Neperos
SIGN IN
Copy Link
Add to Bookmark
Report

TraceRoute

hacker's profile picture
@hacker
Published in 
2600 Salt Lake City
 · 12 Apr 2019

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=- 

                                -= TraceRoute =- 

                                -= By Grifter =- 
                            -= grifter@hektik.org =- 
                            
                           -= http://www.2600slc.org =- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 

 
� Intro 

Well, before you go getting your panties in a bunch, let me explain why this talk is about 
traceroute.  Let's face it, everyone has seen it, most of us use it often, and if you 
don't, you will.  TraceRoute is a great tool in the Network Technicians proverbial ToolBelt. 
But I would have to say that in my experience it is used most to find the "route" that your  
IP packets take on their way to and from a host machine. 

If you can't seem to connect to a machine/host, you can run traceroute to see where 
the problem lies.  If you're trying to connect to 2600slc.org but your packet dies on a  
router in Denver, you know that the problem is not on your network, but on a network in 
Denver.  I just figured that since many people use it and probably don't know what it's 
really doing, explaining traceroute would be a good topic. 

 

� TraceRoute and ICMP 

TraceRoute is part of the ICMP(Internet Control Message Protocol). ICMP is mostly used in 
error handling of network traffic between two systems.  There were originally 11 types of 
ICMP messages in RFC 792, but it has been through a few revisions and there are currently 
37 types of ICMP messages flying around out there. 

All ICMP messages are transmitted as IP datagrams.  Prepare to fear my ASCII skills... 

    1              7 8             15 16                         31  
   +---------------------------------------------------------------+ 
   | Type (8-bits)  | Code (8-bits)  |  Checksum (16-bits)         | 
   |---------------------------------------------------------------| 
   |                            Unused                             | 
   |---------------------------------------------------------------| 
   |   Data (Internet Header + 64 bits of Original Datagram)       | 
   +---------------------------------------------------------------+ 

OK, let me break this down... 

The "type" field holds the different values that determine which 
particular message is being sent. 

The "code" field holds the different sub-types of the message. 

The "checksum" is a count of the number of bits in a message so 
the receiver can check to see whether the same number of bits  
arrived.  If the counts match, it's assumed that the complete  
transmission was received. 

The "data" should be self-explanatory, but the IP Header is  
important.  The IP Header contains the source and destination 
IP addresses as well as a few other values, but the one we'll 
be focusing on is the TTL(Time to Live) value. 

Let's compare the ICMP datagram to a journal of one of the ever so exciting events that  
may be part of your life if you're 14-17 years old.  Let's say you tried to go over to  
your girlfriends to give her a sappy love letter(Data) you just wrote, that you know will 
score big points, but you only have a half hour(30 Minute TTL) to sneak out of your house 
and give it to her before your parents notice you're gone.  You run a few blocks over and  
throw rocks at her window trying to wake her up, but after about 20 minutes she never  
comes to the window.  You call it a loss and you jog back home. What you just experienced 
was an ICMP "Time Exceeded" or Type 11 error.  And this is what makes traceroute work. 

 

� How TraceRoute Works 

When a packet leaves a host, it is given an initial Time To Live (TTL) count, that is 
supposed to be large enough to allow it to arrive at it's destination.  Each gateway that 
it encounters along the way will decrease the TTL by 1.  If a gateway receives a message 
with a TTL of 0, the packet is dropped and an ICMP Time Exceeded message is sent back to 
the source host.  This keeps packets that go astray from just bouncing around the network 
and wasting the precious bandwidth you abuse to download porn. 

Traceroute sends an IP Datagram with a TTL value of 1 to the destination system.  The first 
router to handle the datagram decreases the TTL value by one and drops the packet.  After  
this happens the router sends an ICMP Time Exceeded message back to your system with it's 
IP address as the source address.  That is how you get the IP of the first router on the 
way to the destination system.  Then traceroute sends another datagram to the destination 
system with a TTL value of 2.  As it passes through the first router the value is decreased 
to 1, and is then dropped by the second router it encounters.  Which in turn sends it's own 
ICMP error, giving you the IP address of the second router on the way to the destination 
system.  Traceroute will continue to increase the TTL value by 1 until the destination 
system is reached. 

Now, when the destination is reached, the final TTL value of 1 will not be discarded and 
the packet would not be dropped.  Traceroute works around this problem by sending UDP 
packets to the destination system on very high ports that services are not likely to be 
running on.  When the packet can't be received on the designated port, the destination 
machine will return a ICMP "Port Unreachable" error message.  TraceRoute sees that it 
has received "Port Unreachable" instead of "Time Exceeded" and knows that the destination  
system has been reached, and the packets stop. 

So to sum it all up...  TraceRoute send UDP packets to a destination host with a TTL value 
of 1 and increases that value upon receiving an ICMP Time Exceeded error message from 
routers along the way.  Each routers error message contains it's IP address, which is  
recorded by TraceRoute.  The destination system returns a Port Unreachable error which lets 
TraceRoute know that its destination has been reached. 

 

� Conclusion 

Well, I hope that wasn't too mind numbingly boring for you.  Sometimes it's nice to know  
what's going on behind the curtain.  If you thought it sucked, why the hell did you continue 
to read this far along?  Shouldn't you have stopped a long time ago?   

Anyway, I just hope that maybe someone got something out of this.  TraceRoute is pretty kool 
to use, but it's even better when you know what it's doing. 

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- 
� 2600SLC.ORG 2002 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

AniphaeS's profile picture
@AniphaeS
18 Sep 2024
Colazione? :) auguri Papà :) buon compleanno
Adelaide's profile picture
@Adelaide
17 Sep 2024
Penso di si
AniphaeS's profile picture
@AniphaeS
17 Sep 2024
Erano quelli che avevamo comprato noi?
Adelaide's profile picture
@Adelaide
16 Sep 2024
Esatto
AniphaeS's profile picture
@AniphaeS
16 Sep 2024
Che buoniiiiiii spero ci siano quelli al pomodoro 💃
guest's profile picture
@guest
14 Sep 2024
I tested the codes and work like a charm
guest's profile picture
@guest
9 Sep 2024
nice picture
AniphaeS's profile picture
@AniphaeS
6 Sep 2024
Sailor Moon ❤️ my favorite cartoon when I was a child and still now ❤️
guest's profile picture
@guest
4 Sep 2024
와 진짜 신기하다;
eZine's profile picture
eZine lover (@eZine)
2 Sep 2024
This is difficult to answer. The last issue of the Anada ezine was published in 2004. After that, there was only silence ...
a Francesco Arca production 2016 - 2024
Terms of Service - Privacy Policy
neperos on mastodon
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT