Traceroute/Tracert/ TTL-All you need to know
NOTE:-
+It sends TTL=1 for first, then ttl=2 and so on
Traceroute sends out three packets per TTL increment.
+that is the reason we have 3 coulmns is beause it sends 3 icmp requests and gets 3 icmp ttl exceeded.
(round-trip-time).
=================================================================
Tracert>>PC:>ICMP
TYPE 8CODE0 ICMP Echo Request messages------------->
<--------------------ICMP TTL exceeded TYPE 11 CODE0
.
<--------------------ICMP TTL exceeded TYPE 11 CODE0
.
.
<-------------------ICMP echo reply-----------TYPE 0 CODE0
finally ICMP echo reply from 8.8.8.8
============================================
Traceroute>>Linux>UDP
finally ICMP echo reply from 8.8.8.8
============================================
Traceroute>>Linux>UDP
UDP request---------------->
<--------------------ICMP TTL exceeded TYPE 11 CODE0
.
finally destination unreachable(port unreachable)
this is bound to happen because we are always sending a random UDP port between 33434 to 33534.
============================================
<--------------------ICMP TTL exceeded TYPE 11 CODE0
.
.
<-------------------ICMP destination unreachable(port unreachable) TYPE 3 CODE 3-----------finally destination unreachable(port unreachable)
this is bound to happen because we are always sending a random UDP port between 33434 to 33534.
============================================
traceroute>>TCP
tcptraceroute api.opendns.com 443
SYN/ACK port=80------------------------>
<--------------------ICMP TTL exceeded TYPE 11 CODE0
finally >>
>>RST packet from destination if port is blocked
>>SYN/ACK packet from destination if port is open, then we(PC) sends RST packet.
========================================================
TTL:-
The TTL can be used to determine approximately how many router hops the packet has gone through. If the TTL field varies in successive pings, it could indicate that the successive reply packets are going via different routes,
C:\Users\rajiv>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=143ms TTL=128
Reply from 192.168.1.1: bytes=32 time=150ms TTL=128
Reply from 192.168.1.1: bytes=32 time=70ms TTL=128
Reply from 192.168.1.1: bytes=32 time=1ms TTL=128
What information can be learnt from the outputs above?
--in the case of ping a TTL of 255). As the packet traverses the network, the TTL field gets decreased by one by each router it goes through; when the TTL drops to 0, the packet is discarded by the router.
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=143ms TTL=128
Reply from 192.168.1.1: bytes=32 time=150ms TTL=128
Reply from 192.168.1.1: bytes=32 time=70ms TTL=128
Reply from 192.168.1.1: bytes=32 time=1ms TTL=128
What information can be learnt from the outputs above?
--in the case of ping a TTL of 255). As the packet traverses the network, the TTL field gets decreased by one by each router it goes through; when the TTL drops to 0, the packet is discarded by the router.
--TTL=128==>TTL=255-128= 127 it means that it went through 127 hops.
- Is the remote host alive? => Host reachability
- Is the network speed good? => Network congestion
- Is the remote host far? => Travel length
===========================================
0 Response to "Traceroute/Tracert/ TTL-All you need to know"
Post a Comment