Traceroute application (tracert in Windows) is used to study the topology of a computer network using the ICMP (Internet Control Message Protocol). To understand how ICMP works, you need to know a few general things about the Internet. In the Internet data is transmitted in packets.
Each packet consists of the data proper (for example, a picture or a web page), sender’s and recipient’s addresses, and service information, TTL (time to live), in particular. The TTL of a packet is not measured in minutes and seconds, but in hops. That is the transitions from one subnetwork to another. The Internet is made of separate subnetworks that are connected together with routers. The larger the TTL the larger number of routers the packet will be able to pass. At each passed router the TTL is reduced by 1. When it becomes 0, the packet is discarded.
Regular data travel with TTL equal to 255. Because of that, it can reach every corner of the Internet (the size of the Internet doesn’t exceed TTL 100, but, on average, it is considerably smaller, around 15-20). Having discarded a regular packet, the router sends no notification to the computer that sent the packet. Unlike that, the ICMP is designed in such a way that the router always tells the source of the packet that it has been discarded, as well as who and when did it.
The traceroute command sends a series of ICMP packets with gradually increasing TTLs starting from 0. This way, the traceroute allows the packet to be discarded by every server between the source and the final destination. Consider a usual example of traceroute execution:
traceroute to www.chem.msu.ru (158.250.32.34), 30 hops max, 40 byte packets
1 r1-akmos (213.247.128.3) 0.357 ms 0.319 ms 0.309 ms
2 r0 (213.247.128.254) 3.655 ms 2.866 ms 2.062 ms
3 macom-BIZNSERV.macomnet.net (212.5.127.194) 5.155 ms 2.949 ms 3.024 ms
4 M9-1-ATM155-NCC.macomnet.net (195.128.65.21) 4.442 ms 4.366 ms 4.189 ms
5 M9.Moscow.RU.Radio-MSU.net (193.232.244.39) 4.393 ms 11.163 ms 4.163 ms
6 NPI-CX.radio-msu.net (194.67.82.76) 5.869 ms 5.510 ms 5.388 ms
7 Chem.Radio-MSU.net (158.250.0.46) 6.029 ms 5.560 ms 7.512 ms
8 mch.chem.msu.su (158.250.32.18) 10.122 ms * 10.082 ms
9 mch1.chem.msu.su (158.250.32.34) 18.304 ms 10.615 ms 10.524 ms
Trace complete.
Line
8 mch.chem.msu.su (158.250.32.18) 10.122 ms * 10.082 ms
means that one packet with TTL equal to 8 was lost, while two packets were discarded by the mch.chem.msu.su router (IP address 158.250.32.18). Travel time (time to destination + request processing time of the router + time to the source) between us and that router was about 10 milliseconds. Make a note of it, the travel time between us and that router, not between the computers in the lines 7 and 8.
The average time of the five hops (M9.Moscow.RU.Radio-MSU.net) was 6.573 ms, and of the six hops (NPI-CX.radio-msu.net) was 5.589 ms. It might seem, that the duration of the sixth hop was negative. This could be caused by:
- load fluctuations
- routers being programmed to respond to the ICMP last (the M9.Moscow.RU.Radio-MSU.net router is doing this, most likely).
One more interesting example:
7 info-gw.metrocom.ru (195.5.130.21) 16.068 ms * 21.414 ms
8 * * *
9 * * *
10 info-gw.metrocom.ru (195.5.130.21) 18.037 ms !H 19.051 ms !H 16.620 ms !H
At the first look, the packets with TTL 8 and 9 are lost at the intermediate routers between 7 and 10. But it becomes clear upon careful examination, that both 7-th and 10-th lines list the same computer. The info-gw.metrocom.ru is 7 hops away from us. It is either not passing through the TTL 8 and 9 packets, or not responding to them and it is programmed to not pass packets with TTL exceeding 10. It is this, that!H (host unreachable) after the time tells us.
|
