the command has a shortened name tracert, and defaults to using ICMP echo request.
tracert google.comOn all platforms, traceroute has more options than can be specified using command line flags. Two more tools that are similar to traceroute are mtr on Linux and MacOS and pathping on Windows.
These two tools act as long running traceroutes. So you can better see how things change over a period of time.
Mtr works in real time and will continually update its output with all the current aggregate data about the traceroute. You can compare this with pathping, which runs for 50 seconds and then displays the final aggregate data all at once.