Common Linux Network Tools: traceroute for Route Scanning

Common Linux Network Tools: traceroute for Route Scanning

The previous two articles "common Linux Network Tools: fping host scanning" and "common Linux Network Tools: hping advanced host scanning" are about host scanning, this article describes traceroute and mtr, a common route scanning tool in Linux.

Route scanning mainly queries the number of Route hops from the local host to another host and the data delay.

Traceroute basic usage

--------------------------------------------------------------------------------

The routing scanning tool is implemented by TTL. Every time a packet passes through a vro, its survival time is reduced by 1. When the survival time is 0, the host cancels the data packet and sends an icmp ttl data packet to the sender of the original data packet, the routing scanning tool obtains the information of each hop route through the sent ICMP.

Traceroute in Linux is similar to tracert in Windows. The difference is that tracert in Windows sends ICMP packets, while traceroute in Linux sends UDP packets.

Because traceroute uses the UDP protocol, the default port number of traceroute is 33433. Generally, this port is not used by applications, so the target host will return ICMP.

Traceroute also supports sending TCP and ICMP:

-I -- icmp Use ICMP ECHO for tracerouting
-T -- tcp Use tcp syn for tracerouting
-P port -- port = port

Generally, the traceroute tool is installed in Linux by default. If not, install the traceroute tool in yum.

The simplest basic usage of traceroute is traceroute hostname. Example:

# Traceroute 192.168.0.99
Traceroute to 192.168.0.99 (192.168.0.99), 30 hops max, 60 byte packets
1 192.168.2.1 (192.168.2.1) 5.642 MS 5.901 MS 12.287 MS
2 192.168.0.99 (192.168.0.99) 0.416 MS 1.193 MS 1.045 MS

Traceroute tests each node three times, so each row has three times. Through this time, we can analyze which route node has the largest latency.

Traceroute tips

--------------------------------------------------------------------------------

Some websites using traceroute may not be able to reach the final node, such:

This is mainly because some servers have blocked UDP packets, so ICMP is not returned.

For hosts with HTTP services, you can use the traceroute parameter settings to use the TCP protocol for testing to obtain the final node:

This article permanently updates the link address: