What protocol does tracert use? TRACERT – trace the route to a given node in the Windows command line

Using these utilities allows you to trace the route to a remote host, determine the round-trip delay time (RTT-round-trip delay time), IP address and, in some cases, the domain name of the intermediate router. They are based on ICMP error messages.

How does Tracert work?

The time to live (TTL) value of the first packet sent is set to 1. When the IP protocol of the first router receives this packet, it, in accordance with its algorithm, reduces the TTL by one and receives 0. The router discards the packet with a zero time to live and returns ICMP to the source host -datagram timeout error message (ICMP message type 11 code 0). This message contains the router name and its IP address. When this ICMP message arrives at the sender, it learns from the timer value of the packet the round-trip time (RTT), as well as (from the ICMP message) the name and IP address of the intermediate router. Then the next IP packet is sent, but now with a TTL value of 2. This packet already reaches the second router, but again “dies” there, which is reported in the same way to the sending node. And so on until it reaches the end node. Based on these responses, a trace is built. For example:

Route tracing to rt.ru with a maximum number of hops of 30: 1 3 ms 1 ms 2 ms net235-72.ufa.ertelecom.ru 2 2 ms 2 ms 1 ms bb2.bsr02.ufa.ertelecom.ru 3 2 ms 1 ms 1 ms lag-10-438.bbr01.samara.ertelecom.ru 4 18 ms 18 ms 18 ms 46.61.227.202 5 19 ms 19 ms 18 ms 46.61.227.201 6 19 ms 19 ms 19 ms so-0-0-0.m10 -ar2.msk.ip.rostelecom.ru 7 19 ms 19 ms 19 ms 109.207.0.226 8 19 ms 19 ms 19 ms www.rt.ru Tracing is completed.

From this trace we see that the host www.rt.ru is accessible with the number of hops (hops) - 8, its ip is 109.207.14.4, and the round-trip delay time to this resource is 19ms.

How Traceroute works.

The principle is identical, with one exception. The utility, by default, sends UDP datagrams towards a given host to some arbitrary port, usually to a “high” port, most likely not occupied by another service (for example, 12500, 30678) or to a reserved port (for example, 0), in recent versions the default is 33434. First, a series of 3 such packets with TTL=1 is sent, upon arrival of responses, the transit time is measured and the domain name of the transit node is determined. Then, as mentioned above, the next series of packets with TTL=2 are sent, etc. At the end, we receive a “Port Unreachable” (PORT_UNREACHABLE) response from the destination host, which means the trace is complete.

Example trace to the same resource:

Traceroute to rt.ru (109.207.14.4), 30 hops max, 40 byte packets 1 * * * 2 bb1.bsr02.ufa.ertelecom.ru (212.33.234.101) 13.059 ms 13.222 ms 13.597 ms 3 lag-10-438. bbr01.samara.ertelecom.ru (212.33.233.111) 0.360 ms 0.382 ms 0.612 ms 4 46.61.227.202 (46.61.227.202) 17.484 ms 17.511 ms 17.512 ms 5 46.61.227 .201 (46.61.227.201) 17.803 ms 17.791 ms 17.778 ms 6 so -0-0-0.m10-ar2.msk.ip.rostelecom.ru (87.226.139.74) 18.179 ms 18.211 ms 17.988 ms 7 109.207.0.226 (109.207.0.226) 18.213 ms 18.697 ms 18.288 m s 8 * * * ^C

From the output result, the question arises why in this case the tracing did not reach the end, and so-called asterisks (* * *) appeared in the output, and the answer lies precisely in the difference (in this example). Very often, routers/hosts are configured in such a way that they do not respond to these types of requests, in which case asterisks appear. This does not mean at all that there are any problems. This is done in order to unload the equipment. In this example, hops 1 and 8 do not respond to UDP datagrams, however, if you run the traceroute utility with the -I key, the trace will arrive, because This key forces me to send ICMP datagrams.

$ traceroute -I rt.ru traceroute to rt.ru (109.207.14.4), 30 hops max, 40 byte packets 1 net233-86.ufa.ertelecom.ru (212.33.233.86) 162.924 ms 163.654 ms 163.666 ms 2 bb1.bsr02 .ufa.ertelecom.ru (212.33.234.101) 8.095 ms 38.117 ms 50.262 ms 3 lag-10-438.bbr01.samara.ertelecom.ru (212.33.233.111) 0.382 ms 0.407 ms 0.417 ms 4 46. 61.227.202 (46.61.227.202 ) 17.592 ms 17.623 ms 17.613 ms 5 46.61.227.201 (46.61.227.201) 17.597 ms 17.609 ms 17.613 ms 6 so-0-0-0.m10-ar2.msk.ip.rostelecom.ru (87.226.1 39.74) 17.943 ms 17.924 ms 18.001 ms 7 109.207.0.226 (109.207.0.226) 18.092 ms 18.026 ms 18.010 ms 8 www.rt.ru (109.207.14.4) 18.205 ms 18.301 ms 18.308 ms

Conclusion.

It should be noted that asterisks can also appear when tracing ICMP packets, this also does not mean that there is a problem. It all depends on how the administrator configured the equipment. This is his hardware and it is customized to his needs. This phenomenon is quite normal. Also, don't panic if the destination host doesn't respond. It is quite possible that the resource was simply closed from them.

Performs a trace to a destination by sending echo messages to the destination. Sending is carried out using the Control Message Protocol (ICMP) with a constantly increasing packet lifetime (Time to Live, TTL).

The inferred path is a list of the closest router interfaces on the path between the source host and the destination host. The closest interface is the router interface that is closest to the source node on the path. When run without parameters, the tracert command displays help.

You can also use the following commands to check the network:

• PING is a basic TCP/IP command used to troubleshoot a connection, test access, and resolve names;
• PATHPING - provides information about network latency and data loss on intermediate nodes.

TRACERT utility parameters and keys

tracert [-d] [-h maximum_hops] [-j host_list] [-w interval [target_machine_name]

• -d - Prevents the tracert command from attempting to resolve intermediate routers' IP addresses into names. Increases the output speed of the tracert command.

• -h maximum_number_of_hops - Sets the maximum number of transitions on the path when searching for the final object. The default value is 30.

• -j node_list - Specifies that echo request messages use the free routing option in the IP header with a set of intermediate destinations specified in host_list. In free routing, successful intermediate destinations may be separated by one or more routers. The maximum number of addresses or names in a list is 9. Address_list represents a set of IP addresses (in dotted decimal notation) separated by spaces.

• -w interval - Specifies, in milliseconds, the time to wait to receive ICMP echo replies or ICMP time-out messages corresponding to a given echo request message. If the message is not received within the specified time, an asterisk (*) is displayed. The default timeout is 4000 (4 seconds).

• destination_computer_name - Specifies the destination specified by the IP address or host name.

• -? - Displays command line help for the tracert utility.

TRACERT Command Examples

• To display command prompt help for a command, type: tracert /?;
• To trace the path to a node, enter the command: tracert ya.ru;
• To trace the path to a host and prevent each IP address from being resolved into a name, enter: tracert -d ya.ru.

Video - Working with the TRACERT utility

My translation.

If you work as a network administrator, system administrator, or in any operations group, you may have heard of a tool called TRACEROUTE. This is a very convenient tool, available by default on many operating systems.

Network and system administrators use this tool in their daily work. It is essentially a convenient network diagnostic tool. There are three main tasks of the traceroute tool. These tasks performed by traceroute provide insight into the error on your network.

1. The full path that the packet takes.
2. Names and identification of routers and devices along the path
3. Network latency or, more precisely, the time required to receive and send data to all devices along the way

This is a tool that is used to check the path your data takes to reach a goal, without actually sending the data

As I already wrote, it is always good to understand how a tool works. Because this is not the tool that will help you understand and fix the problem. But it is a tool that will always give you an idea of ​​the problem. How to use the command can always be found online or even in the Linux manual and information pages.

In this article, I will explain the working of Traceroute and the types of Traceroute tools and their differences. We will also look at the different options available to the traceroute command in Linux

Basics first

Every packet you send to the Internet has a field called TTL. TTL stands for time to live. Although it is called lifetime, it is not actually time in seconds, but a completely different story.

TTL does not change either in the number of seconds or in the number of hops. This is the maximum number of hops a packet can travel through the network before being destroyed.

Hops are nothing more than computers, routers or other devices that come between the source and destination

What would happen if there were no TTL at all? If there were no TTL, an IP packet would flow endlessly from one router to another and on and on, endlessly searching for a destination. The TTL value is set by the sender inside the IP packet (the person using the system or sending the packet doesn't notice these things happening behind the scenes, but it is automatically handled by the operating system)

If the destination is not found after passing through too many intermediate routers (hops) and the TTL value becomes zero (meaning there is no further traversal), the receiving router discards the packet and informs the original sender.

The original sender is informed that the TTL has expired and cannot forward the packet further.

Let's say I need to reach the address 10.1.136.23 and my TTL is 30 hops, which means I can only travel a maximum of 30 hops to reach the destination before the packet is destroyed.

But how do routers along the way determine that the TTL limit has been reached? Each router along the path between the source and destination continues to decrement the TTL before sending it to the next router. Which means that if I have a default TTL of 30, my first router will reduce it to 29 and send it to the next router along the way.

The receiving router makes it 28 and sends it to the next one, and so on. If a router receives a packet with a TTL of one (meaning there is no further movement or forwarding), the packet is discarded. But the router that discards the packet informs the original sender that the TTL value has exceeded! (package lifetime has expired)

The information sent by a router that receives a packet with a TTL of one is called " ICMP TTL exceeded messages". Of course, on the Internet, when you send something to a recipient, the recipient knows the sender's address.

Therefore, when an ICMP TTL exceeded message is sent by a router, the original sender learns the router's address.

Traceroute uses TTL exceeded messages to discover routers that are encountered on the way to the target (since these messages sent by the router contain its address).<>/p>

But how does traceroute use the “TTL exceeded” message to find out which routers/hops are between them?

You might be thinking that “TTL exceeded” messages are sent only by the router that receives the packet with TTL 1. That's true, every router between you and the recipient will not send TTL exceeded messages. Then how do you find the addresses of all the routers/hops between you and the destination? So, the main purpose of traceroute is to identify hops between you and the destination.

But you can exploit the TTL exceeded message behavior of routers/hops along the way by purposefully sending packets with a TTL of 1

See the diagram for an example of the entire process, where the sender uses a traceroute to one of the servers in a remote location

Let's take a look at what goes on behind the scenes. When I run traceroute -n 8.8.8.8, what does my computer do? - sends a UDP packet. (Yes, UDP. Don't worry, we will discuss this in detail). The UDP packet contains the following:

• My sender address
• Destination address (8.8.8.8)
• And the destination port number which is incorrect. This means that traceroute sends the packet to a UDP port in the range 33434 to 33534, which is not normally used.

Let's see how it works

Step 1. My source address creates a packet with a destination address of 8.8.8.8 and a destination port between 33434 and 33534. And the main thing it does is make the TTL value equal to 1

Step 2. Of course my packet reaches the gateway server. Upon receiving my packet, the gateway decreases the TTL by one (all routers/hops between decrease the TTL by 1). When TTL decreases to 1 (1-1=0), the TTL value becomes zero. So my gateway server sends me back a TTL time exceeded message. Please remember that when my gateway server sends TTL exceeded to me, it sends me the first 28 bytes of the packet that I sent.

Step 3: By receiving this “TTL Time exceeded” message, my traceroute program will be able to find out the address and other information about the first hop, which is my gateway server.

Step 4: Now the tracer will send the same UDP packet again with destination 8.8.8.8 and random UDP destination port from 33434 to 33534. But this time I will make the initial TTL =2. As a result, my gateway or router will lower it by 1 and then forward this packet to the next hop/router (the packet sent by my gateway to the next hop will have a TTL value of 1).

Step 5: When receiving a UDP packet, the next hop to my gateway server will again reduce it to 1, which means that the TTL is now 0 again. Therefore, it will send me an ICMP Time exceeded message from there with the source address as well as the first 28 bytes of the packet header, which I've posted.

Step 6. When receiving TTL Time exceeded, my traceroute program finds out the IP address of the router/hop and shows it to me on the screen.

Step 7. Now my traceroute program will again create the same UDP packet with a random UDP port and destination address 8.8.8.8. But this time the TTL value is three, so the TTL automatically becomes zero when it reaches the third hop/router (please remember that my gateway and the next hop reduce it by one). So it will respond to me with TTL Time exceeded and my taceroute program will know about the router/hop's IP address

Step 8: Having received this response, traceroute will once again create a UDP packet, this time with a TTL of 4. If I get TTL Time exceeded for it too, then my traceroute program will send a UDP packet with TTL=5 and so on.

But how does my Traceroute program know that endpoint 8.8.8.8 has been reached? This is how the tracer knows about it: when the original receiver of packet 8.8.8.8 (remember all UDP packets had a destination address of 8.8.8.8) receives the request, it will send me a message that will be completely different from all messages " TTL Time exceeded".

When the original recipient (8.8.8.8) receives my UDP packet, it sends me the message " ICMP Destination/PORT Unreachable". This should happen because we always send a random UDP port between 33434 to 33534. So my Traceroute program will know that we have reached the final destination and will stop sending any additional packets.

Now everything that is described in words is called theory. We need to confirm this by running Tcpdump during Traceroute. Let's look at the tcpdump output. Please note that I am not showing you the full output of tcpdump because it is too long.

Run traceroute in one terminal of your Linux machine. And in another terminal, run tcpdump to see what's happening.

The output above only shows UDP packets sent from my machine. I'll show the response messages separately to make it clearer

Please note the TTL on each line. It starts with a TTL of one, then 2, and then 3 up to a TTL of 6. You might be wondering why my server is sending 3 UDP messages with TTL=1, then 2, then 3?

The reason for this is to calculate the average transit time. The traceroute program sends three UDP packets for each hop to measure the exact average packet transit time. Average transit time is nothing more than the time in milliseconds it took to send and then receive a response. I deliberately did not mention this at the very beginning to avoid confusion.

So the bottom line of my traceroute program sends three UDP packets to each hop just to calculate the approximate transit time. So the output of traceroute shows these three values. Let's take a closer look at the traceroute output. It shows three millisecond values ​​for each hop to give you a clear idea of ​​the travel time.

Now let's see the response we received from all hops via TCPDUMP. Please note that the response messages below are part of the same TCPDUMP that I ran earlier, but I am showing them to you separately to make it clearer.

Another interesting thing to note is that every time my program sends a different random UDP port number. This is to determine which packet the response belongs to. As stated earlier, the response message that the hops and the destination send contains the header of the original packet that we sent, so the traceroute program can accurately calculate the exact transit time (for each of the three UDP packets sent to each hop) as it can easily determine answer and compare. The random numbers of ports are a kind of identifier to determine the response.

The response messages look like below.

Please note that the ICMP time exceeded messages are shown above (I did not show all the response messages)

Now let me show the last message, which is different from ICMP time exceeded. This is a destination port unreachable message, as stated earlier. And the traceroute program knows that our goal has been achieved.

Note that there are three replies from 8.8.8.8 to my traceroute program. As stated earlier, traceroute sends three identical UDP packets on different ports to simply calculate the exact transit time. The final destination is no different.

Different types of Traceroute programs

There are different types of traceroute programs. Each of them works a little differently. But their general concept is the same. They all use the TTL value.

Why different implementations? This is because you can use the one that is applicable to your environment. Assuming the firewall is blocking UDP traffic, then you can use a different trace for this purpose. The different types are given below.

The one we used earlier is UDP tracing. This is the default protocol used by the traceroute program on Linux. However, you can tell our traceroute utility on Linux to use ICMP instead of UDP using the following command.

Root@workstation:~# traceroute -I -n 8.8.8.8

ICMP traceroute works exactly the same as UDP traceroute. The traceroute program will send ICMP Echo requests and the hops between them will respond with ICMP messages " ICMP Time exceeded" (time expired). But the final destination will send an ICMP echo response. The tracert command, available in the Windows operating system, uses the ICMP route trace method by default.

And the last one is the most interesting. It's called TCPtraceroute. It is used because almost all firewalls and intermediate routers allow TCP traffic. And if the packet is on port 80, which is web traffic, then most routers will let that packet through. TCPTRACEROUTE by default sends TCP SYN requests to port 80.

All routers between the source and destination will send a "TTL time exceeded" message, and the destination will send either an RST packet if port 80 is closed, or a SYN/ACK packet. (But tcptraceroute does not create a TCP connection. When receiving a SYN/ACK packet, the traceroute will send a RST packet to close the connection.) Therefore, the tracing program knows that the goal has been achieved. Note the fact that the -n option I used in the traceroute command shown earlier will not resolve DNS names. Otherwise, the trace will send DNS queries for all hops it encounters along the way.

Now the main question is which trace should I use: ICMP, UDP or TCP?

It all depends on the environment. Assuming that intermediate routers are blocking a particular protocol, you should try using a different one.

Practical exercises No. 03-006

Tracert network utility (traceroute on Linux, Cisco IOS, MAC OS). Operating principles and use.

Utility tracert used to study the routes of IP packets in networks operating using the TCP/IP protocol stack, including the global Internet. When using this program, you must remember that during its operation a fairly large number of IP packets are generated both on your host and on intermediate routers. This creates additional load on the network.

tracert [- d] [- hmaximum number] [- j node list] [-w interval] [destination_computer_name]

Options:

- d refusal to resolve IP addresses of intermediate nodes into names

- hmaximum number maximum number of transitions (hops) when searching for a destination node

-j node_list specifies the use of the free routing option in the IP header with the set of intermediate destinations specified in node_list (currently practically not supported on routers)

-w interval sets the waiting time in milliseconds for each response

destination_computer_name specifies a destination identified by an IP address or host name.

The utility's operation is based on manipulating the contents of the standard header fields and IP packet header options. The main tool of the utility is the contents of the “time to live” (or TTL) field.

A required element is the destination IP address or host name.

Having received it from the user, the utility sends a series (usually three) of packets to the network to this address with the TTL value set to 1. These packets have no chance of reaching the destination, since the first router along the route, subtracting TTL 1 from this, will receive 0. And he is obliged to destroy such a packet after the allowed lifetime on the network has expired. But at the same time, the router is obliged to send the sender of this unsuccessful ICMP packet a message about its tragic fate (type 11, code 0).

As a result, your computer will very quickly receive three notifications that previously sent packets have been destroyed. Remembering the time of sending and recording the time of receiving ICMP notifications, it is not difficult for the tracert utility to calculate the average time for receiving responses, which is displayed on the screen.

Then the next series of packets is sent with a TTL of 2, and so on until the packets reach their destination.

When a packet addressed to it with a TTL of 1 arrives at a host or router address, it is accepted. Since there is no need to forward it any further, no ICMP time-to-live message will be generated.

To find out that the tracing has been successfully completed, all series of packets are sent with UDP messages embedded in them, indicating a port number that obviously does not exist at the recipient. On intermediate routers this does not matter, but the recipient, having failed to use the embedded information, is forced to report this to the sender using the same ICMP protocol, but with different message type (3) and code (3) values.

This message is interpreted by the sender as confirmation of the completion of the transfer.

An important feature of the tracert utility is the ability to find out the names of intermediate nodes. This allows you to get an idea of ​​the organizational structure and geographic location of the packet route.

Host names are based on the Domain Name System (DNS):

Formally, both users and programs can access hosts, mailboxes and other Internet resources by their IP addresses, but if for a program the procedure for “remembering” an IP address is no different from “remembering” any other 4 bytes of information of any type, then for the user, remembering number combinations like 111.124.133.44 is difficult simply from the point of view of our memory structure. In addition, identifying any services with the IP addresses of the hosts or servers on which they operate makes it extremely difficult to transfer them if necessary. To take into account the “human factor” and separate machine names from their addresses, it was decided to use text ASCII names. However, the network only understands numeric addresses, so a mechanism is needed to convert ASCII strings to IP addresses.

When it all started, on the ARPANET the correspondence between text and binary addresses was stored in special files , which listed all hosts and their IP addresses. In a network consisting of several hundred large machines, this approach worked quite well.

But when thousands of workstations connected to the network, problems arose: the number of records that needed to be stored grew rapidly, and centralized management of the names of all the hosts of a giant international network was quite difficult.

To solve these problems, it was developed Domain Name Service (DNS, Domain Name System). This system is used to convert hostnames and email destinations to IP addresses, but can also be used for other purposes. The DNS system was defined in RFCs 1034 and 1035.

A domain name is a name consisting of words separated by dots. The left word of the name refers to the host. All other words form the domain name. The naming system has a hierarchical, tree-like structure.

Each node (circles in the figure) has a label up to 63 characters long. The root of a tree is a special node without a label. Labels may contain capital letters or small letters. The domain name for any node in the tree is a sequence of labels that begins with the node acting as the root, with labels separated by dots. (This is in contrast to the file system we are used to, where the full path always starts at the top (root) and works its way down the tree.) Each node in the tree must have a unique domain name, but the same labels can be used at different points in the tree.

There is a root name, denoted by a ".", which is often not written in the domain name. There are first level domain names. They are divided into 2 categories - territory domain names and subject domain names. The names of second-level and subsequent domains can be anything, and no two identical domain names or hosts can exist. So, if N i is a domain name of the i-th level, and T is a word, then the domain name of level i+1 is formed according to the rule N i +1 =T+N i .. A domain name that ends with a dot is called an absolute domain name (absolute domain name) or fully qualified domain name (FQDN).

Let us emphasize again that since IP addresses uniquely identify hosts on a network, there is a one-to-one relationship between the set of host names and the set of addresses.

This relationship is established by a table in which there are as many entries of the type “Hostname, IP address” as there are domain names of hosts. When naming a new host, an entry must be added to the table; if an existing one is renamed, the entry must be changed. It is convenient to use such a naming system because they are easy to remember and are not tied to geographically localized IP networks. When moving a named resource from one host to another, all you need to do is change the entry for its name in the name table. It is difficult to contain such a table for the Internet on one website and impossible to keep it up to date.

The DNS database is distributed. The hierarchical name system corresponds to the hierarchical system of DNS servers on which table fragments are located. Ideally, there should be a separate nameserver for each domain. The name server database at any level must contain records of all child domains at the next level. All first-level domains are contained in the root name servers database. They are served by the NIC organization.

In reality, one host can host a database for several domains, and identical or overlapping databases can be located on several hosts. A branch of the name tree that is under unified control along with the hosts on which the database of this branch of the tree is located is called a DNS zone. Typically, a zone has one primary DNS server (primary name server) and several backup (secondary name servers). Changes to a zone are made to the database of the zone's primary server and then this information is duplicated on secondary servers.

The process of transferring information from a primary server to a secondary server is called zone transfer. When a new host appears in the zone, the administrator adds the appropriate information (minimum, name and IP address) to a disk file on the primary server. Secondary servers poll the primary servers regularly (usually every 3 hours), and if the primary contains new information, the secondary receives it using zone transfer.

Based on the specified functionality of the system and its structure, it follows that the protocol must include two components - a protocol for resolving names to IP addresses and a protocol for exchanging data between nodes of a distributed database, in particular, between the main and backup zone servers.

Address resolution system.

In order for TCP/IP protocol stack software to use the name service, the stack settings must specify the IP address of the name server, the zone of which includes the host or another server that accepts requests from the host's network. When an application element uses a domain name to identify the second party in a session, the IP address resolution process is initiated. The host name service application element sends a request to the name server. If the name server can resolve the address, it sends a response containing that address. If the name server cannot resolve the request, it can initiate two name resolution scripts

the server sends the address of the root name server as part of the response, and the host generates a request to this server (an iterative request).

The zone server generates a request to the root server and, having received a response, stores it in a buffer and sends a response with the address to the host that requested the service (recursive request).

The response from the server controlling the domain is called authoritative.

Each name server on the Internet must contain the addresses of root servers in its database.

Name resolution . In addition to its main function of resolving a host's domain name into its IP address, the DNS protocol also provides reverse resolution of an IP address into a domain name using subzones of the reverse zone in_addr.arpa.

It is the capabilities of this protocol that allow the tracert utility not only to work successfully when specifying the tracing location in the form of a DNS name, but also to provide us with information about the names of intermediate nodes.

Self-test questions

What is the Domain Name System and what is it used for.

What is the maximum domain host label size

What is the name of the root DNS domain?

What types and codes of ICMP messages does the tracert utility use?

Which IP packet header field is used to set the lifetime of packets using the tracert utility?

Tracert utility parameters

Purpose of the tracert utility and options for its use

Necessary equipment

IBM PC is a compatible computer with a licensed Windows operating system, connection to a local network, Internet access.

Tasks

1. Using the tracert command, determine the route for distributing IP packets to the site www.sgu.ru

2. Using the tracert command, determine the route for distributing IP packets to one of the following sites: www. nla. gov. au , www. ibge. gov. br , www. kunaicho. go. jp(you can choose any site outside of Russia).

3. Repeat the trace with the –d option.

4. Describe the DNS structure of the name of the server you traced.

5. Use the service www. ip2 location. com/ demo. aspx(or similar) and determine the approximate location of intermediate route points.

6. Draw a route diagram.

7. Comment on the results.

Submit a report on the completion of the work in printed or electronic form with copies of the utility operation screens.

There are times in network life (especially for dial-up users 😉 when it is impossible to reach some host (for me this is often www.microsoft.com ;-|) - this is where this utility comes to the rescue (in Windows - tracert .exe) With its help, you can try to determine in which part of the IP network the failure occurred - either the host crashed, or the provider is slow, or your IP connection is bad :).

But what I really love about tracert is the possibilities it gives for studying IP networks - and they vary in scope and focus;). The first step might be to research your provider's subnet. With traceroute, you can explore the network itself, putting into practice the theoretical knowledge you have acquired - about routing, DNS servers, backbones, subnet systems, and you never know what else;).

How it works?

First, you need to remember the format of the IP packet header, or rather one of its fields - TTL (Time To Live). This eight-bit field specifies the maximum number of hops (hop - the passage of a datagram from one router to another) during which a packet can remain on the network. Each router
processing this datagram performs the operation TTL=TTL-1. When the TTL becomes zero, the router discards the packet.
an ICMP Time message is sent to the sender
Exceeded.

The utility sends a packet with TTL=1 in the direction of the specified host, and waits to see who will return the time exceeded response. The responder is recorded as the first hop (the result of the first step towards the goal). Then packets with TTL=2, 3, 4, etc. are sent sequentially. in order until, at some TTL value, the packet reaches the target and receives a response from it.

*nix traceroute sends UDP packets towards a given host to an arbitrary port - most likely not occupied by another service (for example 28942, 30471) or to a reserved one, for example 0, default - 33434. First, a series of 3 such packets with TTL= is sent. 1, upon arrival of responses, the transit time is measured and the domain name of the transit node is determined (although this depends on the specified options). Then, the next series of packets with the same TTL are sent, designed to identify the same hop. At the end, we receive a port unreachable response from the end host, which means the trace is complete.
The standard Windows console tracert works exactly the same, but only sends ICMP echo request packets.

I myself willingly use both the standard tracert and the one built into CyberKit (a fairly good utility
also Necrosoft Quick Traceroute). I can’t recommend anything additional for Linux - I only used the standard Debian traceroute :).

In conclusion, I will say, do not be afraid to experiment - this is the only way to truly “understand” the network. Look for information and use it. Good luck.