Traceroute Working principle

traceroute, which is trace route, which tracks routes. This program was first implemented by Van Jacobson. Source code can be found on the Internet, but I have not yet to find.the basic principleis the processing of packet TTL (Time to Live, lifetime) during IP routing. When the router receives an IP packet, it changes the TTL of the IP packet (and the resulting head check and checksum changes). For each packet received, check if this TTL is 0 or 1. The assumption is that the package has not reached its destination, and that there is not much time left, it must not arrive at the destination. The router simply discards the packet and sends an ICMP notification to the source host that the packet has timed out. The ICMP notification message includes the IP that is used by the current router when it is sent.

This enables you to indirectly check which routes have been routed to a host by constructing a packet. A packet with a TTL of 1 is sent, so that it has timed out when it arrives at the first router, and the first router notifies the Fengliang that it is able to record the IP of the first router that passes through. Then the TTL plus 1, security through the first router, and the second router's processing with the first same, packet loss, send notification that the packet timed out, so that the second router IP record, so that can continue until the packet reaches the target host, thereby printing out all the router.

In communication, the IP layer is only responsible for the routing and transmission of data, and does not process the contents of the packet. For example, ICMP, or TCP,UDP, these protocols rely on the transfer capability of the IP layer to transmit data. In the communication two-party host, after receiving the packets of these protocols, generally on the corresponding host of communication, there will be a program to process the data. The direct IP datagram is not practical (Win2000 's drive layer can use IP directly without adding other protocols, but it is usually not used). So the Traceroute program sends a UDP packet to test. For routers, the UDP datagram is only one of the IP datagrams, and it does not care about the details of the UDP datagram. Until the packet arrives at the destination, the kernel of the destination host parses the UDP datagram and finds out whether the port already has a process in use in the datagram. If found, the notification process has data arrival. If it is not found, a "destination Port unreachable" ICMP error data is sent back to the source host.

So that it can be completely determined. Trcertroute set up a UDP packet, constantly change the TTL value and send out, assuming that you received a "time-out error", that just arrived at the router, and assume that you received a "Port unreachable" error, that just arrived is the destination host. This completes the route trace and the program ends.

There are several details :

1. LAN routing is relatively stable, so the response time printed with traceroute is not very different. The assumption is that the routes used to track the wide area network, because the WAN routing information is dynamic change, and can not determine whether the sending path time-consuming or return path time-consuming, so time and routing information can only be used as a reference.

2.TTL of choice. Assuming that the TTL is set sufficiently large, it is not certain that all routes can be printed, such that a packet reaches the destination by 300 routers. Of course, in an existing network environment it is unlikely that there will be so many routes to go through. The TTL information has only one byte in the IP datagram, which can be set to a maximum of 255 (256 after the start of 0). The purpose of setting this information is to prevent some stiff and unstructured data from wandering aimlessly on the internet without disappearing. Every time the datagram passes through a router, the router decrements the TTL by 1 (or the number of seconds elapsed before the router is processed), and it is always reduced to 1, and then the router discards it.

The 3.traceroute is terminated with the sign "Port unreachable". Provided that the port requested in the UDP datagram is not in use on the destination host. Assuming that there is a process on the destination host that is using this port, the packet is received and handled in a normal manner, so that traceroute cannot receive the "Port unreachable" error. In order to avoid this situation, the port of the UDP datagram is very high (the implementation in the book is the initial value of 33435, and then the maximum number of 1,port to 65535 per send). Ordinary programs generally do not use these high ports. The question is, if there is such a situation, what would traceroute do with it? And what if the Solaris system might use a high port.

4. In the transmission process, to go through a lot of routes, before reaching the destination host, may also go through the gateway, firewall, and other such as the filtering of IDs, sending packets can reach the destination host is still a problem. And even if it arrives, the sending of the ICMP message can return is also a problem. Because there are too many levels passing along the way, encounter a black hole router, do not forward this information, then there is no solution.

The book also mentions that the original traceroute has an option to specify which router the packet passes through. Assuming a wide route, it is only possible to pass the specified route. The assumption is strict routing, you must pass the specified router in the order specified. Because this option may cause a fixed route to process too much information, it has been canceled in the published source code. But can find the patch, or can be used up. From the comparative results, it seems that the router is not as good as the default route for routers to handle faster. For strict routing, it is more difficult to succeed, because it is not necessarily the router you specify has an entry to the next router.

PingThe program uses the ICMP reply request to detect whether the remote host is up or down. (It is not possible to continue to infer whether the port is accessible.) To view the port, you need to use a scanner. A network library (Icmp.dll) has been provided in Win2000 to enable the use of ICMP to detect remote hosts. This is the simplest way to read a ping using a pipe or to embed a ping source code (no way, lazy person). Ping actually another r option, used to record the routed route, was never known. (Pingwww.google.com-r 7) records The 7 routers that pass through. According to the analysis, the maximum number of 8~9 items can be recorded according to the environment limit.

In addition to echo requests, ICMP can be used to implement time requests. In the ICMP packet can include the sending time, the destination host received and then attached itself when the time to send back. This allows for a time calibration and the ability to infer the communication speed between source and destination. Because the detailed content part is more annoying, the type is too many, suddenly cannot remember each kind of meaning.

The general use of Ping is only the simplest of its functions: Check the host can not connect to. In fact, with the other options provided, it is possible to achieve a lot of detail control, such as packet length, TTL, routing record, width/Shang by routing, etc.

Traceroute Working principle