Principles of Ping and Traceroute (5)

Principles of Ping and Traceroute (5)

(Reference) TCP/IP explanation, Volume 1: Protocol

The name "ping" comes from the sonar positioning operation. The purpose is to test whether another host can arrive. The program sends an ICMP echo request packet to the host, and waits for the returned ICMP echo response.

Generally, if you cannot ping a host, you cannot Telnet or FTP to the host. In turn, if you cannot Telnet to a host, you can usually use the ping program to determine where the problem is. The Ping program can also measure the round-trip time of the host to show how far the host is from us ".

Ping program

We call the ping that sends the echo request as the customer, and the host that is pinged as the server. Most TCP/IP implementations directly support Server ping in the kernel.

The ICMP echo request and echo response packets sent by the Ping program are as follows:

Unix sets the identification field in ICMP to the ID of the sending process when the Ping program is implemented. In this way, even if multiple ping programs are run on the same host, the ping program can identify the corresponding round-trip information.

The serial number starts from 0. Each time a new echo request is sent, 1 is added. The Ping program prints the serial number of each returned group and allows us to check whether the group is lost, out of order, or duplicate. An IP address is a best-effort datagram transmission service. Therefore, all three conditions may occur.

Generally, the following format is output when you run the ping program on the LAN:

64 bytes from 192.168.8.1: icmp_req=1 ttl=64 time=1.04 ms64 bytes from 192.168.8.1: icmp_req=2 ttl=64 time=1.05 ms64 bytes from 192.168.8.1: icmp_req=3 ttl=64 time=1.06 ms64 bytes from 192.168.8.1: icmp_req=4 ttl=64 time=1.41 ms64 bytes from 192.168.8.1: icmp_req=5 ttl=64 time=1.41 ms64 bytes from 192.168.8.1: icmp_req=6 ttl=64 time=1.20 ms64 bytes from 192.168.8.1: icmp_req=7 ttl=64 time=1.42 ms64 bytes from 192.168.8.1: icmp_req=8 ttl=64 time=0.649 ms

When an ICMP echo response is returned, print the serial number and TTl and calculate the round-trip time. The Ping program calculates the round-trip time by storing the request sending time value in the ICMP message. When a response is returned, the current time is used to subtract the time value in the ICMP message and the round-trip time.

IP record routing options

The Ping program provides us with the opportunity to view the IP record routing (RR) option. Most Ping programs of different versions provide the-R option to provide the record routing function. It enables the Ping program to set the ip rr option in the IP datagram sent out (the IP datagram contains the ICMP Echo Request Packet ). In this way, each route that processes the datagram puts its IP address in the option field. When the datagram arrives at the destination, the IP address list should be copied to the ICMP echo response. In this way, the router address that passes through the return is added to the list. When the Ping program receives a echo response, it prints out the IP address list.

This process sounds simple, but it has some defects. The source host generates the RR option, the intermediate router processes the RR option, and copies the RR list in the ICMP echo request to the ICMP response. All these are the option functions. Fortunately, most routers now support these options. Only some systems do not copy the IP list in the ICMP request to the ICMP response.

However, the biggest problem is that there is only limited space in the IP address header to store IP addresses. In progress, we can see that the IP header length field is only 4 bits, so the entire IP header can contain up to 15 32 bits (and 60 bytes ). Since the ip header is fixed to 20 bytes, the RR star uses 3 bytes, so that only 37 bytes are left to store the ip address list (60-20-3 ), that is to say, you can only store nine IP addresses.

The RR option format in IP datagram is as follows:

Why? Why does it happen? Why are there too many other users? Qian (vii) ^ H = Z Hei? Http://www.bkjia.com/net/router/ "target =" _ blank "class =" keylink "> routers support record routing options, so this option is not available on some paths.

Second, record routing is generally a single option. If this option is set for the sender, the receiver has to extract all information from the received IP header and then return all information to the sender. Most Ping SERVER implementations return the received RR list, but this doubles the recorded IP address.

The last reason is also the main reason. The IP Address Header has limited space for options and cannot store most of the current paths.

Traceroute program principle

The Traceroute program uses the TTL field (TTL) in the ICMP packet and IP header ).

Each vro that processes the datagram must subtract 1 from the TTL value or the number of seconds that the datagram stays in the vro. Because the delay of most vro forwarded data packets is less than one second, TTL is eventually a hop counter, and each vro that passes through reduces the value by 1.

The TTL field is used to prevent the endless flow of data in the network during route selection. For example, when a router is paralyzed or the connection between two routers is lost, the routing protocol sometimes goes back to check the lost router and keep going. The TTL field is to add a survival limit to these warm-up data packets.

When the router receives an IP datagram, if the TTL field is 0 or 1, the router does not forward the datagram (the target host that receives the datagram can send it to the application, this is because you do not need to forward this datagram. However, in general, the system should not receive data packets whose TTL field is 0 ). Generally, the router discards the datagram and sends an ICMP timeout message to the source host. The key to the Tracerouter program is that the ICMP timeout information contains the router address.

Then, Tracerouter sends an IP datagram with the TTL field 1 to the target host. The first vro that processes the data packet will subtract 1 from the TTL value, discard the data packet, and send back a timeout ICMP packet. In this way, the IP address of the first vro in the path is obtained. Then, Tracerouter sends a data packet whose TTL is 2, and obtains the IP address of the second router. Then, continue this process until the target host is reached. Even if the target host receives a datagram with a TTL value of 1, it will not discard the datagram and generate an ICMP packet because it has reached the final destination. At this time, the Tracerouter program sends a UDP datagram to the target host, but selects an impossible value as the destination port number (greater than 30000 ), this makes it impossible for any program on the target host to use this port. When the data is reported, the UDP module of the target host generates an ICMP packet with the "port inaccessibility" error, in this way, the Tracerouter program needs to distinguish whether the obtained ICMP packet is time-out or the port is inaccessible to determine when the packet ends.