In linux, traceroute is called tracert in MS Windows. Traceroute sends a small packet to the target device until it returns, to measure how long it takes. Traceroute of each device in a path must be tested three times. The output results contain the time (MS) of each test, the name of the device (if any), and its IP address.
In most cases, the command line traceroute hostname is directly executed on the linux host system.
In Windows, the tracert command is run: tracert hostname
1. command format:
Traceroute [parameter] [host]
2. command functions:
The traceroute command allows you to track the route of network data packets. the default data packet size is 40 Bytes, which can be set separately.
Specific parameter format: traceroute [-dFlnrvx] [-f <存活数值> ] [-G <网关> ...] [-I <网络界面> ] [-M <存活数值> ] [-P <通信端口> ] [-S <来源地址> ] [-T <服务类型> ] [-W <超时秒数> ] [Host name or IP address] [packet size]
3. command parameters:
-D uses the Socket-level troubleshooting function.
-F sets the TTL value of the first detected data packet.
-F: Do not disconnect the bits.
-G: You can set up to eight source route gateways.
-I uses the specified network interface to send data packets.
-I replace UDP data with ICMP response.
-M: sets the maximum TTL value of the packet to be detected.
-N directly uses the IP address rather than the host name.
-P: Set the communication port of UDP transmission protocol.
-R ignores common Routing tables and directly sends data packets to the remote host.
-S sets the IP address of the data packet sent from the local host.
-T sets the TOS value of the detection data packet.
-V displays the instruction execution process in detail.
-W: Set the time to wait for the return of the remote host.
-X enables or disables the packet correctness test.
4. example:
Example 1: traceroute is a simple and most commonly used method.
Command: traceroute www.baidu.com
Output:
Copy codeThe code is as follows:
[Root @ localhost ~] # Traceroute www.baidu.com
Traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets
1 192.168.74.2 (192.168.74.2) 2.606 MS 2.771 MS 2.950
2 211.151.56.57 (211.151.56.57) 0.596 MS 0.598 MS 0.591 MS
3 211.151.227.206 (211.151.227.206) 0.546 MS 0.544 MS 0.538 MS
4 210.77.139.145 (210.77.139.145) 0.710 MS 0.748 MS 0.801 MS
5 202.106.42.101 (202.106.42.101) 6.759 MS 6.945 MS 7.107 MS
6 61.148.154.97 (61.148.154.97) 718.908 MS * bt-228-025.bta.net.cn (202.106.228.25) 5.177 MS
7 124.65.58.213 (124.65.58.213) 4.343 MS 4.336 MS 4.367 MS
8 202.106.35.190 (202.106.35.190) 1.795 MS 61.148.156.138 (61.148.156.138) 1.899 MS 1.951 MS
9 ***
30 ***
[Root @ localhost ~] #
Note:
Record by serial number from 1, each record is a hop, each hop represents a Gateway, we see that each line has three times, the unit is MS, in fact, is the default parameter of-q. The time that the Gateway returns after the detection packet sends three data packets to each gateway. if you use traceroute-q 4 www.58.com, four data packets are sent to each gateway.
Sometimes when we traceroute a host, we will see some rows represented by asterisks. In this case, the firewall may block ICMP return information, so we cannot get any related data packets to return data.
Sometimes we have a long latency at a certain Gateway, which may be caused by a blocking of a gateway or physical device. Of course, if a DNS server fails to be resolved when the host name or domain name cannot be resolved, there will also be a long delay. you can add the-n parameter to avoid DNS resolution, output data in IP format.
If the network segments in the Lan are different, we can use traceroute to troubleshoot the problem, whether it is a host problem or a gateway problem. If a problem occurs when we remotely access a server, we use the Gateway that traceroute traces the data packet and submits it to the IDC service provider, which also helps solve the problem; however, it seems that it is difficult to solve such problems in China, that is, we find that the problem is located, and the IDC service provider cannot help us solve it.
Instance 2: hop count settings
Command: traceroute-m 10 www.baidu.com
Output:
Instance 3: The IP address is displayed, and the host name is not checked.
Command: traceroute-n www.baidu.com
Output:
Copy codeThe code is as follows:
[Root @ localhost ~] # Traceroute-n www.baidu.com
Traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets
1 211.151.74.2 5.430 MS 5.636 MS 5.802 MS
2 211.151.56.57 0.627 MS 0.625 MS 0.617 MS
3 211.151.227.206 0.575 MS 0.584 MS 0.576 MS
4 210.77.139.145 0.703 MS 0.754 MS 0.806 MS
5 202.106.42.101 23.683 MS 23.869 MS 23.998 MS
6 202.106.228.37 247.101 MS **
7 61.148.146.29 5.256 MS 124.65.58.213 4.386 MS 4.373 MS
8 202.106.35.190 1.610 MS 61.148.156.138 1.786 MS 61.148.3.34 2.089 MS
9 ***
30 ***
[Root @ localhost ~] # Traceroute www.baidu.com
Traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets
1 211.151.74.2 (211.151.74.2) 4.671 MS 4.865 MS 5.055 MS
2 211.151.56.57 (211.151.56.57) 0.619 MS 0.618 MS 0.612 MS
3 211.151.227.206 (211.151.227.206) 0.620 MS 0.642 MS 0.636 MS
4 210.77.139.145 (210.77.139.145) 0.720 MS 0.772 MS 0.816 MS
5 202.106.42.101 (202.106.42.101) 7.667 MS 7.910 MS 8.012 MS
6 bt-228-025.bta.net.cn (202.106.228.25) 2.965 MS 2.440 MS 61.148.154.97 (61.148.154.97) 431.337 MS
7 124.65.58.213 (124.65.58.213) 5.134 MS 5.124 MS 5.044 MS
8 202.106.35.190 (202.106.35.190) 1.917 MS 2.052 MS 2.059 MS
9 ***
30 ***
[Root @ localhost ~] #
Example 4: set the basic UDP port 6888 used by the probe package
Command: traceroute-p 6888 www.baidu.com
Output:
Copy codeThe code is as follows:
[Root @ localhost ~] # Traceroute-p 6888 www.baidu.com
Traceroute to www.baidu.com (220.181.111.147), 30 hops max, 40 byte packets
1 211.151.74.2 (211.151.74.2) 4.927 MS 5.121 MS 5.298 MS
2 211.151.56.1 (211.151.56.1) 0.500 MS 0.499 MS 0.509
3 211.151.224.90 (211.151.224.90) 0.637 MS 0.631 MS 0.641 MS
4 ***
5 220.181.70.98 (220.181.70.98) 5.050 MS 5.313 MS 5.596 MS
6 220.181.17.94 (220.181.17.94) 1.665 MS! X **
[Root @ localhost ~] #
Instance 5: set the number of probe packages to 4
Command: traceroute-q 4 www.baidu.com
Output:
Instance 6: Attackers can bypass the normal route table and directly send it to a host connected to the network.
Command: traceroute-r www.baidu.com
Output:
Copy codeThe code is as follows:
[Root @ localhost ~] # Traceroute-r www.baidu.com
Traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets
Connect: inaccessible network
[Root @ localhost ~] #
Instance 7: Set the wait time for response from the external probe package to 3 seconds.
Command: traceroute-w 3 www.baidu.com
Output:
Copy codeThe code is as follows:
[Root @ localhost ~] # Traceroute-w 3 www.baidu.com
Traceroute to www.baidu.com (61.135.169.105), 30 hops max, 40 byte packets
1 211.151.74.2 (211.151.74.2) 2.306 MS 2.469 MS 2.650 MS
2 211.151.56.1 (211.151.56.1) 0.621 MS 0.613 MS 0.603
3 211.151.227.206 (211.151.227.206) 0.557 MS 0.560 MS 0.552 MS
4 210.77.139.145 (210.77.139.145) 0.708 MS 0.761 MS 0.817 MS
5 202.106.42.101 (202.106.42.101) 7.520 MS 7.774 MS 7.902 MS
6 bt-228-025.bta.net.cn (202.106.228.25) 2.890 MS 2.369 MS 61.148.154.97 (61.148.154.97) 471.961 MS
7 124.65.58.221 (124.65.58.221) 4.490 MS 4.483 MS 4.472 MS
8 123.126.6.198 (123.126.6.198) 2.948 MS 61.148.156.6 (61.148.156.6) 7.688 MS 7.756 MS
9 ***
30 ***
[Root @ localhost ~] #
How Traceroute works:
Traceroute: traceroute hostname
The Traceroute program is designed To use the TTL (Time To Live) field of ICMP and IP header ). First, traceroute sends an IP datasync whose TTL is 1 (in fact, three 40-byte packets are sent each time, including the source address, destination address, and time tag sent by the package) to the destination, when the first router in the path receives the datax, it will reduce the TTL by 1. At this time, the TTL is changed to 0, so the vro will discard the datax and send back an "ICMP time exceeded" message (including the source address of the IP packet, all the content of the IP packet and the IP address of the router). after receiving the message, traceroute will know that the router exists in this path, and then traceroute will send a data packet whose TTL is 2, 2nd vrouters found ...... traceroute adds the TTL of the sent dataphin to 1 to find another vro. this repeated action continues until a dataphin reaches its destination. When datax arrives at the destination, the host does not return the ICMP time exceeded message because it is already the destination. how does traceroute know that the destination has arrived?
When Traceroute sends a UDP batch Rams to the destination, the port number it chooses to deliver is a number that is not used by general applications (more than 30000 ), therefore, when the UDP datax arrives at the destination, the host will return an "ICMP port unreachable" message. when traceroute receives the message, it will know that the destination has arrived. Therefore, traceroute does not have a Daemon program on the Server.
Traceroute extracts the IP address of the device that sends the icmp ttl expired message for domain name resolution. Each time, Traceroute prints a series of data, including the domain name and IP address of the route device that passes through, and it takes time for three packets to go back and forth.
Windows tracert:
Format:
Tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Parameter description:
Tracert [-d] [-h maximum_hops] [-j computer-list] [-w timeout] target_name
The diagnostic utility determines the route to the destination by sending an Internet Control Information Protocol (CMP) response packet with different TTL (TL) to the destination. Each vro on the path must reduce the TTL value by at least 1 before forwarding the ICMP response message. Therefore, TTL is a valid redirect count. When the TTL value of the packet is reduced to 0, the router sends the ICMP timeout message to the source system. Tracert can determine the route by sending the first response packet whose TTL is 1 and adding the TTL value to 1 each time in subsequent sending until the target response or the maximum TTL value is reached. Check the ICMP timeout (ime Exceeded) information sent back by the intermediate router to determine the router. Note that some routers "quietly" discard the expired packets of the time-to-live (TLS) and are invalid for tracert.
Parameters:
-D specifies the address not to be resolved by the computer name.
-H maximum_hops specifies the maximum number of jumps to the target.
-Jcomputer-list indicates loose source route in computer-list.
-W timeout: the number of milliseconds specified by timeout for each response.
The name of the target machine of target_name.
Instance:
Copy codeThe code is as follows:
C: \ Users \ Administrator> tracert www.58.com
Tracing route to www.58.com [221.187.111.30]
Over a maximum of 30 hops:
1 1 MS 1 MS 1 MS 10.58.156.1
2 1 MS <1 MS <1 MS 10.10.10.1
3 1 MS 1 MS 1 MS 211.103.193.129
4 2 MS 2 MS 2 MS 10.20.109.129
5 1 MS 1 MS 3 MS 124.205.98.205
6 2 MS 2 MS 2 MS 124.205.98.253
7 2 MS 6 MS 1 MS 202.99.1.125
8 5 MS 6 MS 5 MS 118.186.0.113
9 207 MS ** 118.186.0.106
10 8 MS 6 MS 11 MS 124.238.226.201
11 6 MS 7 MS 6 MS 219.148.19.177
12 12 MS 12 MS 16 MS 219.148.18.117
13 14 MS 17 MS 16 MS 219.148.19.125
14 13 MS 13 MS 12 MS 202.97.80.113
15 *** Request timed out.
16 12 MS 12 MS 17 MS bj141-147-82.bjtelecom.net [219.141.147.82]
17 13 MS 13 MS 12 MS 202.97.48.2
18 *** Request timed out.
19 14 MS 14 MS 12 MS 221.187.224.85
20 15 MS 13 MS 12 MS 221.187.104.2
21 *** Request timed out.
22 15 MS 17 MS 18 MS 221.187.111.30
Trace complete.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
