For a Microsoft Windows 2000 version of this article, see 162326. This article describes TRACERT (Trace Route), a command-line utility that you can use to trace the path that an Internet Protocol (IP) packet takes to its destination. This article discusses the following topics: How to Use the TRACERT Utility How to Use TRACERT to Troubleshoot How to Use TRACERT Options The TRACERT diagnostic utility determines the route to a destination by sending Internet Control Message Protocol (ICMP) echo packets to the destination. In these packets, TRACERT uses varying IP Time-To-Live (TTL) values. Because each router along
the path is required to decrement the packet's TTL by at least 1 before forwarding the packet, the TTL is effectively a hop counter. When the TTL on a packet reaches zero (0), the router sends an ICMP "Time Exceeded" message back to the source computer. TRACERT sends the first echo packet with a TTL of 1 and increments the TTL by 1 on each subsequent transmission, until the destination responds or until the maximum TTL is reached. The ICMP "Time Exceeded" messages that intermediate routers
send back show the route. Note however that some routers silently drop packets that have expired TTLs, and these packets are invisible to TRACERT. TRACERT prints out an ordered list of the intermediate routers that return ICMP "Time Exceeded" messages. Using the -d option with the tracert command instructs TRACERT not to perform a DNS lookup on each IP address, so that TRACERT reports the IP address of the near-side interface of the routers. In the following example of the tracert
command and its output, the packet travels through two routers (157.54.48.1 and 11.1.0.67) to get to host 11.1.0.1. In this example, the default gateway is 157.54.48.1 and the IP address of the router on the 11.1.0.0 network is at 11.1.0.67. The command: C:\>tracert 11.1.0.1 Tracing route to 11.1.0.1 over a maximum of 30 hops Trace complete. How to Use TRACERT to TroubleshootYou can use TRACERT to find out where a packet stopped on the network. In the following example, the default gateway has found that there is no valid path for the host on 22.110.0.1. Probably, either the router has a configuration problem, or the 22.110.0.0 network does not exist, reflecting a bad IP address. The command: C:\>tracert 22.110.0.1 Tracing route to 22.110.0.1 over a maximum of 30 hops Trace complete. How to Use TRACERT OptionsThere are several command-line options that you can use with TRACERT, although the options are not usually necessary for standard troubleshooting. The following example of command syntax shows all of the possible options: tracert -d -h maximum_hops -j host-list -w timeout target_hostWhat the parameters do: -d -h maximum_hops -j host-list -w timeout target_host Need more help?Internet Control Message Protocol
The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached.[2] ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute). ICMP for IPv4 is defined in RFC 792. A separate ICMPv6, defined by RFC 4443, is used with IPv6. Technical details[edit]ICMP is part of the Internet protocol suite as defined in RFC 792. ICMP messages are typically used for diagnostic or control purposes or generated in response to errors in IP operations (as specified in RFC 1122). ICMP errors are directed to the source IP address of the originating packet.[2] For example, every device (such as an intermediate router) forwarding an IP datagram first decrements the time to live (TTL) field in the IP header by one. If the resulting TTL is 0, the packet is discarded and an ICMP time exceeded in transit message is sent to the datagram's source address. Many commonly used network utilities are based on ICMP messages. The traceroute command can be implemented by transmitting IP datagrams with specially set IP TTL header fields, and looking for ICMP time exceeded in transit and Destination unreachable messages generated in response. The related ping utility is implemented using the ICMP echo request and echo reply messages. ICMP uses the basic support of IP as if it were a higher-level protocol, however, ICMP is actually an integral part of IP. Although ICMP messages are contained within standard IP packets, ICMP messages are usually processed as a special case, distinguished from normal IP processing. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application responsible for transmitting the IP packet that prompted the ICMP message to be sent. ICMP is a network-layer protocol. There is no TCP or UDP port number associated with ICMP packets as these numbers are associated with the transport layer above.[3] Datagram structure[edit]The ICMP packet is encapsulated in an IPv4 packet.[2] The packet consists of header and data sections. [edit]The ICMP header starts after the IPv4 header and is identified by IP protocol number '1'.[4] All ICMP packets have an 8-byte header and variable-sized data section. The first 4 bytes of the header have fixed format, while the last 4 bytes depend on the type/code of that ICMP packet.[2] ICMP header format
Data[edit]ICMP error messages contain a data section that includes a copy of the entire IPv4 header, plus at least the first eight bytes of data from the IPv4 packet that caused the error message. The length of ICMP error messages should not exceed 576 bytes.[5] This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first eight bytes of the original datagram's data.[6] The variable size of the ICMP packet data section has been exploited. In the "Ping of death", large or fragmented ICMP packets are used for denial-of-service attacks. ICMP data can also be used to create covert channels for communication. These channels are known as ICMP tunnels. Control messages[edit]Control messages are identified by the value in the type field. The code field gives additional context information for the message. Some control messages have been deprecated since the protocol was first introduced. Notable control messages[7][8]
Source quench[edit]Source Quench requests that the sender decrease the rate of messages sent to a router or host. This message may be generated if a router or host does not have sufficient buffer space to process the request, or may occur if the router or host buffer is approaching its limit. Data is sent at a very high speed from a host or from several hosts at the same time to a particular router on a network. Although a router has buffering capabilities, the buffering is limited to within a specified range. The router cannot queue any more data than the capacity of the limited buffering space. Thus if the queue gets filled up, incoming data is discarded until the queue is no longer full. But as no acknowledgement mechanism is present in the network layer, the client does not know whether the data has reached the destination successfully. Hence some remedial measures should be taken by the network layer to avoid these kind of situations. These measures are referred to as source quench. In a source quench mechanism, the router sees that the incoming data rate is much faster than the outgoing data rate, and sends an ICMP message to the clients, informing them that they should slow down their data transfer speeds or wait for a certain amount of time before attempting to send more data. When a client receives this message, it will automatically slow down the outgoing data rate or wait for a sufficient amount of time, which enables the router to empty the queue. Thus the source quench ICMP message acts as flow control in the network layer. Since research suggested that "ICMP Source Quench [was] an ineffective (and unfair) antidote for congestion",[10] routers' creation of source quench messages was deprecated in 1995 by RFC 1812. Furthermore, forwarding of and any kind of reaction to (flow control actions) source quench messages was deprecated from 2012 by RFC 6633. Source quench message[6]: 9
Where: Type must be set to 4Code must be set to 0IP header and additional data is used by the sender to match the reply with the associated requestRedirect[edit]An example of how an ICMPv4 redirect message works Redirect requests data packets be sent on an alternative route. ICMP Redirect is a mechanism for routers to convey routing information to hosts. The message informs a host to update its routing information (to send packets on an alternative route). If a host tries to send data through a router (R1) and R1 sends the data on another router (R2) and a direct path from the host to R2 is available (that is, the host and R2 are on the same subnetwork), then R1 will send a redirect message to inform the host that the best route for the destination is via R2. The host should then change its route information and send packets for that destination directly to R2. The router will still send the original datagram to the intended destination.[11] However, if the datagram contains routing information, this message will not be sent even if a better route is available. RFC 1122 states that redirects should only be sent by gateways and should not be sent by Internet hosts. Redirect message[6]: 11
Where: Type must be set to 5.Code specifies the reason for the redirection, and may be one of the following:
Time exceeded[edit]Time Exceeded is generated by a gateway to inform the source of a discarded datagram due to the time to live field reaching zero. A time exceeded message may also be sent by a host if it fails to reassemble a fragmented datagram within its time limit. Time exceeded messages are used by the traceroute utility to identify gateways on the path between two hosts. Time exceeded message[6]: 5
Where: Type must be set to 11Code specifies the reason for the time exceeded message, include the following:
Timestamp[edit]Timestamp is used for time synchronization. The originating timestamp is set to the time (in milliseconds since midnight) the sender last touched the packet. The receive and transmit timestamps are not used.
Where: Type must be set to 13Code must be set to 0Identifier and Sequence Number can be used by the client to match the timestamp reply with the timestamp request.Originate timestamp is the number of milliseconds since midnight Universal Time (UT). If a UT reference is not available the most-significant bit can be set to indicate a non-standard time value.Timestamp reply[edit]Timestamp Reply replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp indicating when the Timestamp was received and a transmit timestamp indicating when the Timestamp reply was sent. Timestamp reply message[6]: 15
Where: Type must be set to 14Code must be set to 0Identifier and Sequence number can be used by the client to match the reply with the request that caused the reply.Originate timestamp is the time the sender last touched the message before sending it.Receive timestamp is the time the echoer first touched it on receipt.Transmit timestamp is the time the echoer last touched the message on sending it.All timestamps are in units of milliseconds since midnight UT. If the time is not available in milliseconds or cannot be provided with respect to midnight UT then any time can be inserted in a timestamp provided the high order bit of the timestamp is also set to indicate this non-standard value.The use of Timestamp and Timestamp Reply messages to synchronize the clocks of Internet nodes has largely been replaced by the UDP-based Network Time Protocol and the Precision Time Protocol.[12] Address mask request[edit]Address mask request is normally sent by a host to a router in order to obtain an appropriate subnet mask. Recipients should reply to this message with an Address mask reply message. Address mask request
Where: Type must be set to 17Code must be set to 0Address mask can be set to 0ICMP Address Mask Request may be used as a part of reconnaissance attack to gather information on the target network, therefore ICMP Address Mask Reply is disabled by default on Cisco IOS.[13] Address mask reply[edit]Address mask reply is used to reply to an address mask request message with an appropriate subnet mask. Address mask reply
Where: Type must be set to 18Code must be set to 0Address mask should be set to the subnet maskDestination unreachable[edit]Destination unreachable is generated by the host or its inbound gateway[6] to inform the client that the destination is unreachable for some reason. Reasons for this message may include: the physical connection to the host does not exist (distance is infinite); the indicated protocol or port is not active; the data must be fragmented but the 'don't fragment' flag is on. Unreachable TCP ports notably respond with TCP RST rather than a destination unreachable type 3 as might be expected. Destination unreachable is never reported for IP multicast transmissions. Destination unreachable message[6]: 3
Where: Type field (bits 0–7) must be set to 3Code field (bits 8–15) is used to specify the type of error, and can be any of the following:
See also[edit]
References[edit]
Sources[edit]RFCs[edit]
External links[edit]
How does traceroute command work?Traceroute ensures each hop on the way to a destination device drops a packet and sends back an ICMP error message. This means traceroute can measure the duration of time between when the data is sent and when the ICMP message is received back for each hop—giving you the RTT value for each hop.
Which command would a technician use to diagnose DNS problems on a Windows computer?Nslookup is integral to various software solutions, including SolarWinds Remote Monitoring and Management, and you can use nslookup DNS troubleshooting commands to determine specific internal or external issues. Nslookup was one of the original DNS diagnostics.
Which software tool is used to trace all of the routers between two points?Traceroute – The traceroute command is used to determine the path between two connections. Often a connection to another device will have to go through multiple routers. The traceroute command will return the names or IP addresses of all the routers between two devices.
What two types of ICMP messages are received at the sending host executing the traceroute program?What two types of ICMP messages are received at the sending host executing the Traceroute program? ICMP warning message (type 11 code 0) and a destination port unreachable ICMP message (type 3 code 3).
|