Shulou(Shulou.com)06/01 Report--

This article mainly introduces what is the use of traceroute in linux. It is very detailed and has a certain reference value. Interested friends must finish reading it!

Traceroute introduction

Traceroute, like its name, can trace the router path through which a network packet travels. This is a command on Linux, and a similar command on Windows is tracert.

Tracert uses ICMP packet detection by default, traceroute uses UDP package, and you can also use ICMP and TCP packet detection with the parameters-I and-T, respectively.

Main uses of traceroute

Traceroute uses ICMP error messages to determine these things:

Determine the router equipment passing through the path of both sides of the communication

Determine if the UDP packet successfully reached its destination

Discovery path MTU

(1) determine the router equipment passing through the path of both sides of the communication. It is realized by using the TTL field of the IP packet and the ICMP message of the timeout type. First, traceroute sends IP packets to the destination. At the beginning, TTL is set to 1. When passing through the first router, TTL-1 = 0 causes a timeout error. The first router replies with an ICMP timeout message, and the source host can know the information of the first router in the path. Then TTL is set to 2, 3, 4, until the destination is reached. Each router along the way will reply the ICMP timeout message to the source host, and traceroute can get all the router information.

However, it should be noted that not all routers return ICMP messages, because for security reasons, most firewalls and routers with firewall features are configured not to return any ICMP messages by default, and administrators will actively configure them, so you may not be able to get all router information by using traceroute.

(2) determine whether the packet has successfully reached its destination. Using the above method, you can get the router information, but it is not possible to determine whether the packet sent has arrived at the destination. Traceroute solves this problem by setting the port number of the UDP packet sent, because the port number of the available port number range 3000 of the UDP packet, when the packet arrives at the destination, but because the port does not match, it will return an unreachable ICMP message, so that the source host can determine that the packet has indeed arrived at the destination.

(3) find the path MTU. An ICMP message of the type "needs sharding but no sharding bit is set". If a source host sets the DF bit of the first field in the IP packet to 1, that is, "sharding forbidden bit = 1" before sending an IP packet, it means that the packet is not allowed to be fragmented during transmission. If the maximum path MTU allowed by an intermediate router is less than the packet size, sharding is required for transmission. However, because the unfragmented bit is set, the router discards the packet and sends an ICMP packet with MTU information to the source host, reminding the source host that the size of the next packet should not exceed the value of the MTU. Traceroute can use this type of message to confirm the MTU values between routers on the transmission path one by one.

Common command cases

The format used by traceroute is:

Traceroute "parameters"host"

# traceroute-- help Usage: traceroute [- 46dFITnreAUDV] [- f first_ttl] [- g gate,...] [- I device] [- m max_ttl] [- N squeries] [- p port] [- t tos] [- l flow_label] [- w MAX,HERE,NEAR] [- Q nqueries] [- s src_addr] [- z sendwait] [--fwmark=num] host [packetlen]

Among them, the main options are:

-4: use IPv4

-6: use IPv6

-d: enable debug of socket layer

-F: set undivided bits

-f first_ttl: sets the TTL value of the first hop. Default is 1.

-g gate: specify the maximum number of big data packets routed by the gateway gate

-I: use ICMP echo packet probe

-T: use TCP SYN packet probe

-m max_ttl: sets the maximum hop count of TTL. The default is 30.

-N squeries: number of probe packets sent at the same time

-n: no resolution from IP to domain name

-p port: sets the value of the destination port (default is 33434), and ICMP sets the initial sequence number (default is 1)

-t tos: sets the TOS value (IPv6 is TC value)

-w max,here,near: sets the time to wait for the response of each hop. There are three values. Max represents the maximum time that cannot be exceeded (default is 5s), here represents the reference factor of the same hop time, and near represents the next hop reference factor (these two values are of little significance)

-Q nqueries: sets the number of probes per hop. Default is 3.

-r: bypass the intermediate route probe and deliver the packet directly to the destination

-s srcaddr: use srcaddr as the source address for sending packets

-- mtu: discovery path MTU, which is equivalent to the parameter-F-N1

The simplest use of ①

Traceroute www.baidu.com

[root@localhost] # traceroute www.baidu.com traceroute to www.baidu.com (61.135.169.125), 30 hops max 40 byte packets 192.168.74.2 (192.168.74.2) 2.606 ms 2.771 ms 2.950 ms 211.151.56.57 (211.151.56.57) 0.596 ms 0.598 ms 0.591 ms 211.151.227.206 (211.151.227.206) 0.546 ms 0.544 ms 0.538 ms 210.77.139.145 (210.77.139.145) 0.710 ms 0.748 ms 0.801 ms 202.106.42 .101 (202.106.42.101) 6.759 ms 6.945 ms 7.107 ms 61.148.154.97 (61.148.154.97) 718.908 ms * bt-228-025.bta.net.cn (202.106.228.25) 5.177 ms 124.65.58.213 (124.65.58.213) 4.343 ms 4.336 ms 4.367 ms 202.106.35.190 (202.106.35.190) 1.795 ms 61.148. 156.138 (61.148.156.138) 1.899 ms 1.951 ms * * [root@localhost] #

You can see that the first line outputs the hostname and corresponding IP of the probe, the maximum number of hops allowed to be detected, and the number of bytes of packets sent. Each subsequent line represents the information for each hop, including IP information, and three delay values (because probe packets are sent 3 times by default for each hop).

Finally, you will see three * *, indicating that the current hop is filtered by the firewall and the probe packet is discarded.

② sets the maximum hop count of TTL:-m max_ttl

The default TTL is 30 hops.

[root@localhost] # traceroute-m 10 www.baidu.com traceroute to www.baidu.com (61.135.169.105), 10 hops max 40 byte packets 192.168.74.2 (192.168.74.2) 1.534 ms 1.775 ms 1.961 ms 211.151.56.1 (211.151.56.1) 0.508 ms 0.514 ms 0.507 ms 211.151.227.206 (211.151.227.206) 0.571 ms 0.558 ms 0.550 ms 210.77.139.145 (210.77.139.145) 0.708 ms 0.729 ms 0.785 ms 202.106.42 .101 (202.106.42.101) 7.978 ms 8.155 ms 8.311 ms bt-228-037.bta.net.cn (202.106.228.37) 772.460 ms bt-228-025.bta.net.cn (202.106.228.25) 2.152 ms 61.148.154.97 (61.148.154.97) 772.107 ms 124.65.58.221 (124.65.58.221) 4.875 ms 61.148.146.29 (61) .148.146.29) 2.124 ms 124.65.58.221 (124.65.58.221) 4.854 ms 123.126.198 (123.126.198) 2.944 ms 61.148.156.6 (61.148.156.6) 3.505 ms 123.126.198 (123.126.198) 2.885 ms * * [root@localhost ~] #

As you can see, the maximum hop count should be 10 hops.

③ does not parse DNS per hop and does not display hostname:-n

Traceroute-n www.baidu.com

[root@localhost] # traceroute-n www.baidu.com traceroute to www.baidu.com (61.135.169.125), 30 hops max 40 byte packets 211.151.74.2 5.430 ms 5.636 ms 5.802 ms 211.151.56.57 0.627 ms 0.625 ms 0.617 ms 211.151.227.206 0.575 ms 0.584 ms 0.576 ms 210.77.139.145 0.703 ms 0.754 ms 0.806 ms 202.106.42.101 23.683 ms 23.869 ms 23.998 ms 202.106.228.37 247.101 ms * * 61.148.146.29 5.256 ms 124.65.58.213 4.386 ms 4.373 ms 202.106.35.190 1.610 ms 61.148.156.138 1.786 ms 61.148.3.34 2.089 ms * * [root@localhost ~] #

You can see that the relevant hostname has been removed.

④ sets the port number of UDP to 6666

Traceroute-p6666www.baidu.com

[root@localhost] # traceroute-p 6888 www.baidu.com traceroute to www.baidu.com (220.181.111.147), 30 hops max 40 byte packets 211.151.74.2 (211.151.74.2) 4.927 ms 5.121 ms 5.298 ms 211.151.56.1 (211.151.56.1) 0.500 ms 0.499 ms 0.509 ms 211.151.224.90 (211.151.224.90) 0.637 ms 0.631 ms 0.641 ms * 220.181.70.98 (220.181.70.98) 5.050 ms 5.313 ms 5. 596 ms 220.181.17.94 (220.181.17.94) 1.665 ms! X * * [root@localhost] #

As you can see, the message arrives at the destination, but it shows! X, which means "management forbids communication", corresponding to the message of ICMP type=3,code=13. In addition, there are the following signs:

! h,! n,! P: unreachable for host, network, and protocol, respectively

! s: source Route suppression (source route failed)

! F: sharding is required but not sharded (fragmentation needed)

! v: violation of host priority (host precedence violation)

! C: priority termination takes effect (precedence cutoff in effect)

!\: ICMP unreachable code (ICMP unreachable code\)

⑤ sets the number of probe packets:-Q

Traceroute-q4www.baidu.com

[root@localhost] # traceroute-Q 4 www.baidu.com traceroute to www.baidu.com (61.135.169.125), 30 hops max 40 byte packets 211.151.74.2 (211.151.74.2) 40.633 ms 40.819 ms 41.004 ms 41.188 ms 211.151.56.57 (211.151.56.57) 0.637 ms 0.633 ms 0.627 ms 0.619 ms 211.151.227.206 (211.151.227.206) 0.505 ms 0.580 ms 0.571 ms 0.569 ms 210.77.139.145 (210.77.139.145) 0.753 ms 0 .800 ms 0.853 ms 0.904 ms 202.106.42.101 (202.106.42.101) 7.449 ms 7.543 ms 7.738 ms 7.893 ms 61.148.154.97 (61.148.154.97) 316.817 ms bt-228-025.bta.net.cn (202.106.228.25) 3.695 ms 3.672 ms * 124.65.58.213 (124.65.58.213) 3.056 ms 2.993 ms 2.960 Ms 61.148.146.29 (61.148.146.29) 2.837 ms 61.148.3.34 (61.148.3.34) 2.179 ms 2.295 ms 2.442 ms 202.106.35.190 (202.106.35.190) 7.136 ms * * [root@localhost] #

As you can see, each hop probe outputs four delay values.

⑥ sets the waiting response time for probe packets:-w

Traceroute-w3www.baidu.com

[root@localhost] # traceroute-w 3 www.baidu.com traceroute to www.baidu.com (61.135.169.105), 30 hops max 40 byte packets 211.151.74.2 (211.151.74.2) 2.306 ms 2.469 ms 2.650 ms 211.151.56.1 (211.151.56.1) 0.621 ms 0.613 ms 0.603 ms 211.151.227.206 (211.151.227.206) 0.557 ms 0.560 ms 0.552 ms 210.77.139.145 (210.77.139.145) 0.708 ms 0.761 ms 0.817 ms 202.106.42 .101 (202.106.42.101) 7.520 ms 7.774 ms 7.902 ms bt-228-025.bta.net.cn (202.106.228.25) 2.890 ms 2.369 ms 61.148.154.97 (61.148.154.97) 471.961 ms 124.65.58.221 (124.65.58.221) 4.490 ms 4.483 ms 4.472 ms 123.126.198 (123.126.198) 2.948 ms 61 .148.156.6 (61.148.156.6) 7.688 ms 7.756 ms * * [root@localhost] #

⑦ bypasses the intermediate route probe and delivers the packet directly to the destination

Traceroute-r www.baidu.com

[root@localhost] # traceroute-r www.baidu.com traceroute to www.baidu.com (61.135.169.125), 30 hops max, 40 byte packets Network is unreachable [root@localhost] #

As you can see, it directly shows that the network is unreachable.

⑧ probe path MTU

Traceroute--mtu www.baidu.com

Root@pclcache:~# traceroute-mtu www.baidu.com traceroute to www.baidu.com (14.215.177.39), 30 hops max, 65000 byte packets 1 192.168.109.1 (192.168.109.1) 3.063 ms Fang 1500 2.908 ms * 2 192.168.98.36 (192.168.98.36) 1.686 ms 1.422 ms * 3 113.98.59.57 (113.98.59.57) 7.075 ms 7.544 ms 5.851 ms

As you can see, MTU Flying 1500 has been detected.

The above is all the content of this article "what is the use of traceroute in linux?" Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.