Shulou(Shulou.com)06/01 Report--

This article mainly introduces "the usage of Linux basic command traceroute". In daily operation, I believe many people have doubts about the usage of Linux basic command traceroute. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "the usage of Linux basic command traceroute"! Next, please follow the editor to study!

Traceroute

The traceroute instruction outputs to the routing packet of the target host. Traceroute tracks routing packets from the IP network to a given host. It utilizes the time-to-live (TTL) field of the IP protocol and attempts to trigger an ICMP TIME_SUBERS response from each gateway on the path to the host.

Traceroute6 is equivalent to "traceroute-6"

The only parameter required is the name or IP address of the target host. The total size of probe packets (60 bytes by default for IPv 4 and 80 bytes for IPv 6) is an optional parameter. In some cases, you can ignore the specified size or increase it to a minimum.

The program attempts to trace the route that IP packets will follow to some Internet hosts by starting the probe packet with a small ttl (time of life) and then listening for ICMP "time out" replies from the gateway. We start with 1 and then add 1 until we get an ICMP "port unreachable" (or TCP reset), which means we have reached the "host" or reached the maximum value (the default is 30 hops). Send three probes at each ttl setting (by default) and print a line showing the ttl, gateway address, and round-trip time for each probe. When requested, additional information can be added after the address. If the probe answer comes from a different gateway, the address of each response system is printed. If there is no response within 5.0 seconds (the default), a "*" (asterisk) is printed for the probe.

When the tracking is over, you can print some additional comments:! H 、! N or! P (host, network, or protocol is unreachable),! S (source route failed),! F (required fragmentation),! X (communication is prohibited in management),! V (host priority conflict),! C (valid priority cut-off), or! (ICMP unreachable code). If almost all detectors cause some kind of unreachable situation, Traceroute will give up and quit.

We don't want the target host to process UDP probe packets, so the target port is set to an unlikely value (you can change it with the-p flag). There is no such problem with ICMP or TCP tracing (for TCP, we use semi-open technology to prevent applications on the target host from seeing our probes).

In the modern network environment, due to the wide application of firewalls, the traditional traceroute method is not always applicable. Such firewalls filter "unlikely" UDP ports, or even ICMP echoes. In order to solve this problem, some additional tracking methods are implemented.

The scope of this command: RedHat, RHEL, Ubuntu, CentOS, SUSE, openSUSE, Fedora.

2. Grammar

Traceroute [- 46dFITUnreAV] [- f first_ttl] [- g gate, …] [- I device] [- m max_ttl] [- p port] [- s src_addr]

[- Q nqueries] [- N squeries] [- t tos] [- l flow_label] [- w waittime] [- z sendwait]

[- UL] [- P proto] [--sport=port] [- M method] [- O mod_options] [--mtu] [--back] host [packet_len]

2. List of options

Option

Description

-- help

Display help information

-V |-- version

Display version information

-4 |-6

Explicitly forces IPv4 or IPv6 tracing. By default, the program attempts to resolve the given name and automatically selects the appropriate protocol. If you resolve the hostname and return both ipv4 and ipv6 addresses, traceroute uses ipv4.

-I

Use ICMP for route detection

-T

Route detection using SYN of TCP protocol

-d

Is able to socket debugging function

-f first_ttl

Specifies the TTL of the first packet. The default is 1.

-F

Do not use fragments

-g gateway

Tell Traceroute to add the IP source routing option to the outgoing packet, which informs the network to route the packet through the specified gateway (most routers disable source routing for security reasons). Typically, multiple gateways are allowed (separated by commas). For IPv 6 numthmum addr. Allowed, where num is the route header type (default is type 2). Note that type 0 route headers are no longer recommended (Rfc 5095)

-I interface

Specify network interfac

-m max_ttl

Specify maximum ttl. Default is 30.

-N squeries

Specifies the number of probe packets sent at the same time. Sending several probes at the same time can greatly accelerate the tracer speed. The default value is 16.

-n

Use ip addresses instead of hostname

-p port

Specify UDP port

-t tos

For IPv 4, set the service type (TOS) and priority value. Useful values are 16 (low latency) and 8 (high throughput). Note that in order to use some TOS priority values, you must be a superuser. For IPv 6, set the flow control value.

-w waittime

Specify the time to wait for an answer. Default is 5s.

-Q nqueries

Sets the number of probe packets per hop. The default is 3

-r

Ignore the normal routing table

S

Specify the ip address where the packet is sent

-z

The minimum time interval between probes (default is 0). If the value is greater than 10, it specifies a number in milliseconds, otherwise the number of seconds (floating-point values are also allowed). It is useful when some routers use rate limiting for icmp messages.

-e

Displays the ICMP extension (Rfc 4884). The general form is class / type: followed by a hexadecimal dump. MPLS (Rfc 4950) shows "MPLS:L=label,E=exp_use,S=stack_bottom,T=TTL" in one form.

A

Perform a path lookup in the routing registry and print the results directly after the corresponding address.

Advanced option

-- sport=port

Select the source port to use

-M method

Uses the specified method for the traceroute operation. The default traditional UDP methods have the names Default,ICMP (- I) and TCP (- T) with ICMP and TCP, respectively. Method-specific options can be passed through-O.

-O option

Specify some method-specific options. Several options are separated by commas (or use multiple-Os on cmdline). Each method may have its own specific options, or many methods may not have them at all

-U

Use UDP to track specific target ports (instead of increasing the port for each probe). The default port is 53 (DNS)

-UL

Use UDPLITE tracking

-P protocol

Trace using the original packet of the specified protocol. Default protocol is 253 (Rfc 3692).

-- mtu

Find MTU along the path being tracked

-- back

When the hop count is printed, it seems to be different from the forward direction. This number is guessed under the assumption that the initial ttl for remote hop delivery is set to 64,128or 255 (which seems to be a common practice). It prints as a negative value in the form of "- NUM".

3. Available methods method

In general, specific traceroute methods may have to be selected by the-M name, but most methods have their simple command-line switches (if they exist, you can see them after the method name).

Method

Description

Default

Traditional, ancient tracking methods. Used by default.

Probe packets are UDP datagrams with so-called "impossible" target ports. The "impossible" port of the first probe is 33434, and then one port is added to each of the next probes. Because the expected port is not in use, the target host usually returns "ICMP inaccessible port" as the final response. However, no one knows what happens when some applications listen on such ports.

This method can be used by ordinary users.

Icmp-I

At present, the most commonly used method is to use ICMP echo packets as probes. If you can ping (8) the target host, icmp tracking also applies.

Tcp-T

Well-known modern methods are designed to bypass firewalls. Use the constant target port (default is 80 minutes http).

If there are some filters in the network path, it is likely that any "unlikely" UDP port (for the default method) or even ICMP echo (for ICMP) will be filtered, and the entire trace will only stop at such a firewall. To bypass the network filter, we must use only the allowed protocol / port combination. If we track some, say, mail servers, then it's more likely that "- T-p 25" can reach it, even if-I can't.

This approach uses the well-known "semi-open technology" to prevent applications on the target host from seeing our probes. Typically, a TCP syn is sent. For ports that are not listening, we receive a TCP reset and everything is done. For the active listening port, we receive the TCP syn ack but reply through the TCP reset (rather than the expected TCP ack), so that the remote TCP session is deleted even if the application never notices.

This method has the following options. The default is syn and sysctl.

Syn,ack,fin,rst,psh,urg,ece,cwr, in any combination, sets the specified tcp flag for the probe packet.

Flags=num, set the flag field in the TCP header to num.

Ecn, sending syn packets with TCP flags ECA and CWR (for explicit congestion notification, rfc 3168)

Sack,timestamps,window_scaling, using the corresponding tcp header option in the outgoing probe packet.

Sysctl, use the current sysctl ("/ proc/sys/net/*") setting for the TCP header options and ecn above. Always set by default, if there is no other specified

Mss=num, using the numm value for the maxseg tcp header option (when syn)

Tcpconn

The initial implementation of the TCP method, which simply uses the CONNECT (2) call to complete the full opening of the TCP session

Udp-U

Use a UDP Datagram with a constant target port (default is 53 _ divine DNS). Is also going to bypass the firewall.

Note that unlike the TCP method, the corresponding applications on the target host always receive our probes (with random data), and most of them are easily confused by them. However, in most cases, it does not respond to our packets, so we will never see the last hop in the trace. Fortunately, it seems that at least the DNS server will reply in an angry way.

This method does not require privileges.

Udplite-UL

Use a udplite Datagram (with a fixed target port, default to 53) for the probe, which does not require privileges. Options:

Coverage=num, sets the udplite range num.

Raw-P proto

Sends the original protocol packet. Options:

Protocol=proto, using IP protocol Proto (default 253)

4. Description

In order to speed up work, several detectors are usually sent at the same time. On the other hand, it creates a "package storm", especially in the direction of recovery. Routers can throttle the rate of ICMP responses, and some responses may be lost. To avoid this, reduce the number of synchronous probes and even set it to 1 (similar to the original traceroute implementation), that is,-N1.

Eventually, the host can discard some simultaneous probes and may even answer only the latest probes. It can cause extra "looks like expired" hops approaching the last jump. We use intelligent algorithms to automatically detect this situation, but if it doesn't help in your case, just use-N1.

For better stability, you can use the-z option to slow down the program, for example, using "- z 0.5" to pause for half a second between probes.

If some hops don't report anything for each method, the last chance to get some information is to use the "ping-R" command (ipv4, and only for the last 8 hops).

5. Examples

Trace routing information to baidu

[root@localhost ~] # ping www.baidu.com-c 1 / / ping destination, get the ip address

PING www.a.shifen.com (111.13.100.91) 56 (84) bytes of data.

[root@localhost ~] # traceroute-n www.baidu.com / / trace route

Traceroute to www.baidu.com (111.13.100.92), 30 hops max, 60 byte packets

1 192.168.1.1 4.124 ms 3.936 ms 3.882 ms

2 10.46.80.1 8.917 ms 9.238 ms 9.233 ms

3 183.203.226.201 12.855 ms 12.788 ms 12.802 ms

4 221.180.30.197 12.792 ms 221.180.30.45 12.776 ms 12.762 ms

5 221.183.47.225 13.526 ms 13.363 ms 13.259 ms

6 221.183.37.249 26.798 ms 23.556 ms 26.832 ms

7 *

8 111.13.98.101 20.569 ms 20.460 ms 111.13.98.93 24.463 ms

9 111.13.98.93 27.215 ms 111.13.98.101 20.895 ms 111.13.112.53 26.946 ms

10 111.13.108.5 24.136 ms 111.13.112.57 23.754 ms 111.13.112.61 23.712 ms

At this point, the study of "the usage of the Linux basic command traceroute" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.