Wednesday, December 30, 2009

Trace route

Traceroute works by exploiting a feature of the Internet Protocol called TTL, or Time To Live.

Traceroute reveals the path IP packets travel between two systems by sending out consecutive UDP packets with ever-increasing TTLs .

As each router processes a IP packet, it decrements the TTL. When the TTL reaches zero, it sends back a "TTL exceeded" message (using ICMP) to the originator.

Routers with DNS entries reveal the name of routers, network affiliation and geographic location.

The best way to find the route to the target systems is to use the traceroute utility provided with most operating systems. Traceroute utility can detail the path IP packets travel between two systems. It can trace the number of routers the packets travel through, the time duration in transiting between two routers, and, if the routers have DNS entries, the names of the routers and their network affiliation and geographic location.

Let us see how traceroute works. Traceroute sends out a packet destined for the destination specified. It sets the TTL field in the packet to 1. The first router in the path receives the packet, decrements the TTL value by 1, and if the resulting TTL value is o, it discards the packet and sends a message back to the originating host to inform it that the packet has been discarded. Traceroute records the IP address and DNS name (if available) of that router, then sends out another packet with a TTL value of 2. This packet makes it through the first router, then times-out at the next router in the path. This second router also sends an error message back to the originating host. Traceroute continues to do this, recording the IP address and name of each router until a packet finally reaches the target host, or until it decides that the host is unreachable. In the process, traceroute records the time it took for each packet to travel round trip to each router.

Let us see what a tracert 216.239.36.10 command at the command prompt for windows results in.


C:\>tracert 216.239.36.10
 

Tracing route to ns3.google.com [216.239.36.10] over a maximum of 30 hops:

  1  2171 ms  1405 ms  1530 ms  194.170.2.57

  2  2685 ms  1280 ms   655 ms  dxb-emix-ra.ge6303.emix.ae
[195.229.31.99]

  3  1622 ms  2377 ms  2061 ms  eqixva-google-gige.google.com
[206.223.115.21]

  4  2498 ms   968 ms   593 ms  216.239.48.193

  5  1108 ms  1683 ms  2062 ms  ns3.google.com [216.239.36.10]

  Trace complete.

While this is what a simple traceroute might result in, there are web interfaces where a more detailed traceroute can be done and more information obtained. One such interface is available at http://www.opus1.com


traceroute to 216.239.36.10 (216.239.36.10), 30 hops max, 40 byte
packets

1 manny.Firewall.Opusl.COM (192.245.12.95)
[AS22772/AS3908/AS6373/AS5650] [email protected]  4.883 ms

2  Opus-GW (207.182.35.49) [AS22772/AS6373] [email protected]
14.648 ms

3  66.62.80.165 (66.62.80.165) [AS6983] root@[email protected]
addr.arpa  18.554 ms

4  laxl-core-02.tamerica.net (66.62.5.194) [AS6983] root@in-
[email protected]  47.849 ms

5  216.239.48.94 (216.239.48.94) [AS15169] [email protected]
108.391 ms

0 comments:

Post a Comment