Difference between revisions of "Traceroute"

From Noah.org
Jump to navigationJump to search
 
Line 1: Line 1:
 
[[category:Engineering]]
 
[[category:Engineering]]
 
[[category:Networking]]
 
[[category:Networking]]
 +
 +
Most most purposes I prefer to use `mtr` below. Just remember that `mtr` uses ICMP ECHO packets and these are often sent back by firewalls and load balancers. Also some firewalls will trigger automatic bans based on excessive ping packets, so you might end up locking yourself out of a system.
  
 
== traceroute ==
 
== traceroute ==

Latest revision as of 17:13, 19 November 2008


Most most purposes I prefer to use `mtr` below. Just remember that `mtr` uses ICMP ECHO packets and these are often sent back by firewalls and load balancers. Also some firewalls will trigger automatic bans based on excessive ping packets, so you might end up locking yourself out of a system.

traceroute

By default traceroute sends UDP packets on ports 33434 to 33534. If a firewall blocks these packets then you will not get to your destination. You can use the -I option to specify ICMP ECHO packets instead of UDP datagrams. This can be misleading because sometimes a firewall or a load balancer will respond to ICMP ECHO packets on behalf of the destination.

tracepath

This command may be more commonly installed by default on Linux systems whereas the `traceroute` command is often optional. Tracepath is similar to traceroute, but does not require special privileges. It may be executed by anyone who has access to the network. Tracepath does not have as many options as `traceroute`.

mtr

This is like `traceroute` and `ping` combined. It uses ICMP ECHO packets. It constantly updates the display showing % packet loss and response time from each hop. Because mtr uses ICMP ECHO packets it may be misleading because sometimes a firewall or load balancer will respond to ICMP ECHO packets on behalf of the destination.

tcptraceroute

This is similar to traceroute, but uses TCP SYN packets on a given port. Normally you tell it to use a port that you expect to be open on a firewall. By default tcptraceroute sends packets on port 80. For example the following traces the route of TCP SYN packets on port 25 (SMTP).

tcptraceroute server.example.com 25

If the last hop shows the message [closed] then it means that the destination machine responded, but is not listening on that port. If the last hop shows the message [open] then it means that the destination machine responded and is listening on that port. Both responses are good in the sense that they mean the machine is reachable and it tells you something about what is going on. If you see a lot of attempts with "* * *" as the result with the final message of "Destination not reached" then it means that your packets most likely did not reach the machine on the given port. That's generally bad. It may mean the machine is not connected to the network; the packets on that port are being discarded by a firewall; or the packets are simply lost.