Tags

, , ,

Traceroute is a very cool command, it shows you the path the packet will take to the destination and all the hops in the path.

Although, it gives you these useful details, personally I don’t rely much on it, it can be considered as a very good tool for troubleshooting but going back to my CCNP TSHOOT exam and to some real life experiences, the traceroute command can trick you sometimes. So, the main tool remain the famous “PING”.

But this article is about Traceroute, so I will describe below the Traceroute process:

Imagine these guys connected to one another, let’s just simply assume that there is one path to R4 from R1 as below:

20170616_120813

R1 – R2 – R3 – R4

R1 does the traceroute to R4:

R1#debug ip icmp
ICMP packet debugging is on
R1#traceroute 30.3.4.4

Type escape sequence to abort.
Tracing the route to 30.3.4.4

1 10.1.2.2 44 msec 24 msec 28 msec
2 20.2.3.3 32 msec 56 msec 92 msec
3 30.3.4.4 72 msec 92 msec 76 msec
R1#
*Jun 16 11:56:59.323: ICMP: time exceeded rcvd from 10.1.2.2
*Jun 16 11:56:59.351: ICMP: time exceeded rcvd from 10.1.2.2
*Jun 16 11:56:59.383: ICMP: time exceeded rcvd from 10.1.2.2
*Jun 16 11:56:59.419: ICMP: time exceeded rcvd from 20.2.3.3
*Jun 16 11:56:59.479: ICMP: time exceeded rcvd from 20.2.3.3
*Jun 16 11:56:59.575: ICMP: time exceeded rcvd from 20.2.3.3
*Jun 16 11:56:59.651: ICMP: dst (10.1.2.1) port unreachable rcv from 30.3.4.4
*Jun 16 11:56:59.747: ICMP: dst (10.1.2.1) port unreachable rcv from 30.3.4.4
*Jun 16 11:56:59.831: ICMP: dst (10.1.2.1) port unreachable rcv from 30.3.4.4

So, what’s happening here:

R1 sends 3 User Datagram Protocol messages with a TTL of 1 to R4’s IP 30.3.4.4 and with a fake destination port.

When R2 gets these UDP packets, it decrements the TTL, drops the packets, and sends back to R1 straight away an ICMP Type 11 – Code 0, which means Time Exceeded Message (TEM). In other words R2 is telling to R1, you know what, your UDP packets died, they were too old.

R1 gets the responses and send again 3 UDP packets with a TTL of 2 this time.

R3 ¬†responses are the same as R2’s, it sends back to R1 a Time Exceeded Message.

R1 receives the responses from R3 and sends again 3 UDP packets, now with a TTL of 3.

R4 receives the packets, and sends back to R1 and ICMP Type 3 – Code 3, which means Destination Unreachable – Port Unreachable.

Advertisements