The Tracert command is used as a routing tracking and diagnosis utility in both DOS and Unix systems. It sends Internet Control Message Protocol (ICMP) the echo request and the echo response message generate the command line report output for each vro to trace the path. This program is one of the necessary TCP/IP tools for network management. It is often used to test network connectivity and determine the fault location. Therefore, it is necessary for us to fully understand the running process of Tracert commands through precise parsing of Tracert route tracing data packets.
Packet Capture
1. Network Environment 1.
Figure 1
2. capture tool Sniffer pro Filter setting steps:
We know that the Tracert command is a specific application of the ICMP protocol implementation principle. to capture the data packets generated after the Tracert operation, you only need to set the filter to capture ICMP traffic, as shown in filter 2.
Figure 2
(1) Select "Capture" -- "Define Filter ".
(2) Select "Profiles" and select "New" in the Captuer Profiles window"
(3) Select ICMP as the file name. Because Sniffer pro already has a file that only filters ICMP, you can select "Copy Sample Profile", select IP/ICMP, and click OK.
(4) Of course, you also need to Define "address" in the Define Filter window to capture ICMP traffic between the local host and any host.
3. run Sniffer Pro, click F10 to start the capture process, open a CMD window on the local machine, and send TRACERT-d 10.4.153.165 (when the tracert command with the-d option is used, TRACERT does not perform DNS lookup on each IP address. 3) after the command is run, press F9 to stop the capture and select "Decode" to display the captured packets, as shown in figure 4.
Figure 3
Figure 4
[1] [2] Next page
Data Packet Parsing
From the captured datagram, we can see how the Tracert command uses the ip ttl field and ICMP error message to determine the route from one host to other hosts on the network. The TTL (Time to Live) field of the IP packet header is an 8-bit field initially set by the sender. It indicates the effective Time of the packet, that is, the life cycle. Each vro that processes the datagram needs to reduce the TTL value by 1 or minus the number of seconds that the datagram stays in the vro. Because the latency of most vro-forwarded data packets is less than one second, TTL is eventually a hop counter. According to the relevant ICMP protocol, when the vro receives a datagram, if the TTL field is 0 or 1, the router discards the datagram and sends an ICMP "timeout" message to the source host. The Tracert Command finds the router and determines the route accordingly.
Next we will parse the data packets frame by frame to understand the working process of the Tracert command.
Frame 1: host A (10.4.152.16) sends an ECHO request packet whose information type is 8 and code is 0 to host B (10.4.153.165. The TTL value of the IP address header is 1, 5.
Figure 5
Frame 2: Because the destination host is in another network segment, the data packet is sent to the local Gateway Router A (10.4.152.254). After receiving the ECHO request packet from host, an ICMP packet whose type is 11 and code is 0 is returned. Reply "Time to live exceeded in transit", as shown in 6.
Figure 6
From these two frames, we can see that host A first sends an ECHO packet whose TTL is 1, and the first router A (10.4.152.254) in the path degrades the TTL of the packet by 1 before forwarding the packet, when the TTL of A data packet is reduced to 0, the router discards the data packet and sends the message "ICMP Time Exceeded" (timeout) back to source host, find the first vro on the path.
In order to obtain the round-trip delay time information, host A sends three packets with the same TTL as 1, length, and target address (frame 1, frame 3, and frame 5) in this hop ), router A discards the three packets in sequence and sends the "timeout" message (frame 2, frame 4, and frame 6) to host ).
Frame 7: host A (10.4.152.16) sends an ECHO packet whose TTL value is 2 to the target host B (10.4.153.165.
Frame 8: Router B (10.4.147.82) router B sends an "ICMP Time Exceeded (timeout)" packet to the source host (host.
As we can see, the Tracert command increments TTL by 1, and host A sends an ECHO packet with a ttl value of 2. the datagram is forwarded by router A to router B, because the TTL value of the datagram is subtracted from 1 at the first hop, the TTL value is 0 after arriving at router B. Router B discards the packet and returns the "ICMP Time Exceeded (timeout)" packet to host A to obtain the second Router Information in the path. Similarly, host A sends three messages with the same TTL value to obtain the average round-trip latency information.
Frame 13, frame 15, and frame 17: host A (10.4.152.16) sends three echo data packets whose TTL value is 3.
Frame 14, frame 16, and frame 18: Three ECHO packets whose reply type is 0 and code is 0 in host B (10.4.153.165.
So far, because the TTL value of the data packet sent by host A is 3, after the sent data packet is forwarded twice to target host B, host B returns the ECHO response packet, so far, route tracking between host A and host B is implemented.
Through the preceding parsing of the datagram, we can see that the Tracert command controls the TTL of the IP Message to implement route tracking to provide information about each hop from the router to the destination address. The ICMP echo request packet whose TTL is equal to 1 is sent first. The first vro in the path will discard the packet and send the packet back to the ICMP timeout error message. Then, each sending process of the Tracert command increases TTL by 1, and the route is determined by checking the "ICMP Time Exceeded" message sent back by the Intermediate router. This process will continue until the target response or TTL reaches the maximum value, so as to determine the fault point or the complete route path.
Previous Page [1] [2]