# TCP / IP # TCP IP Detailed Volume 1: Protocol - Chapter 8 Traceroute program

Others 2020-04-04 13:57:34 views: null

8.1 Introduction

Tr aceroute program written by the Van Jacobson is a tool for a more in-depth exploration of TCP / IP protocol easily available. Although not guaranteed to be sent to the destination from the source two consecutive IP datagrams having the same route, but in most cases this. Tr aceroute program allows us to see the IP datagram is transmitted to another host through which the route from one host. Tr aceroute program also lets us use the IP source route option.

Manual says: "Program was proposed by Steve Deering, Jacobson implemented by Van, additional comments by many others for debugging according to C. Philip Wood, Tim Seaver and Ken Adelman, who made a convincing suggestion or."


Operation 8.2 Traceroute program

In Section 7.3, we described the IP record route option (RR). Why not use this option and the other to develop an application? There are three reasons. First of all, the original was not all routers support record route option, this option can not be used (Tr aceroute does not need to have any special intermediate routers or optional features) on a certain path.

Second, the record route is generally one-way option. The sender this option is set, then the receiving end had to be extracted from the IP header received all the information, then all returned to the sender. In Section 7.3, we see the realization (ICMP echo reply function in the kernel) to the list of RR received return most of P ing server, but this makes the IP address recorded more than doubled (to a one time). Doing so will some limitations, which we discussed in the next paragraph (Tr aceroute program only needs to run a destination UDP module - does not require any other special server applications).

The last reason is the most important reason is the limited options left to the IP header of space, can not be stored most of the current path. You can only store a maximum of nine IP addresses in the IP header options field. In the original ARPANET in it is enough, it is now is not enough.

Tr aceroute program uses ICMP packets and IP TTL field (lifetime) header section. TTL field is initially set by the transmitting end a 8 bit field. Recommended initial value specified by the allocation number RFC, the current value is 64. The older version of the system initialization is often 15 or 32. We can see from the examples of some of the ping program in Chapter 7, when sending ICMP echo reply often TTL set to the maximum 255.

Each router processing data packets of the required value of the TTL or subtracting 1 minus the number of seconds of data packets staying in the router. Since most of the routers forward datagrams less than 1 second delay, so TTL eventually become a hop counter, each router through which all its value by one.

RFC 1009 [Braden and Postel 1987] pointed out that if the router forwards the datagram delay of more than one second, then it will be the TTL value minus the time (in seconds) consumed. But few have achieved such a router. The new Router Requirements document RFC [Almquist 1993] To this end it is designated as optional feature that allows the TTL as a counter-hop station.

TTL field object is to prevent data packets flow in the network endlessly during routing. For example, when the connection between the router paralysis or loss of two routers, routing protocols sometimes to detect the lost route and it has been going. During this time, the datagram may be terminated in the circulation loop. TTL field that is circulating on the transfer of data packets plus a survival limit.

When the router receives an IP datagram, if its TTL field is 0 or 1, the router does not forward the data packets (datagrams received this purpose it may be handed over to the host application, because no forwarding the data is reported. However, in general, the system should not be receiving data packets TTL of zero). Instead, the router discards the data packets, to the source and a copy machine ICMP "timeout" message. The key Tr aceroute program that IP packets contain this information ICMP source address is the IP address of the router.

We can now guess what the operation Tr aceroute program. It sends a TTL of IP datagrams to the destination host. The first router processing data packets in the TTL value minus 1, discards the data packet, and sends back an ICMP message timeout. Thus obtained address in the path of the first router. Tr aceroute then sends a datagram TTL value of 2, so that we can get the address of the second router. This process continues until the datagram
to the destination host. But even if the destination host receives a TTL of the IP datagram, and will not discard the data packet and generating a timeout ICMP packets, because the data packet has reached its final destination. So how do we determine whether the destination host it?

Tr aceroute sends a UDP datagram to the destination host, but it is impossible to select a value as the UDP port number (greater than 30,000), so that any application can not use the destination host port. Because, when the datagram arrives, the destination host will allow UDP module generates a "port unreachable" error (see section 6.5) ICMP packets. In this way, Tr aceroute program have to do is distinguish received ICMP packets or port unreachable timeout to determine when to stop. Tr aceroute program must be provided to the TTL field of the datagram. Not all TCP / IP program interface support this function, but not all implementations support this capability, but most systems support this feature, and can run Tr aceroute program. The program interface usually requires a user with root privileges, which means it may require special permissions to run on your host this program.


8.3 LAN output

Tr aceroute now ready to run the program and observe the preparation of its output. We will use the svr 4 to slip, through simple Internet routers bsdi (see inside front cover). It is 9600 b / s and SLIP links between bsdi slip.

route 192.168.1.1
traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 60 byte packets
 1  arvinchen.cn.zmt.local (192.168.5.1)  1.329 ms  1.402 ms  1.527 ms
 2  192.168.255.254 (192.168.255.254)  0.263 ms  0.243 ms  0.192 ms

An output from the first reference line gives no destination host name and its IP address, indicated by traceroute maximum TTL of 3 bytes 0 0.4 datagram contains 20 bytes of IP header, the UDP header 8 bytes and 12 bytes of user data (12 bytes of user data comprises for each send a datagram sequence number plus 1, the transmission time and transmitting a copy of the datagram TTL).

Behind two lines of TTL output to start, followed by the host or router name and its IP address. For each TTL value, the transmission 3 datagrams. Each received an ICMP message, it will calculate and print out the round-trip time. If any of the three parts do not receive a response datagram within 5 seconds, an asterisk is printed, and transmits the next data packet. In the resulting output, TTL field before the datagram 1 3 parts ICMP messages respectively 20 ms, 10 ms and 10 ms received. 3 parts by TTL of packets 2 ICMP packets to receive in the 120 ms. Since TTL of 2 to reach the final destination, so the program stop there.

Round-trip time is calculated by the traceroute program of the sending host. It is the total round-trip time from the traceroute program to that router. If we are interested in the time of each segment of the path, you can use the TTL field of N + 1 printed out of time minus the TTL field is N times.

Figure 8 - 1 shows the tcpdump output operation. As we expected, the round-trip time of a probe sent to bsdi datagram is 20 ms, while the latter two packets of 10 ms round-trip time is due to the occurrence of an ARP exchange. tcpdump results confirm that is indeed the case.

UDP port number the destination host is set to the beginning of 33435, and each data packet transmitted by one. Beginning port number can be changed by command line options. UDP datagram contains 12 bytes of user data, 40 bytes of data we front of traceroute packets output thereof has been described.

Tcpdump prints out behind the TTL field of the IP datagram Note 1 of [ttl 1]. When the TTL value is 0 or 1, tcpdump prints out this information to prompt us datagram somewhat unusual place. Here you can foresee the TTL value of 1; while in some other applications, it can warn us datagrams may not reach their final destination host. We can not see the router sends a TTL value of 0 datagram, the router unless the issue of the data reported to have collapsed.

Bsdi router because the TTL value is reduced to zero, so we expect it will send back "transport timeout" ICMP packets. Even this discarded IP packets sent to the slip, the router will send back ICMP packets.

There are two different ICMP "Timeout" message (see FIG Section 626--. 3), they have different code field in the ICMP message. FIG 8--2 shows this ICMP error packet format.

ICMP messages we are discussing is generated in the TTL value is equal to 0:00, which is a code of 0. Fragmentation host assembled timeout may occur, then it will send a "message assembly timeout" ICMP packets (we will discuss fragmentation and assembly in section 11.5). This error packets the code field is set.

Figure 8 - 9, line 41 to 1 corresponds to a TTL of packets 2 to 3 parts. The three parts of the packet reaches the final destination, and generate an ICMP port unreachable message.

SLIP calculate the RTT link is significant, as we in Section 7.2 P ing in the cited example, the link is set to a value 1 2 0 0 b / s the same. UDP datagram transmitted a total of 42 bytes comprising 12 bytes of data, the 8-byte UDP header, the IP header of 20 bytes and (at least) a 2-byte frame SLIP (Section 2.4) . And P ing but not the same as the returned datagram size is varied. 9 can be seen, the returned ICMP packets comprising header data packet error occurs immediately after the IP, and IP. 8-byte data (in the traceroute program, i.e. UDP header) header portion - 6 in FIG. Thus, the total is 20 + 2 0 + 8 + 8 + 2, i.e. 58 bytes. In the case where the data rate of 960 b / s, the expected RT T is (42 + 58/960), i.e. 104 ms. This value is estimated svr 4 out of 110 ms is consistent.

Figure 8 - a source port number 1 (42,804) seem large. traceroute program source port number of the UDP datagram which is sent to the U nix process ID or a logical value between 3 2768. In the case of running traceroute program multiple times on the same host, each process to view the source port number of the UDP header ICMP returned, and only deal with those packets to send their own response.

About traceroute program, there are a few things must be noted. First of all, it does not guarantee that the route now is the future of the route to be used, even two consecutive IP datagrams are likely to take different routes. If you run the program, the route is changed, it will be observed this change, because for a given TTL, if that route changes, traceroute program will print out the new IP address.

Second, not guaranteed UDP datagram ICMP packet routing and traceroute program transmitted using the same route. This indicates that the printed round-trip time may not truly reflect the time difference between the data packets sent and returned (if UDP data packets from the source to the router is 1 second, and ICMP packet with another road by the return source used 3 seconds, then print out the round-trip time is 4 seconds).

Third, the source IP address of the returned ICMP message is a UDP datagram arriving IP address of the router interface. This IP record route option (Section 7.3) different, IP address, recording refers to the transmission interface address. Since there are two or more interfaces defined for each router, and therefore, the results obtained from the host B to the host A traceroute program running and run from the host B to host A on the traceroute program may be different. In fact, if we run traceroute program from the host to slip on svr 4, its output becomes:

The print out is the IP address of the host bsdi 1402521366, corresponding to a SLIP interface;... And the last address is 1402521335,... Ethernet interface address. Since the traceroute program also print out the host name associated with the IP address, host name and therefore may change (in our case, two interfaces on bsdi use the same name).

Consider Figure 8 - the case 3. It shows the case of two LANs connected by a router. Two routers are connected by a point to point link. If we run a traceroute program on the left side of the hosts on the LAN, it will find the IP address of the router as if 1 and if 3. However, in another case, you will find the IP address is printed and if 4 if 2. if 2 if 3 and have the same network number, while the other two have different interfaces of the network numbers.

Finally, in the wide area network, if the output of traceroute program is readable domain name form, rather than the IP address in the form, it will better understand some. However, due to traceroute program receives ICMP packets when the only information it has obtained an IP address is, therefore, in the case of a given IP address, it does a "reverse name lookup" work to obtain the domain name. This requires a router or a host of administrators properly configure their reverse name lookup function (not true in all cases). We will describe in Section 4.5 how to use the DNS translates a domain name into an IP address.


8.4 WAN output

Output example of a small Internet previously given to the process of viewing protocol operation is sufficient, but for the global Internet like such a big Internet, the application traceroute program needs some more practical things.

FIG 8 --4 sun from the host to the NIC (Network Information Center) case.

​
traceroute baidu.com
traceroute to baidu.com (220.181.38.148), 30 hops max, 60 byte packets
 1  arvinchen.cn.zmt.local (192.168.5.1)  1.264 ms  1.394 ms  1.540 ms
 2  * 192.168.255.254 (192.168.255.254)  0.290 ms *
 3  202.101.22.65 (202.101.22.65)  6.472 ms * *
 4  61.152.6.217 (61.152.6.217)  2.642 ms 61.152.7.225 (61.152.7.225)  3.634 ms 61.152.7.229 (61.152.7.229)  3.518 ms
 5  101.95.89.86 (101.95.89.86)  6.553 ms  6.540 ms  7.207 ms
 6  61.152.25.14 (61.152.25.14)  2.596 ms 61.152.24.106 (61.152.24.106)  3.542 ms 61.152.24.254 (61.152.24.254)  2.208 ms
 7  202.97.97.217 (202.97.97.217)  26.413 ms 202.97.97.221 (202.97.97.221)  25.575 ms

For this example contains a text run, non-DDN sites (eg, non-military sites) of the NIC already. Ddn. Mil transferred from nic to rs. Internic. Net, that is the new "InterNIC".

Once the data reported to leave tuc. Noao. Edu network, they entered the telcom. Arizona. Edu network. This data is then reported into the NASA Science Internet, nsn. Nasa. Gov. 6 and 7 TTL of routers located JPL (JetPropulsion Laboratory) on. TTL of sura 11 output. Net network located on the Southeastern UniversitiesResearch Association Network. TTL of 12 domain names GSI is overnment Systems, Inc., NIC operators.

TTL of the second RT T 6 in (590) is almost twice the value of the other two RT T (234 and 262) is. It shows the dynamic changes of IP routing. Between the sending host and the router that the datagram slow down the incidents occurred. Similarly, we can not distinguish between ICMP error packets sent or returned intercepted.

TTL of a first detection value RT T 3 (204) ratio of the TTL field value of a probe (233) value of 2 smaller. Since the value of each printed RT T is the total time from the source to the router, so this situation is likely to occur.

Figure 8 - Example 5 is an example of running between the host sun from the publisher to the author.

traceroute google.com
traceroute to google.com (93.46.8.90), 30 hops max, 60 byte packets
 1  arvinchen.cn.zmt.local (192.168.5.1)  1.294 ms  1.417 ms  1.564 ms
 2  192.168.255.254 (192.168.255.254)  0.228 ms  0.230 ms  0.193 ms
 3  * * *
 4  61.152.7.225 (61.152.7.225)  6.179 ms 61.152.6.217 (61.152.6.217)  7.822 ms  7.818 ms
 5  101.95.89.74 (101.95.89.74)  6.464 ms  6.516 ms 101.95.89.78 (101.95.89.78)  2.980 ms
 6  202.101.63.134 (202.101.63.134)  6.706 ms 61.152.24.30 (61.152.24.30)  9.807 ms 61.152.24.50 (61.152.24.50)  2.781 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *

 

In this example, the data packets leaving Telcom. After arizona. Edu network of regional network westnet. Net (TTL field value of 6 and 7). Then by Advanced Network & NSFNET backbone Services operations, t 3. Ans. Net, (T 3 for 45 Mb / s telephone line backbone using a general abbreviation.) The final network is alter. Net, i.e., aw. ​​com connection point to the Internet.


8.5 IP source routing options

Usually IP routing is dynamic, that is, each router must report the following data to determine which router that forwards to. Application which is not controlled, and usually not concerned. It uses a similar procedure Tr aceroute tools to find the actual routes.

Thought source routing (source routing) is designated by the sender route. It can take two forms:

  1. • Strict source routing. The transmitting end indicating the exact path that an IP datagram must be used. If the router finds a next router on the network source specified by the routing is not directly connected to, then it returns a "source routing failure" ICMP error packets.
  2. • loose source routing. Transmitting end address indicating a list of IP data packets through, but packets between any two addresses in the list may be indicated by other routers.

Tr aceroute program provides a view source routing approach, we can specify a source routing options, and then see what happens.

Some disclosed Tr aceroute source code package comprising a patch to specify loose source routing path. But in the standard version usually does not include this. Interpretation of these patches are "Van Jacobson's original Tr aceroute program (1988 Spring) support this feature, but later because it was broken gateways and the removal of this feature." For the example given in this chapter, the author these patching up, and they are arranged to allow loose source routing and the strict source routing.

Figure 8 - 6 shows the format of the source routing options.

This format is with us in Figure 7 - consistent record route option format shown in Figure 3. The difference is that, for source routing, we have to fill the list of IP addresses before sending the IP datagram; and for the record route option, we need to allocate and clear some space for the IP address list, and let the router populate the list items. Meanwhile, source routing, as long as the number of IP addresses required space allocation and initialization, which typically number less than 9. For the record route option allocated as much space to reach nine addresses.

 

For loose source routing, the value of the code field is 0 x 8 3; and for strict source routing, a value of 0 x 8 9. len and ptr field in Section 7.3 as described.

The actual call source routing option to "source and record route" (for loose source routing and the strict source routing, are represented by LSRR and SSRR), because the data packets along the transmission process on the list of IP addresses have been updated.

Here is the course of its operation:

  1. • The sending host to receive a source route from the application list, the first one entry is removed (which is the final destination of the data packet), the remaining items to an item (FIG 8--6 shown), and the original destination as the last item in the list. Pointer still points to the item (i.e., the value of the pointer 4) of the first list.

  2. • Each router that handles the datagram checks whether it is the destination address of the datagram. If not, the normal packet forwarding data (in this case, must specify loose source routing, otherwise it can not receive the data packet).

  3. • If the router is the ultimate goal, and the pointer is not greater than the length of the path, then the next address (1) a list ptr points specified in is the final destination of the datagram; (2) from the outgoing interface (outgoing interface) with corresponding IP

Address source address just used substituted; (3) 4 pointer is incremented.

Can use the following procedure is best explained with an example. 8 Map - 7, we assume that the sending application on the host transmits a datagram to S D, specify the source route as R1, R2 and R3.

In the figure, # represents the pointer field, whose value is 4,8,1 and 16 2, respectively. The length field 15 is constant (IP address plus three three header bytes). As can be seen, each hop destination address of the IP datagram have changed.

When an application receives the data from the source specified route, and when the transponder should be read route values ​​received, and to provide reverse route.

Host Requirements RFC specified, TCP client must be able to specify source routing, while, TCP server must be able to receive a source routing, and use the reverse route for all segments of the TCP connection. If the TCP server later receives a different source route, then the new source route replaces the old source route.


traceroute Examples 8.5.1 loose source routing the

The use of traceroute - g option to specify intermediate routers to loose source routing. With this option you can specify up to eight intermediate router (which is the reason the number 8 instead of 9 is used in the programming interface required final table entry be the destination).

In Figure 8--4, the route to NIC, namely nic ddn mil route through NASA Science Internet... ... In FIG. 8 - 8 we enss 1 4 2 UT westnet net (192.31.39.21) as an intermediate router to force datagram designated router NSFNET:

In this case, a total of 16 looks hop path having an average RT T is approximately 350 ms. And Figure 8 - typically only 4 routing hops 13, the average RT T of about 322 ms. The default path looks better (in the establishment of a path, you also need to consider other factors. Some of these factors must be considered is the network of organizations and political factors included).

But we said jump looks 16, because its previous output by NSFNET - comparative example (FIG. 85) found in the present embodiment uses loose source routing, router 3 is selected (which may be because the router generates ICMP Time Exceeded error of source routing data packets, there are some errors in) the packet. Netb between the router and the butch gatewa y. Tuc. Noao. Edu router lost, while G abby located and enss 1 4 2. U T. west . We stgate between net. Te lcom. A rizona. Edu and uu -... ua AZ westnet net two routers also lost. In these lost route
on program issues and received loose source routing options related to data reported may have occurred. Indeed, when using the NSFNET, the path between the source and the NIC 19 jump. Chapter exercises 8.5 to continue discussion of these missing routers.

At the same time this case also points to another problem. At the command line, we must specify the router enss 1 4 2. U T. westnet. Net dotted decimal IP address, but can not replace its domain name. This is because the reverse DNS (domain name returned by the IP address of Section 4.5 described) the IP address associated with the domain name, but before the resolution (i.e., return the domain name given IP address) can not. In DNS, before two separate files to and reverse mappings, and not all managers have both of these two files. Thus, in one direction it is working properly and the situation in the other direction but failure is not uncommon.

There is a situation not previously encountered in the case of the TTL field is 8, for the first RT T, print an asterisk. This indicates that a timeout occurs, this response signal is not received within 5 seconds probed.

FIG 8 and FIG present --4 comparison, a conclusion may be drawn that the router nsn - FIX -.. Pe sura net simultaneously connected NSFNET and NASA Science Internet.


8.5.2 traceroute program strict source routing example

In the author's version of traceroute program, - G option described earlier - g option is exactly the same, but this time is a strict source routing instead of loose source routing. We can use this option to observe at the time specified invalid strict source routing the result would be like. 5 it can be seen, the normal sequence of data packets from the router of the subnet is sent to NSFNET netb, gateway, butch and Gabby (for ease of viewing, all subsequent output in both omitted domain suffix - 8 in FIG. tuc. noao. edu and. telcom. arizona. edu). We specify a strict source route, it attempts to send data packets directly from the gateway to gabby, omitted butch. We can guess the result will be a failure, as Figure 8 - the result of nine given.

The key here is that the field for the TTL output line 3, RT T behind! S. This indicates that the traceroute program received ICMP "source route failed" error message: i.e., FIG. 6 - the type field is 3 3, and a code of 5. TTL field for the second RT T 3 position of the asterisk indicates not received a response for that probe. This is the same as we guessed, gateway datagram can not be sent directly to gabby, because there is no direct connection between them.

TTL of 2 and 3 are the results from the gateway, the transponder 2 for the TTL field from the gateway, because the gateway receives the TTL field datagrams. Before its view (invalid) strict source routing, we found that TTL has expired, and sends back the ICMP time exceeded. TTL field equal to 3 rows, when it enters the gateway TTL of 2, so it looks at strict source routing, found it to be invalid, and sends back the ICMP source route failed error message.

FIG 8--10 shows the results corresponding to the present embodiment tcpdump output. The output is encountered on the link between the sun and the SLIP netb. We must be specified in the tcpdump - v option to display the source route information. Thus, the output will be some results like Datagram ID so we do not need, we do not need to give the results of these results will be deleted. Similarly, with SSRR that "strict source and record route."

First note that each destination address of the UDP datagram sent by sun are netb, rather than the destination host (westgate). This may be used Figure 8 - Example 7 is explained. Similarly, - the other two routers (gateway and gabby) G specified by the option and the final destination (Westgate) becomes the first hop SSRR option.

From this output it can also be seen that (the time difference between the first row 15 and row 16) the timing used by traceroute time is 5 seconds.


8.5.3 roundtrip routing loose source routing traceroute program

As we have said earlier, the path from A to B is not necessarily the path from B to A is exactly the same. Unless the two systems simultaneously log in and run traceroute program on each terminal, otherwise it is difficult to find two paths are different. However, use of loose source routing, can decide the route in both directions.

The trick is that specify a loose source routing, the destination of the route and the loose route, and the sending of the destination host. For example, the host in the sun, we can view the sent and bruno cs colorado edu from the results shown in Figure 8 -.... 11.

Results issued path (TTL from 1 to 11) and the return path (TTL is 11 to 21) different, well illustrated in the Internet, routing may be asymmetric.

The output also shows that we in FIG. 8 - 3 issues discussed. Comparative output TTL of 2 and 19: they are router gateway tuc noao edu, but two different IP addresses it is... Since the traceroute program identifies the incoming interface, and our two different directions through the router, an outbound path (TTL field 2), on the return path (TTL is 19), it is possible to guess this result. By comparing the TTL of 8,4 and 31 and the results 17, the same results can be seen.
 


8.6 Summary

In a TCP / IP network, traceroute program is an indispensable tool. The operation is simple: sending a UDP datagram TTL of 1, then the TTL field increments by one, to determine the path at the beginning of each router. Each router discards the UDP datagram return an ICMP timeout packet 2, and the final destination is to produce an ICMP port unreachable message.

We give examples of traceroute program running on the LAN and WA N, and use it to examine IP source routing. We loose source routing sent to the destination host to detect whether the same route and a route to the destination host.

arvin_xiaoting
Published 170 original articles · won praise 207 · Views 4.59 million +
His message board concerns

Guess you like

Origin blog.csdn.net/xiaoting451292510/article/details/103386305
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com