trace route & analyse path
DESCRIPTION
Trace RouteTRANSCRIPT
Company
LOGO
TRACE ROUTE & ANALYSE PATH
A network diagnostic tool
Originally written by Van Jacobson
Whether routing problems exist on the network?
3 primary objectives of the TRACEROUTE tool
The entire path the packet travels
through
The name & identity of routers &
devices in your path
Network Latency : The time taken to
send and receive data to each devices in
the network
` TTL ???
Time To Live Time …. Is it measured in
seconds ??? Hopes…
Hops are nothing but the computers, routers, or any devices that comes in between the source and the destination.
?What if there was no TTL at all !!!
But the router which discards the
packet will inform the original sender
that the TTL value has exceeded.!
ICMP TTL exceeded
messages
But how does Traceroute uses TTL
exceeded message to find out
routers/hops in between?
traceroute to google's publicly available DNS server(8.8.8.8)
root@workstation:~# tcpdump -n '(icmp or udp)' –vvv 12:13:06.585187 IP (tos 0x0, ttl 1, id 37285, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.43143 > 8.8.8.8.33434: [bad udp cksum 0xd157 -> 0x0e59!] UDP, length 32
12:13:06.585218 IP (tos 0x0, ttl 1, id 37286, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.102.38682 > 8.8.8.8.33435: [bad udp cksum 0xd157 -> 0x1fc5!] UDP, length 32
12:13:06.585228 IP (tos 0x0, ttl 1, id 37287, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.102.48381 > 8.8.8.8.33436: [bad udp cksum 0xd157 -> 0xf9e0!] UDP, length 32
12:13:06.585237 IP (tos 0x0, ttl 2, id 37288, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.102.57602 > 8.8.8.8.33437: [bad udp cksum 0xd157 -> 0xd5da!] UDP, length 32
12:13:06.585247 IP (tos 0x0, ttl 2, id 37289, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.102.39195 > 8.8.8.8.33438: [bad udp cksum 0xd157 -> 0x1dc1!] UDP, length 32
12:13:06.585256 IP (tos 0x0, ttl 2, id 37290, offset 0, flags [none], proto UDP (17), length 60)
This UDP packet will contain the following
things.
My Source Address (Which is my IP address)
Destination address (Which is 8.8.8.8)
And A destination UDP port number which is
invalid. Means the traceroute utility will send
packet to a UDP port in the range of 33434 to
33534, Which is normally unused.
My Source address will make a packet
with destination ip address of 8.8.8.8 and
a destination port number between 33434
to 33534. And the important thing it
does it to make the TTL Value 1
On receiving this TTL Time exceeded
message, my traceroute program will
come to know the source address
and other details about the first hop
(Which is my gateway server.)
Again sends a UDP packet with
different port number and TTL value
2… and so on….
192.168.0.1 > 192.168.0.102: ICMP time exceeded in-transit, length 68
IP (tos 0x0, ttl 1, id 37285, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.1 > 192.168.0.102: ICMP time exceeded in-transit, length 68
IP (tos 0x0, ttl 1, id 37286, offset 0, flags [none], proto UDP (17), length 60)
183.83.192.1 > 192.168.0.102: ICMP time exceeded in-transit, length 60
IP (tos 0x0, id 37288, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.1 > 192.168.0.102: ICMP time exceeded in-transit, length 68
IP (tos 0x0, ttl 1, id 37287, offset 0, flags [none], proto UDP (17), length 60)
Why 3 UDP Packets with TTL value 1???
root@workstation:~# tcpdump -n '(icmp or udp)' –vvv 12:13:06.585187 IP (tos 0x0, ttl 1, id 37285, offset 0, flags [none], proto UDP (17),
length 60)
192.168.0.102.43143 > 8.8.8.8.33434: [bad udp cksum 0xd157 -> 0x0e59!] UDP, length 32
12:13:06.585218 IP (tos 0x0, ttl 1, id 37286, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.102.38682 > 8.8.8.8.33435: [bad udp cksum 0xd157 -> 0x1fc5!] UDP, length 32
12:13:06.585228 IP (tos 0x0, ttl 1, id 37287, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.102.48381 > 8.8.8.8.33436: [bad udp cksum 0xd157 -> 0xf9e0!] UDP, length 32
12:13:06.585237 IP (tos 0x0, ttl 2, id 37288, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.102.57602 > 8.8.8.8.33437: [bad udp cksum 0xd157 -> 0xd5da!] UDP, length 32
12:13:06.585247 IP (tos 0x0, ttl 2, id 37289, offset 0, flags [none], proto UDP (17), length 60)
192.168.0.102.39195 > 8.8.8.8.33438: [bad udp cksum 0xd157 -> 0x1dc1!] UDP, length 32
12:13:06.585256 IP (tos 0x0, ttl 2, id 37290, offset 0, flags [none], proto UDP (17), length 60)
Why 3 UDP Packets with TTL value 1???
RTP : Round Trip Time
How the Traceroute program will come to
know that the destination is reached ??
“ICMP Port/Destination UNREACHABLE “
INSERT INTO tbl_users(user_unq_id,user_course_id,user_fullname,user_username,user_password,user_mobile,user_email,user_status,user_previlage) VALUES ('123','1','Saumya','sam','c2Ft','918547057028','[email protected]','0','user')
8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33458 unreachable, length 68 IP (tos 0x80, ttl 2, id 37309, offset 0, flags [none],
proto UDP (17), length 60) 8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33457 unreachable, length 68 IP (tos 0x80, ttl 1, id 37308, offset 0, flags [none],
proto UDP (17), length 60) 8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33459 unreachable, length 68 IP (tos 0x80, ttl 2, id 37310, offset 0, flags [none],
proto UDP (17), length 60)
8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33458 unreachable, length 68 IP (tos 0x80, ttl 2, id 37309, offset 0, flags [none],
proto UDP (17), length 60) 8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33457 unreachable, length 68 IP (tos 0x80, ttl 1, id 37308, offset 0, flags [none],
proto UDP (17), length 60) 8.8.8.8 > 192.168.0.102: ICMP 8.8.8.8
udp port 33459 unreachable, length 68 IP (tos 0x80, ttl 2, id 37310, offset 0, flags [none],
proto UDP (17), length 60)
Traceroute program will come to know that our destination has reached
Different types of Traceroute program
UDP TracerouteICMP tracerouteTCP Traceroute
