Skip navigation
Login   |   Register
Cisco Learning Home > CCNP R&S Study Group > Discussions
7988 Views 7 Replies Latest reply: Jun 18, 2011 7:10 PM by Paul Stewart - CCIE Security RSS

Currently Being Moderated

How Does Traceroute Work

Jun 16, 2011 11:03 AM

Enrique 126 posts since
Mar 2, 2011

My understading has always been that it sends out 3 udp packets with a TTL of 1, that returned, it sends out another set with a TTL of 2 and so on until it reaches the intended destination. Is this the Unix version? Are there other versions of Traceroute that use ICMP instead of UDP packets? Can someone who has a master grasp of the matter explain? Thanks.

 

Enrique

  • Anthony Sequeira, CCIE,VCP 1,014 posts since
    Nov 9, 2008
    Currently Being Moderated
    1. Jun 16, 2011 12:23 PM (in response to Enrique)
    Re: How Does Traceroute Work

    Hello Enrique!

     

    Yes - this is a very tricky application to master since there are so many different implementations. For example, Windows uses ICMP echoes by default, while most Linux operating systems use UDP by default, with the option to use ICMP. The Cisco IOS uses UDP, and there are even some implementations in the field that rely on TCP.

     

    While there are many, many different implemenations, the goal of traceroute is always the same. Traceroute seeks to have the routers between the source and destination identify themselves, and then have the destintaion repond to the source management station to confirm its reachability.

     

    In the case of ICMP,  the routers identify themselves using Time Exceeded ICMP packets back to the source when the TTL is decremented to zero.  The destination can respond to traceroute using an ICMP echo request.

     

    For more information on Cisco's implementation of both ping and traceroute - check out:

     

    http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml

     

    Anthony Sequeira

    StormWindLive.tv

    http://stormwindlive.com/demos.html

    Join this discussion now: Login / Register
  • Paul Stewart  -  CCIE Security 7,570 posts since
    Jul 18, 2008
    Currently Being Moderated
    3. Jun 16, 2011 3:56 PM (in response to Enrique)
    Re: How Does Traceroute Work

    I put together a blog post about permitting Traceroute through the ASA.  I know your question is not specific to the ASA, but if you read through this it will probably make a lot of sense to you. The reply methods are a bit different based on whether the UDP or ICMP method is used.  Anyway, I think it is worth a read--

     

    http://packetu.com/content/view/50/5/

    Join this discussion now: Login / Register
  • Patrick Geschwindner - CCIE R&S, CCSI 921 posts since
    Mar 24, 2009
    Currently Being Moderated
    Re: How Does Traceroute Work

    Nice article, Paul. I have no clue about the ASA, but it really describes the characteristics in a nice way.

    Join this discussion now: Login / Register
  • rboldy 305 posts since
    Jun 3, 2011
    Currently Being Moderated
    Re: How Does Traceroute Work

    Awesome Paul,

     

    I've just been tasked with doing this exact thing so you saved me a lot of trouble.

     

    I have done this once before a long time ago with a PIX but I could never get the FW to show up in the trace as you document here. Thanks!

    Join this discussion now: Login / Register
  • Najeebullah 152 posts since
    Jul 24, 2010
    Currently Being Moderated
    6. Jun 18, 2011 6:54 PM (in response to Enrique)
    Re: How Does Traceroute Work

    When you issue the traceroute command, the utility starts sending of a packet (Internet Control Message Protocol), including in the packet a "time to live" (TTL) time limit value. It is designed to be exceeded by the first router that receives it, which will send back a "time exceeded" message.

     

    This enables traceroute to calculate the time needed for the hop to the first router. It then resends the packet increasing the time limit value so that it will reach the second router in the path to the destination point, which returns another "time exceeded" message, and so on.

     

    Traceroute finds out when the packet has reached the destination point by including a port number that is outside of the normal range. When it is received, a "port unreachable" message is returned, enabling traceroute to determine the time length of the final hop. Each hop is measured three times by the most of the trace-route programs (* indicates a hop that exceeded some limit). Traceroute may take up to a few minutes to complete.

    Join this discussion now: Login / Register
  • Paul Stewart  -  CCIE Security 7,570 posts since
    Jul 18, 2008
    Currently Being Moderated
    7. Jun 18, 2011 7:10 PM (in response to Najeebullah)
    Re: How Does Traceroute Work

    Najib,

     

    port unreachable is what the destination returns when using the udp method.  When using the icmp method, the final hop will 1) return an echo reply 2) return administratively prohibited, or 3) return nothing at all.

    Join this discussion now: Login / Register

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)