Traceroute command, traceroute

Traceroute command, traceroute
With traceroute, we can know the path from your computer to the host on the other end of the Internet. Of course, the path for each packet to arrive at the same destination from a certain source may be different, however, most of the time the routes are the same. In linux, traceroute is called tracert in MS Windows. Traceroute sends a small packet to the target device until it returns, to measure how long it takes. Traceroute of each device in a path must be tested three times. The output results contain the time (MS) of each test, the name of the device (if any), and its IP address.
In most cases, the command line is directly executed on the linux host system:
Traceroute hostname
In Windows, the tracert command is executed:
Tracert hostname


1. Command Format:
Traceroute [parameter] [host]


2. command functions:
The traceroute command allows you to track the route of network data packets. The default data packet size is 40 Bytes, which can be set separately.
Specific parameter format: traceroute [-dFlnrvx] [-f <survival value>] [-g <gateway>...] [-I <Network Interface>] [-m <survival value>] [-p <communication port>] [-s <source address>] [-t <service type>] [-w <timeout seconds>] [host name or IP address] [packet size]


3. command parameters:
-D uses the Socket-level troubleshooting function.
-F sets the TTL value of the first detected data packet.
-F: Do not disconnect the bits.
-G: You can set up to eight source route gateways.
-I uses the specified network interface to send data packets.
-I replace UDP data with ICMP response.
-M: sets the maximum TTL value of the packet to be detected.
-N directly uses the IP address rather than the host name.
-P: Set the communication port of UDP transmission protocol.
-R ignores common Routing tables and directly sends data packets to the remote host.
-S sets the IP address of the data packet sent from the local host.
-T sets the TOS value of the detection data packet.
-V displays the instruction execution process in detail.
-W: set the time to wait for the return of the remote host.
-X enables or disables the packet correctness test.


4. Example:
Example 1: traceroute is a simple and most commonly used method.
Command:
Traceroute www.baidu.com
Output:


[Root @ localhost ~] # Traceroute www.baidu.com
Traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets
1 192.168.74.2 (192.168.74.2) 2.606 MS 2.771 MS 2.950
2 211.151.56.57 (211.151.56.57) 0.596 MS 0.598 MS 0.591 MS
3 211.151.227.206 (211.151.227.206) 0.546 MS 0.544 MS 0.538 MS
4 210.77.139.145 (210.77.139.145) 0.710 MS 0.748 MS 0.801 MS
5 202.106.42.101 (202.106.42.101) 6.759 MS 6.945 MS 7.107 MS
6 61.148.154.97 (61.148.154.97) 718.908 MS * bt-228-025.bta.net.cn (202.106.228.25) 5.177 MS
7 124.65.58.213 (124.65.58.213) 4.343 MS 4.336 MS 4.367 MS
8 202.106.35.190 (202.106.35.190) 1.795 MS 61.148.156.138 (61.148.156.138) 1.899 MS 1.951 MS
9 ***
30 ***
[Root @ localhost ~] #
Note:
Record by serial number from 1, each record is a hop, each hop represents a gateway, we see that each line has three times, the unit is MS, in fact, is the default parameter of-q. The time that the gateway returns after the detection packet sends three data packets to each gateway. If you use traceroute-q 4 www.58.com, four data packets are sent to each gateway.
Sometimes when we traceroute a host, we will see some rows represented by asterisks. In this case, the firewall may block ICMP return information, so we cannot get any related data packets to return data.
Sometimes we have a long latency at a certain gateway, which may be caused by a blocking of a gateway or physical device. Of course, if a DNS server fails to be resolved when the host name or domain name cannot be resolved, there will also be a long delay. You can add the-n parameter to avoid DNS resolution, output Data in IP Format.
If the network segments in the LAN are different, we can use traceroute to troubleshoot the problem, whether it is a host problem or a gateway problem. If a problem occurs when we remotely access a server, we use the gateway that traceroute traces the data packet and submits it to the IDC service provider, which also helps solve the problem; however, it seems that it is difficult to solve such problems in China, that is, we find that the problem is located, and the IDC service provider cannot help us solve it.


 
Instance 2: hop count settings
Command:
Traceroute-m 10 www.baidu.com
Output:


[Root @ localhost ~] # Traceroute-m 10 www.baidu.com
Traceroute to www.baidu.com (61.135.169.105), 10 hops max, 40 byte packets
1 192.168.74.2 (192.168.74.2) 1.534 MS 1.775 MS 1.961
2 211.151.56.1 (211.151.56.1) 0.508 MS 0.514 MS 0.507
3 211.151.227.206 (211.151.227.206) 0.571 MS 0.558 MS 0.550 MS
4 210.77.139.145 (210.77.139.145) 0.708 MS 0.729 MS 0.785 MS
5 202.106.42.101 (202.106.42.101) 7.978 MS 8.155 MS 8.311 MS
6 bt-228-037.bta.net.cn (202.106.228.37) 772.460 MS bt-228-025.bta.net.cn (202.106.228.25) 2.152 MS 61.148.154.97 (61.148.154.97) 772.107 MS
7 124.65.58.221 (124.65.58.221) 4.875 MS 61.148.146.29 (61.148.146.29) 2.124 MS 124.65.58.221 (124.65.58.221) 4.854 MS
8 123.126.6.198 (123.126.6.198) 2.944 MS 61.148.156.6 (61.148.156.6) 3.505 MS 123.126.6.198 (123.126.6.198) 2.885 MS
9 ***
10 ***
[Root @ localhost ~] #
Note:


 
Instance 3: the IP address is displayed, and the host name is not checked.
Command:
Traceroute-n www.baidu.com
Output:


[Root @ localhost ~] # Traceroute-n www.baidu.com
Traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets
1 211.151.74.2 5.430 MS 5.636 MS 5.802 MS
2 211.151.56.57 0.627 MS 0.625 MS 0.617 MS
3 211.151.227.206 0.575 MS 0.584 MS 0.576 MS
4 210.77.139.145 0.703 MS 0.754 MS 0.806 MS
5 202.106.42.101 23.683 MS 23.869 MS 23.998 MS
6 202.106.228.37 247.101 MS **
7 61.148.146.29 5.256 MS 124.65.58.213 4.386 MS 4.373 MS
8 202.106.35.190 1.610 MS 61.148.156.138 1.786 MS 61.148.3.34 2.089 MS
9 ***
30 ***
[Root @ localhost ~] # Traceroute www.baidu.com
Traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets
1 211.151.74.2 (211.151.74.2) 4.671 MS 4.865 MS 5.055 MS
2 211.151.56.57 (211.151.56.57) 0.619 MS 0.618 MS 0.612 MS
3 211.151.227.206 (211.151.227.206) 0.620 MS 0.642 MS 0.636 MS
4 210.77.139.145 (210.77.139.145) 0.720 MS 0.772 MS 0.816 MS
5 202.106.42.101 (202.106.42.101) 7.667 MS 7.910 MS 8.012 MS
6 bt-228-025.bta.net.cn (202.106.228.25) 2.965 MS 2.440 MS 61.148.154.97 (61.148.154.97) 431.337 MS
7 124.65.58.213 (124.65.58.213) 5.134 MS 5.124 MS 5.044 MS
8 202.106.35.190 (202.106.35.190) 1.917 MS 2.052 MS 2.059 MS
9 ***
30 ***
[Root @ localhost ~] #
Note:


 
Example 4: set the basic UDP port 6888 used by the probe package
Command:
Traceroute-p 6888 www.baidu.com
Output:


[Root @ localhost ~] # Traceroute-p 6888 www.baidu.com
Traceroute to www.baidu.com (220.181.111.147), 30 hops max, 40 byte packets
1 211.151.74.2 (211.151.74.2) 4.927 MS 5.121 MS 5.298 MS
2 211.151.56.1 (211.151.56.1) 0.500 MS 0.499 MS 0.509
3 211.151.224.90 (211.151.224.90) 0.637 MS 0.631 MS 0.641 MS
4 ***
5 220.181.70.98 (220.181.70.98) 5.050 MS 5.313 MS 5.596 MS
6 220.181.17.94 (220.181.17.94) 1.665 MS! X **
[Root @ localhost ~] #
Note:


 
Instance 5: set the number of probe packages to 4
Command:
Traceroute-q 4 www.baidu.com
Output:


[Root @ localhost ~] # Traceroute-q 4 www.baidu.com
Traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets
1 211.151.74.2 (211.151.74.2) 40.633 MS 40.819 MS 41.004 MS
2 211.151.56.57 (211.151.56.57) 0.637 MS 0.633 MS 0.627 MS
3 211.151.227.206 (211.151.227.206) 0.505 MS 0.580 MS 0.571 MS
4 210.77.139.145 (210.77.139.145) 0.753 MS 0.800 MS 0.853 MS
5 202.106.42.101 (202.106.42.101) 7.449 MS 7.543 MS 7.738 MS
6 61.148.154.97 (61.148.154.97) 316.817 MS bt-228-025.bta.net.cn (202.106.228.25) 3.695 MS 3.672 MS *
7 124.65.58.213 (124.65.58.213) 3.056 MS 2.993 MS 2.960 MS 61.148.146.29 (61.148.146.29) 2.837 MS
8 61.148.3.34 (61.148.3.34) 2.179 MS 2.295 MS 2.442 MS 202.106.35.190 (202.106.35.190) 7.136 MS
9 ****
30 ****
[Root @ localhost ~] #
Note:




 
Instance 6: attackers can bypass the normal route table and directly send it to a host connected to the network.
Command:
Traceroute-r www.baidu.com
Output:


[Root @ localhost ~] # Traceroute-r www.baidu.com
Traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets
Connect: inaccessible Network
[Root @ localhost ~] #
Note:


 
Instance 7: Set the wait time for response from the external probe package to 3 seconds.
Command:
Traceroute-w 3 www.baidu.com
Output:


[Root @ localhost ~] # Traceroute-w 3 www.baidu.com
Traceroute to www.baidu.com (61.135.169.105), 30 hops max, 40 byte packets
1 211.151.74.2 (211.151.74.2) 2.306 MS 2.469 MS 2.650 MS
2 211.151.56.1 (211.151.56.1) 0.621 MS 0.613 MS 0.603
3 211.151.227.206 (211.151.227.206) 0.557 MS 0.560 MS 0.552 MS
4 210.77.139.145 (210.77.139.145) 0.708 MS 0.761 MS 0.817 MS
5 202.106.42.101 (202.106.42.101) 7.520 MS 7.774 MS 7.902 MS
6 bt-228-025.bta.net.cn (202.106.228.25) 2.890 MS 2.369 MS 61.148.154.97 (61.148.154.97) 471.961 MS
7 124.65.58.221 (124.65.58.221) 4.490 MS 4.483 MS 4.472 MS
8 123.126.6.198 (123.126.6.198) 2.948 MS 61.148.156.6 (61.148.156.6) 7.688 MS 7.756 MS
9 ***
30 ***
[Root @ localhost ~] #
Note:
 


How Traceroute works:
Traceroute: traceroute hostname
The Traceroute program is designed To use the TTL (Time To Live) field of ICMP and IP header ). First, traceroute sends an IP datasync whose TTL is 1 (in fact, three 40-byte packets are sent each time, including the source address, destination address, and time tag sent by the package) to the destination, when the first router in the path receives the datax, it will reduce the TTL by 1. At this time, the TTL is changed to 0, so the vro will discard the datax and send back an "ICMP time exceeded" message (including the source address of the IP packet, all the content of the IP packet and the IP address of the router). After receiving the message, traceroute will know that the router exists in this path, and then traceroute will send a data packet whose TTL is 2, 2nd vrouters found ...... traceroute adds the TTL of the sent dataphin to 1 to find another vro. This repeated action continues until a dataphin reaches its destination. When datax arrives at the destination, the host does not return the ICMP time exceeded message because it is already the destination. How does traceroute know that the destination has arrived?
When Traceroute sends a UDP batch Rams to the destination, the port number it chooses to deliver is a number that is not used by general applications (more than 30000 ), therefore, when the UDP datax arrives at the destination, the host will return an "ICMP port unreachable" message. When traceroute receives the message, it will know that the destination has arrived. Therefore, traceroute does not have a Daemon program on the Server.
Traceroute extracts the IP address of the device that sends the icmp ttl expired message for domain name resolution. Each time, Traceroute prints a series of data, including the domain name and IP address of the route device that passes through, and it takes time for three packets to go back and forth.
 


Windows tracert:
Format:
Tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Parameter description:
Tracert [-d] [-h maximum_hops] [-j computer-list] [-w timeout] target_name
The diagnostic utility determines the route to the destination by sending an Internet Control Information Protocol (CMP) response packet with different TTL (TL) to the destination. Each vro on the path must reduce the TTL value by at least 1 before forwarding the ICMP Response Message. Therefore, TTL is a valid redirect count. When the TTL value of the packet is reduced to 0, the router sends the ICMP timeout message to the source system. Tracert can determine the route by sending the first response packet whose TTL is 1 and adding the TTL value to 1 each time in subsequent sending until the target response or the maximum TTL value is reached. Check the ICMP timeout (ime Exceeded) Information sent back by the Intermediate router to determine the router. Note that some routers "quietly" discard the expired packets of the time-to-live (TLS) and are invalid for tracert.
Parameters:
-D specifies the address not to be resolved by the computer name.
-H maximum_hops specifies the maximum number of jumps to the target.
-Jcomputer-list indicates Loose Source Route in computer-list.
-W timeout: the number of milliseconds specified by timeout for each response.
The name of the target machine of target_name.


Instance:
C: \ Users \ Administrator> tracert www.58.com


Tracing route to www.58.com [221.187.111.30]
Over a maximum of 30 hops:


1 1 MS 1 MS 1 MS 10.58.156.1
2 1 MS <1 MS <1 MS 10.10.10.1
3 1 MS 1 MS 1 MS 211.103.193.129
4 2 MS 2 MS 2 MS 10.20.109.129
5 1 MS 1 MS 3 MS 124.205.98.205
6 2 MS 2 MS 2 MS 124.205.98.253
7 2 MS 6 MS 1 MS 202.99.1.125
8 5 MS 6 MS 5 MS 118.186.0.113
9 207 MS ** 118.186.0.106
10 8 MS 6 MS 11 MS 124.238.226.201
11 6 MS 7 MS 6 MS 219.148.19.177
12 12 MS 12 MS 16 MS 219.148.18.117
13 14 MS 17 MS 16 MS 219.148.19.125
14 13 MS 13 MS 12 MS 202.97.80.113
15 *** Request timed out.
16 12 MS 12 MS 17 MS bj141-147-82.bjtelecom.net [219.141.147.82]
17 13 MS 13 MS 12 MS 202.97.48.2
18 *** Request timed out.
19 14 MS 14 MS 12 MS 221.187.224.85
20 15 MS 13 MS 12 MS 221.187.104.2
21 *** Request timed out.
22 15 MS 17 MS 18 MS 221.187.111.30

Trace complete

Address: http://www.cnblogs.com/peida/archive/2013/03/07/2947326.html

The difference between the traceroute command and the ping command

The traceroute command is a common command used to check whether the network is smooth and can be used to display the routers whose signals reach the target to determine the node where the problem is located. One is to feedback the dynamic or static route node information, the other is whether the network channel is smooth, whether there are packet loss, response time
 
You can use the traceroute command to test the network.

D. Information is transmitted from one end to the other through transmission media and devices (routers, servers, and so on) in many segments of the network. Each device connected to the Internet, such as a host or router, usually has an independent IP address. With Traceroute, we can know the path from your computer to the host on the other end of the Internet. This is the function of this command.
The principle of Traceroute is that after the IP address of the target host sends a UDP packet whose TTL is 1 to the target host, after the first router receives the packet, after the TTL is automatically reduced by 1 and the TTL is changed to 0, the router discards the packet and generates an ICMP datagram that is inaccessible to the host. After receiving the datagram, the host sends a UDP datagram with TTL = 2 to the target host, and then stimulates the second router to send an ICMP data report to the host. Until the target host is reached. In this way, traceroute obtains all the router ip addresses. This avoids the problem that the ip header can only record limited routing IP addresses.