Copy Link
Add to Bookmark
Report

TraceRoute

hacker's profile picture
Published in 
2600 Salt Lake City
 · 5 years ago

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-

-= TraceRoute =-

-= By Grifter =-
-= grifter@hektik.org =-

-= http://www.2600slc.org =-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


� Intro

Well, before you go getting your panties in a bunch, let me explain why this talk is about
traceroute. Let's face it, everyone has seen it, most of us use it often, and if you
don't, you will. TraceRoute is a great tool in the Network Technicians proverbial ToolBelt.
But I would have to say that in my experience it is used most to find the "route" that your
IP packets take on their way to and from a host machine.

If you can't seem to connect to a machine/host, you can run traceroute to see where
the problem lies. If you're trying to connect to 2600slc.org but your packet dies on a
router in Denver, you know that the problem is not on your network, but on a network in
Denver. I just figured that since many people use it and probably don't know what it's
really doing, explaining traceroute would be a good topic.



� TraceRoute and ICMP

TraceRoute is part of the ICMP(Internet Control Message Protocol). ICMP is mostly used in
error handling of network traffic between two systems. There were originally 11 types of
ICMP messages in RFC 792, but it has been through a few revisions and there are currently
37 types of ICMP messages flying around out there.

All ICMP messages are transmitted as IP datagrams. Prepare to fear my ASCII skills...

1 7 8 15 16 31
+---------------------------------------------------------------+
| Type (8-bits) | Code (8-bits) | Checksum (16-bits) |
|---------------------------------------------------------------|
| Unused |
|---------------------------------------------------------------|
| Data (Internet Header + 64 bits of Original Datagram) |
+---------------------------------------------------------------+

OK, let me break this down...

The "type" field holds the different values that determine which
particular message is being sent.

The "code" field holds the different sub-types of the message.

The "checksum" is a count of the number of bits in a message so
the receiver can check to see whether the same number of bits
arrived. If the counts match, it's assumed that the complete
transmission was received.

The "data" should be self-explanatory, but the IP Header is
important. The IP Header contains the source and destination
IP addresses as well as a few other values, but the one we'll
be focusing on is the TTL(Time to Live) value.

Let's compare the ICMP datagram to a journal of one of the ever so exciting events that
may be part of your life if you're 14-17 years old. Let's say you tried to go over to
your girlfriends to give her a sappy love letter(Data) you just wrote, that you know will
score big points, but you only have a half hour(30 Minute TTL) to sneak out of your house
and give it to her before your parents notice you're gone. You run a few blocks over and
throw rocks at her window trying to wake her up, but after about 20 minutes she never
comes to the window. You call it a loss and you jog back home. What you just experienced
was an ICMP "Time Exceeded" or Type 11 error. And this is what makes traceroute work.



� How TraceRoute Works

When a packet leaves a host, it is given an initial Time To Live (TTL) count, that is
supposed to be large enough to allow it to arrive at it's destination. Each gateway that
it encounters along the way will decrease the TTL by 1. If a gateway receives a message
with a TTL of 0, the packet is dropped and an ICMP Time Exceeded message is sent back to
the source host. This keeps packets that go astray from just bouncing around the network
and wasting the precious bandwidth you abuse to download porn.

Traceroute sends an IP Datagram with a TTL value of 1 to the destination system. The first
router to handle the datagram decreases the TTL value by one and drops the packet. After
this happens the router sends an ICMP Time Exceeded message back to your system with it's
IP address as the source address. That is how you get the IP of the first router on the
way to the destination system. Then traceroute sends another datagram to the destination
system with a TTL value of 2. As it passes through the first router the value is decreased
to 1, and is then dropped by the second router it encounters. Which in turn sends it's own
ICMP error, giving you the IP address of the second router on the way to the destination
system. Traceroute will continue to increase the TTL value by 1 until the destination
system is reached.

Now, when the destination is reached, the final TTL value of 1 will not be discarded and
the packet would not be dropped. Traceroute works around this problem by sending UDP
packets to the destination system on very high ports that services are not likely to be
running on. When the packet can't be received on the designated port, the destination
machine will return a ICMP "Port Unreachable" error message. TraceRoute sees that it
has received "Port Unreachable" instead of "Time Exceeded" and knows that the destination
system has been reached, and the packets stop.

So to sum it all up... TraceRoute send UDP packets to a destination host with a TTL value
of 1 and increases that value upon receiving an ICMP Time Exceeded error message from
routers along the way. Each routers error message contains it's IP address, which is
recorded by TraceRoute. The destination system returns a Port Unreachable error which lets
TraceRoute know that its destination has been reached.



� Conclusion

Well, I hope that wasn't too mind numbingly boring for you. Sometimes it's nice to know
what's going on behind the curtain. If you thought it sucked, why the hell did you continue
to read this far along? Shouldn't you have stopped a long time ago?

Anyway, I just hope that maybe someone got something out of this. TraceRoute is pretty kool
to use, but it's even better when you know what it's doing.



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
� 2600SLC.ORG 2002
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT