Difference between traceroute and tracert
Recently, when reading the TCP/IP details Volume 1, the traceroute and tracert commands gave me a small pitfall. The two were originally different.
I captured packets under windows, but I still cannot catch udp packets ....
I also reminded myself that it was time to read a book !!!
Both are used to detect the IP addresses that route data packets from the source to the destination, but the methods used to detect data packets are different.
Differences:
I. Different application environments
Tracert is applied in windows.
Traceroute is applied in linux/BSD/router/UNIX.
Tracert is a common command line tool in Windows and traceroute in UNIX. All are UDP-based route detection.
Tracert is a routing tracking utility used to determine the path adopted by the IP datagram access target. The Tracert command uses the ip ttl field and the ICMP error message to determine the route from one host to other hosts on the network.
Working principle and process:
By sending "Internet Control Message Protocol (ICMP)" response packets with different TTL values to the target, the Tracert diagnostic program determines the route adopted by the target. Each vro on the path must at least decrease the TTL of the data packet by 1 before forwarding the data packet. When the TTL value on the data packet is reduced to 0, the router should send the "ICMP timeout" message back to the source system.
Tracert sends a response packet whose TTL is 1, and increases TTL by 1 in each subsequent sending process until the target response or TTL reaches the maximum value to determine the route. Check the ICMP timeout message sent back by the Intermediate router to determine the route. Some routers directly discard TTL expired data packets without asking, which is not seen in the Tracert utility.
The Tracert command prints out the list of nearby router interfaces in the path that returns the "ICMP timeout" message in sequence. If the-d option is used, the Tracert utility does not query DNS on each IP address.
In the following example, data packets must pass through two routers (10.0.0.1 and 192.168.0.1) to reach host 172.16.0.99. The default gateway of the host is 10.0.0.1, And the IP address of the router on the 192.168.0.0 network is 192.168.0.1.
C: \> tracert 172.16.0.99-d
Tracing route to 172.16.0.99 over a maximum of 30 hops
1 2 s 3 s 2 s 10, 0.0, 1
2 75 MS 83 MS 88 MS 192.168.0.1
3 73 MS 79 MS 93 MS 172.16.0.99
Trace complete.
The Traceroute program is designed To use the TTL (Time To Live) field of ICMP and IP header ). First, traceroute sends an IP datasync whose TTL is 1 (in fact, three 40-byte packets are sent each time, including the source address, destination address, and time tag sent by the package) to the destination, when the first router in the path receives the datax, it will reduce the TTL by 1. At this time, the TTL is changed to 0, so the vro will discard the datax and send back an "ICMP time exceeded" message (including the source address of the IP packet, all the content of the IP packet and the IP address of the router). After receiving the message, traceroute will know that the router exists in this path, and then traceroute will send a data packet whose TTL is 2, 2nd vrouters found ...... traceroute adds the TTL of the sent dataphin to 1 to find another vro. This repeated action continues until a dataphin reaches its destination. When datax arrives at the destination, the host does not return the ICMP time exceeded message because it is already the destination. How does traceroute know that the destination has arrived?
When Traceroute sends a UDP batch Rams to the destination, the port number it chooses to deliver is a number that is not used by general applications (more than 30000 ), therefore, when the UDP datax arrives at the destination, the host will return an "ICMP port unreachable" message. When traceroute receives the message, it will know that the destination has arrived. Therefore, traceroute does not have a Daemon program on the Server.
Traceroute extracts the IP address of the device that sends the icmp ttl expired message for domain name resolution. Each time, Traceroute prints a series of data, including the domain name and IP address of the route device that passes through, and it takes time for three packets to go back and forth.
Traceroute has a fixed waiting time for response (icmp ttl expired message ). If this time expires, it prints a series of * numbers indicating that the device cannot send an icmp ttl expiration message response within the specified time on this path. Then, Traceroute adds 1 to the TTL recorder and continues.
Ii. Test methods and test data types are different
By default, tracert sends ICMP request echo data packets to the destination address, while traceroute sends UDP data packets to a port greater than 30000 of the destination address.
Similarities:
1. Both are used to detect the IP addresses that route data packets from the source to the destination.
2. Both are detected by setting the TTL value of the package to start from 1 and increasing by 1.
Finally, tcptracetroute sends a tcp syn packet to the target port 80, which is more penetrating.