traceroute

From Wikipedia, the free encyclopedia

traceroute is a computer network tool used to determine the route taken by packets across an IP network. An IPv6 variant, traceroute6, is also widely available.

The traceroute tool is available on practically all Unix-like operating systems. Variants with similar functionality are also available, such as tracepath on modern Linux installations and tracert on Microsoft Windows operating systems. Windows NT-based operating systems also provide PathPing, which provides similar functionality.

Implementation

Traceroute works by increasing the “time-to-live” value of each successive batch of packets sent. The first three packets sent have a time-to-live (TTL) value of one (implying that they are not forwarded by the next router and make only a single hop). The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination. The three timestamp values returned for each host along the path are the delay (aka latency) values typically in milliseconds (ms) for each packet in the batch. If a packet does not return within the expected timeout window, a star (asterisk) is traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is at one hop, the second host at two hops, etc. IP does not guarantee that all the packets take the same route. Also note that if the host at hop number N does not reply, the hop will be skipped in the output.

On modern Unix and Linux-based operating systems, the traceroute utility by default uses UDP datagrams with destination ports number from 33434 to 33534. The traceroute utility usually has an option to specify use of ICMP echo request (type instead, as used by the Windows tracert utility. If you have a firewall and if you want traceroute to work from both machines (Unix/Linux and Windows) you will need to allow both protocols inbound through your firewall (UDP with ports from 33434 to 33534 and ICMP type 8).

There are also traceroute implementations that use TCP packets, such as tcptraceroute or layer four traceroute. PathPing is a utility introduced with Windows NT that combines ping and traceroute functionality. mtr (my traceroute) is an enhanced version of ICMP traceroute which is available for Unix and Windows systems. All implementations of traceroute rely on ICMP (type 11) packets being sent to the originator.

The implementations of traceroute shipped with FreeBSD, OpenBSD, and NetBSD include an option to use ICMP packets (-I). The implementations shipped with FreeBSD and OpenBSD include an option to use any arbitrary protocol (-P) such as TCP.

Uses

Traceroute is often used for network troubleshooting. By showing a list of routers traversed, it allows the user to identify the path taken to reach a particular destination on the network. This can help identify routing problems or firewalls that may be blocking access to a site. Traceroute is also used by penetration testers to gather information about network infrastructure and IP ranges around a given host. It can also be used when downloading data, and if there are multiple mirrors available for the same piece of data, one can trace each mirror to get a good idea of which mirror would be the fastest to use.

Security concerns

Supplying such detailed information about the pathways taken was considered acceptable and convenient in the early days of the Internet, but later was considered questionable for privacy and security reasons. Traceroute information has been frequently used by hackers as a way to acquire sensitive information about a company’s network architecture. By using the traceroute command, a hacker can quickly map out intermediate routers for known destinations on a company’s network architecture.

For these reasons, while traceroute was widely unrestricted during the early days of the Internet, today many networks block traceroute requests, or de-prioritize the ICMP time exceeded message that is required to determine round trip time. However, filtering traffic except at network end-points is a controversial practice.

Origins

The traceroute man page states that the original traceroute program was written by Van Jacobson in 1987 from a suggestion by Steve Deering, with particularly cogent suggestions or fixes from C. Philip Wood, Tim Seaver and Ken Adelman.

See also

• Layer Four Trace, a more modern traceroute (IP network tracing) implementation that supports a multitude of layer-4 protocols
• mtr (my traceroute)
• PathPing
• List of Unix programs
• List of DOS commands

References

External links

• RFC 1393: Traceroute using an IP Option Internet RFC
• RFC 792: Internet Control Message Protocol (ICMP)
• Traceroute man page for FreeBSD
• Traceroute man page for NetBSD
• Traceroute man page for OpenBSD
• traceroute.org: monthly updated list of online traceroutes
• BGP4.net Traceroute Wiki: hundreds of traceroute servers, sorted by Autonomous System Number
• GeoTrace – Geographically map a hostname or domain with traceroute
• Graphical TraceRoute for Windows

www.computerhope.com

Route

Displays and modifies the entries in the local IP routing table. Used without parameters, route displays help.

Syntax

route [-f] [-p] [Command [Destination] [mask Netmask] [Gateway] [metric Metric]] [if Interface]]

Parameters

-f : Clears the routing table of all entries that are not host routes (routes with a netmask of 255.255.255.255), the loopback network route (routes with a destination of 127.0.0.0 and a netmask of 255.0.0.0), or a multicast route (routes with a destination of 224.0.0.0 and a netmask of 240.0.0.0). If this is used in conjunction with one of the commands (such as add, change, or delete), the table is cleared prior to running the command.

-p : When used with the add command, the specified route is added to the registry and is used to initialize the IP routing table whenever the TCP/IP protocol is started. By default, added routes are not preserved when the TCP/IP protocol is started. When used with the print command, the list of persistent routes is displayed. This parameter is ignored for all other commands. Persistent routes are stored in the registry location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes.

Command : Specifies the command you want to run. The following table lists valid commands.

Command	Purpose
add	Adds a route.
change	Modifies an existing route.
delete	Deletes a route or routes.
print	Prints a route or routes.

Destination : Specifies the network destination of the route. The destination can be an IP network address (where the host bits of the network address are set to 0), an IP address for a host route, or 0.0.0.0 for the default route.

mask Netmask : Specifies the netmask (also known as a subnet mask) associated with the network destination. The subnet mask can be the appropriate subnet mask for an IP network address, 255.255.255.255 for a host route, or 0.0.0.0 for the default route. If omitted, the subnet mask 255.255.255.255 is used. Because of the relationship between the destination and the subnet mask in defining routes, the destination cannot be more specific than its corresponding subnet mask. In other words, there cannot be a bit set to 1 in the destination if the corresponding bit in the subnet mask is a 0.

Gateway : Specifies the forwarding or next hop IP address over which the set of addresses defined by the network destination and subnet mask are reachable. For locally attached subnet routes, the gateway address is the IP address assigned to the interface that is attached to the subnet. For remote routes, available across one or more routers, the gateway address is a directly reachable IP address that is assigned to a neighboring router.

metric Metric : Specifies an integer cost metric (ranging from 1 to 9999) for the route, which is used when choosing among multiple routes in the routing table that most closely match the destination address of a packet being forwarded. The route with the lowest metric is chosen. The metric can reflect the number of hops, the speed of the path, path reliability, path throughput, or administrative properties.

if Interface : Specifies the interface index for the interface over which the destination is reachable. For a list of interfaces and their corresponding interface indexes, use the display of the route print command. You can use either decimal or hexadecimal values for the interface index. For hexadecimal values, precede the hexadecimal number with 0x. When the if parameter is omitted, the interface is determined from the gateway address.

/? : Displays help at the command prompt.

Remarks

• Large values in the metric column of the routing table are the result of allowing TCP/IP to automatically determine the metric for routes in the routing table based on the configuration of IP address, subnet mask, and default gateway for each LAN interface. Automatic determination of the interface metric, enabled by default, determines the speed of each interface and adjusts the metrics of routes for each interface so that the fastest interface creates the routes with the lowest metric. To remove the large metrics, disable the automatic determination of the interface metric from the advanced properties of the TCP/IP protocol for each LAN connection.
• Names can be used for Destination if an appropriate entry exists in the local Networks file stored in the systemroot\System32\Drivers\Etc folder. Names can be used for the gateway as long as they can be resolved to an IP address through standard host name resolution techniques such as Domain Name System (DNS) queries, use of the local Hosts file stored in the systemroot\system32\drivers\etc folder, and NetBIOS name resolution.
• If the command is print or delete, the Gateway parameter can be omitted and wildcards can be used for the destination and gateway. The Destination value can be a wildcard value specified by an asterisk (*). If the destination specified contains an asterisk (*) or a question mark (?), it is treated as a wildcard and only matching destination routes are printed or deleted. The asterisk matches any string, and the question mark matches any single character. For example, 10.*.1, 192.168.*, 127.*, and *224* are all valid uses of the asterisk wildcard.
• Using an invalid combination of a destination and subnet mask (netmask) value displays a “Route: bad gateway address netmask” error message. This error message appears when the destination contains one or more bits set to 1 in bit locations where the corresponding subnet mask bit is set to 0. To test this condition, express the destination and subnet mask using binary notation. The subnet mask in binary notation consists of a series of 1 bits, representing the network address portion of the destination, and a series of 0 bits, representing the host address portion of the destination. Check to determine whether there are bits in the destination that are set to 1 for the portion of the destination that is the host address (as defined by the subnet mask).
• The -p parameter is only supported on the route command for Windows NT 4.0, Windows 2000, Windows Millennium Edition, and Windows XP. This parameter is not supported by the route command for Windows 95 or Windows 98.
• This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network Connections

Examples

To display the entire contents of the IP routing table, type:

route print

To display the routes in the IP routing table that begin with 10., type:

route print 10.*

To add a default route with the default gateway address of 192.168.12.1, type:

route add 0.0.0.0 mask 0.0.0.0 192.168.12.1

To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 10.27.0.1, type:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1

To add a persistent route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 10.27.0.1, type:

route -p add 10.41.0.0 mask 255.255.0.0 10.27.0.1

To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, the next hop address of 10.27.0.1, and the cost metric of 7, type:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 metric 7

To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, the next hop address of 10.27.0.1, and using the interface index 0×3, type:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 if 0×3

To delete the route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, type:

route delete 10.41.0.0 mask 255.255.0.0

To delete all routes in the IP routing table that begin with 10., type:

route delete 10.*

To change the next hop address of the route with the destination of 10.41.0.0 and the subnet mask of 255.255.0.0 from 10.27.0.1 to 10.27.0.25, type:

route change 10.41.0.0 mask 255.255.0.0 10.27.0.25

Formatting legend

Format	Meaning
Italic	Information that the user must supply
Bold	Elements that the user must type exactly as shown
Ellipsis (…)	Parameter that can be repeated several times in a command line
Between brackets ([])	Optional items
Between braces ({}); choices separated by pipe (|). Example: {even|odd}	Set of choices from which the user must choose only one
Courier font	Code or program output

May 15, 2009 - Posted by luthfyz | Knowledge | DOS COMMAND, Tracert | No Comments Yet