它发送一份TTL字段为1的IP数据包给目的主机,处理这份数据包的第一个路由器将TTL值减1,丢弃该数据包,并发送一份超时ICMP报文。 这样就得到了该路径中的第一个路由器的地址。 然后traceroute 在发送一份TTL=2的数据包,这样我们就能得到第二个路由器的地址, 继续这个过程直至该数据包到达目的地主机。
我们看到,初始的TTL最大值为30, 是60byte 的packets.
你如果星号*是因为过了5秒没有反应,就设为*
TTL:time to live Limit on number of routers through which a datagram can pass.
Traceroute
TTL
ICMP message time exceeded
port unreachable Tracerooute
traceroute send IP datagram with TTL of 1. the first route to handle datagram decrement TTL and discard the data and send back ICMP time exceeded.
traceroute send IP datagram with TTL of 2. the second route to handle datagram decrement TTL and discard the data and send back ICMP time exceeded.
...
4. After Traceroute reach the destination.
Traceroute sends UDP dataprograms to the destination host, but it shoose the dst UDP port number to be unlikely value ( large than 30000), makeing it impossbile that an application using this port.
this cause the host's UDP module to generate an ICMP "port unreachable" error.
note:
There is no guarantee that the route today will be in use tomorrow, or even that two consecutive IP datagrams follow the same route.
There is no guarantee that send path and return path are the same.
traceroute does reverse name lookup to check the name of the routers.
[root@localhost etc]# traceroute www.google.com
traceroute to www.google.com (216.58.196.196), 30 hops max, 60 byte packets
1 10.35.16.1 (10.35.16.1) 1.733 ms 1.653 ms 1.790 ms
2 10.35.23.25 (10.35.23.25) 0.395 ms 0.362 ms 0.509 ms
3 10.35.23.6 (10.35.23.6) 66.342 ms 66.196 ms 66.250 ms
4 10.4.242.29 (10.4.242.29) 66.381 ms 66.243 ms 66.095 ms
5 10.0.66.98 (10.0.66.98) 67.480 ms 67.293 ms 67.307 ms
6 192.168.12.5 (192.168.12.5) 67.588 ms 68.656 ms 68.604 ms
7 192.55.14.30 (192.55.14.30) 68.554 ms 68.506 ms 68.569 ms
8 192.55.14.34 (192.55.14.34) 69.613 ms 69.053 ms 68.715 ms
9 203.117.132.49 (203.117.132.49) 70.058 ms 78.132 ms 86.226 ms
10 203.118.15.241 (203.118.15.241) 70.210 ms 87.421 ms 203.118.15.237 (203.118.15.237) 70.424 ms
11 203.118.16.2 (203.118.16.2) 70.013 ms 77.701 ms 203.118.15.254 (203.118.15.254) 70.224 ms
12 74.125.51.73 (74.125.51.73) 69.940 ms 69.799 ms 69.871 ms
13 108.170.240.163 (108.170.240.163) 70.629 ms 108.170.240.36 (108.170.240.36) 71.440 ms 108.170.240.98 (108.170.240.98) 75.486 ms
14 216.239.40.129 (216.239.40.129) 71.299 ms 216.239.42.47 (216.239.42.47) 71.691 ms 71.494 ms
15 64.233.175.108 (64.233.175.108) 76.205 ms 72.14.234.40 (72.14.234.40) 76.539 ms 64.233.175.108 (64.233.175.108) 75.869 ms
16 209.85.250.173 (209.85.250.173) 76.159 ms 76.020 ms 75.854 ms
17 kul06s14-in-f4.1e100.net (216.58.196.196) 76.028 ms 75.816 ms 75.876 ms
后面是重一个网页上摘录下来的, 写的灰常好。
Traceroute is a program that shows your route taken by packets through a network. Yes. It traces the route of packets from source to destination.
It sends a UDP packet to the destination taking advantage of ICMP's messages. So let's take a brief look at what ICMP and it's messages are.
ICMP(Internet Control Message Protocol) is a companion to the IP protocol. It compsensates the IP protocol in error reporting since IP protocol doesn't have an error reporting method in place.
ICMP only reports errors and expects higher layers of the OSI architecture model to handle and correct the errors.
ICMP has two types of message - error reporting message and query messages.
Query messages are generally used to diagnose network problems ( the ping tool uses ICMP's query messages). The error-reporting messages as the name suggests report errors if any in the IP packet.There are five types of error-reporting messages:
Destination unreachable
Time exceeded
source Quench
Parameter Problem
Redirection
Traceroute uses the first two error-reporting messages - Destination unreachable and time exceeded
Now let's dive into the juice parts. starting with the image of the process' overview.
- Traceroute creates a UDP packet from the source to destination with the TTL(Time-to-live =1)
The UDP packet reaches the first router wherethe router decrements the value of TTL by 1, thus making our DUP packets TTL=0, and hence teh packet gets dropped, it sends an ICMP message ( time exceeded) back to the source
- Traceroute makes a note of the router's address and the time taken for the round-trip.
It sends two more packets (usually 3 packets) in the same way to get an average value of the round-trip time. Usually, the first round-trip takes longer than the other two duo to the delay in ARP finding the physical. the address stays in the ARP cache during the second and the third time and hence the process speeds up.
- The steps that have occurred uptil now, occur again and again until the destination has been reached. the only change that happends is that the TTL is incremented by 1 when the UDP packet is to be sent to next router/host.
- Once the destination is reached, Time exceeded ICMP message is not sent back this time becaused the destination has already been reached.
But, the UDP packet used by tracerouet specifies the destination port number to be one that is not usually used for UDP. Hence. when the destination computer verifies the headers ot the UPD packet, the packet gets dropped duo to improper port being used and an ICMP message(this time- Destination Unreachable ) is sent back to the source.
- When Traceroute encounters this message, it understands that the destinatio has been reached. Even the destinatnion is reached 3 times to get the average of the round-trip time.
See by orign articles.