Beruflich Dokumente
Kultur Dokumente
B1tmaps
doubts regarding traceroute command Jun 30, 2014 7:27 AM
Hi Friends,
1) I was thinking how does traceroute or even tracert(in Windows) finds the remaining hops when it is getting
"***** Request Time out" in the reply messages ?
For example a sample below -
PC>tracert 192.168.4.10
Tracing route to 192.168.4.10 over a maximum of 30 hops:
1 103 ms 45 ms 91 ms 192.168.1.1
2 56 ms 110 ms 125 ms 64.100.1.101
3 174 ms 195 ms 134 ms 64.100.1.6
4 246 ms 183 ms 179 ms 64.100.1.34
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 217 ms 285 ms 226 ms 64.100.1.62
9 246 ms 276 ms 245 ms 64.100.1.154
My question was how does tracert/traceroute identify the remaining hops even when some routers deny to
reply to tracert/traceroute messages? Even after getting "Request Timeout" how does the tracert identify the
remaining hops?
2)My 2nd query was does hops in tracert or traceroute mean only "Routers" or it includes "Host PCs' as well?
3) I have windows 7 OS but when I ping from command line it shows different TTL values for different ip
addresses! Why is that? For eg - a)For 127.0.0.1 TTL=128 b)For 192.168.1.1 TTL=64 c)For 172.14.102.1
TTL=63 Why are different TTL values for different ip addresses??
4)Also in Cisco Net Simulator I found a access-list practical mentioning that Traceroute uses UDP packets but I
found on net that different types of Traceroute programs
are there and there can be
UDP Traceroute
ICMP traceroute
TCP Traceroute
Then Cisco Simulator is wrong and ther can be diff types of traceroute or Tracert? Also how can this be
possible to use udp at sometime and tcp at sometimes?
I am really confused!!
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
1
doubts regarding traceroute command
2) The hops usually represents routers, firewalls and switches, is not usually a PC because the PC most of the
times is the end device (last IP)
4) Traceroute usually uses UDP, the other mechanisms you found are different flavors of the same thing. Right
now I cannot think of any good example.
Stick with the idea that in general it uses UDP
Rolando Valenzuela.
On point 4.
1. ICMP request packet generated by R1. The initial TTL(Time to live) value in the IP header is set to 1.
2. The first router (R2) on route to the destination receives this packet. But, it will drop it as the TTL value is
decremented to "0". So, R1, sends a ICMP time exceeded message back to the client.
3. The source (R1) receives this, and now knows about the details about the first router (R2) on the path to the
destination.
4. Now, the source (R1) wil increment it TTL value to "2" this time. So, the ICMP request is able to reach the
third router (R3) on the way. The TTL value at R3 is decremented to "0", and a Time exceeded message is
sent back to R1. Now, R1 is aware of R3.
...........this would go on till R4 (destination/target) echo replies back to R1 (source) at a value of TTL set to 3.
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
2
doubts regarding traceroute command
Traceroute serves its purpose by sending an ICMP echo request to the first hop in the path with the TTL value
set to 1.
The first hop drops this packet, because the TTL falls to 0, and it sends a TTL exceeded message back to
the "source"(always the source). The source now learns the first hop device and increments the TTL value to
2 so the packet can move on upto the second hop....and this goes on till the packet reaches the destination
the destination sends an "echo reply" to the source....result? - - -> The source now knows the path/route/hop
information to the destination and can identify them.
So now what if there is an ACL at the destination that denies the ICMP "echo reply" from the destination or the
incoming "echo request"? The source would not be able to trace the path because it would not receive the
ICMP "echo reply" from the destination device.
So UDP traceroute is used.......The source using UDP traceroute sends UDP packet to an "invalid port
number". The source does not expect the end device to recognize this port and expects the end device to
send an ICMP "port unreachable message" back to the source, suggesting it does not recognize the UDP port
number it is supposed to look into........however, the "destination has been contacted" and we have the path all
along the way. Again this is done by incrementing the TTL value till the destination device is reached and can
send an "port unreachable meassage.
https://learningnetwork.cisco.com/thread/71716?tstart=0
I'm making an educated guess here, and would appreciate clarification if I'm wrong, but #5,6,7 in your initial
tracert came back with the result they did because they are set not to respond to pings. So the packet knows
that it is still going forward, because it can get to the destination, but can't show you any detail about those
devices due to security settings. Would appreciate confirmation/denial of this as I'm not 100%.
TIA
Seth
B1tmaps
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
3
doubts regarding traceroute command
Perhaps, as opposed to angrily rejecting the help that we are attempting to offer you, you could assist us by re-
stating your question, as it seems we all misunderstood it?
Not that I have a burning desire to assist somebody who has made it clear that all three of us suffer from "BIG
ZEROS OUT OF 100" in our quest to help you - regardless, we are all on track for the same certifications, and I
still wish to offer my help if it is of use!
As a token of my goodwill - my answer to another of your questions, regarding "would Host PC be considered
a hop as well?" - That depends on the role of Host PC - I assume here that it would not be, as it is the device
at the end of the chain that you are trying to reach. However, if the PC was being used as a router (unlikely of
course but if it has 2 NICs, and PFsense or server 2008 RRAS) it would appear as a hop through there, yes.
HT(try to)H,
Seth
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
4
doubts regarding traceroute command
in response to sarah
Well, at least he began his original post with "Hi friends"...
Navneet.Gaur
Re: doubts regarding traceroute command Jun 30, 2014 7:37 PM
Hi B1tmaps.
1. Regarding Q1.
One
Working path from source to the destination
On that path there are several routers which have a route to the destination
Say, from your PC to Google.com
So, if you send a packet to Google.com, it will be forwarded by each router on that path till the final
destination is reached
Two
Traceroute - a process that "requests" each router, on that path, separately, to reply with icmp time
exceeded packet
On that working path
Till the final destination is reached
The routers that decide to reply, are indicated with their Ip addresses
The routers, that don't, are indicated with * * *
Basically, now a separate set of packets, is sent, for each router on that working path.
The point is, path is still active and working and packets travel to the final destination, transversing each
hop
The hops that do not reply are * * *
But now, a separate set of packet / packets
Is being sent to each router in the path
While earlier they were sent only to the destination
Somewhat related, more details here, just take a look at the diagrams.
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
5
doubts regarding traceroute command
https://learningnetwork.cisco.com/docs/DOC-24244
2. Regarding Q2, that would be any routing device. If a PC is acting as a router, then yes, otherwise no.
http://linux.die.net/man/8/traceroute
So, what you have stated is correct but each is also applicable and true in it's own environment. Basically they
are vendor specific variations.
Take care,
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
6
doubts regarding traceroute command
Navneet.
Navneet.Gaur
Re: doubts regarding traceroute command Jun 30, 2014 9:05 PM
For example a sample below -
PC>tracert 192.168.4.10
Tracing route to 192.168.4.10 over a maximum of 30 hops:
1 103 ms 45 ms 91 ms 192.168.1.1 - First set of packet (s), meant only for this 1st router, and the router
replied.
If the packet was meant for the next router or the destination, which this router knows a path to, it will be
forwarded normally.
2 56 ms 110 ms 125 ms 64.100.1.101 - A different, second set of packet (s), meant for this router, and the
router replied
3 174 ms 195 ms 134 ms 64.100.1.6 - Yet another different, third set of packet (s), meant only for this 3rd
router, and the router replied
5 * * * Request timed out. - This set was meant for this 5th router and it ignored it
Again, if the packet was meant for the next router or the destination, which this router knows a path to, it will be
forwarded normally.
6 * * * Request timed out. - This set was meant for this 6th router and it ignored it as well
7 * * * Request timed out. - This set was meant for this 7th router and it ignored it
8 217 ms 285 ms 226 ms 64.100.1.62 - This set was meant for this 8th router and it decided to reply to it
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
7
doubts regarding traceroute command
Hi Navneet,
Do you mean 38 for public IPs? I see TTL=38 in the "ping google.com" section in your image.
I don't understand you very well on this. On my Windows 7 PC, TTL has all different values when I try to ping
different private IP addresses. So it's not set for Windows?
C:\>ping google.com
C:\>ping yahoo.com
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
8
doubts regarding traceroute command
C:\>ping msn.com
C:\>ping www.cisco.com
C:\>
B1tmaps
Re: doubts regarding traceroute command Jun 30, 2014 11:32 PM
in response to Seth Ainsley CCNAx2
Hi Seth and Sarah,
I am sorry really if you have felt heart by my unkind words. I apologise since you tried to help me after all!
Please dont take it to Heart and do continue your positive contributions.
What I meant is that maybe you didn't understood my query fully.
Navneet somewhat realized what I am trying to ask.
I am again trying tto restate my query for all of you -
Firstly, as you can say my main query and curiosity was related to -
"when some hops have rejected the traceroute packets ,(i know that the TTL value is regenerated by
the source router and value is incremented by 1 for each new hop ) but how does the source router
make the packets pass those routers which dont let the traceroute packet to pass,say, by using some
Access-list or using some Firewall and return a 'Request Time out message'?"
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
9
doubts regarding traceroute command
The above is the path I am doing tracert or traceroute upon . Now say Router C is configured with an
Access-list not to let Traceroute or Tracert or any UDP packets to pass . And similarly Router E is
configured with a Firewall not to allow tracert or any UDP packets.
Then obviously in such case we recieve the "Request Timedout" reply as in a similar example i posted initially
which i restate below-
PC>tracert 192.168.4.10
Tracing route to 192.168.4.10 over a maximum of 30 hops:
1 103 ms 45 ms 91 ms 192.168.1.1
2 56 ms 110 ms 125 ms 64.100.1.101
3 174 ms 195 ms 134 ms 64.100.1.6
4 246 ms 183 ms 179 ms 64.100.1.34
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 217 ms 285 ms 226 ms 64.100.1.62
9 246 ms 276 ms 245 ms 64.100.1.154
Now my question was - How does the ICMP message generated from the with appropriate TTLs pass
through the Router C and Router E when they are each configured with Access-lists or Firewalls??
Navneet.Gaur
Re: doubts regarding traceroute command Jul 1, 2014 12:13 AM
Hi B1tmaps.
1. If the routers are configured to block "all" icmp / udp packets, then you will not get any replies at all.
Update:
The trace will be available up till the point where return packets are allowed. If it is blocked completely, then
there will be no replies from that point onwards.
2. However, in the scenario stated by you, the routers have been configured to block only their local replies and
not all the icmp packets, that is why they are allowing rest to pass, because we are still receiving replies from
other downstream routers.
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
10
doubts regarding traceroute command
3. Please go through the document I have referred to, to get an idea how a router can block only locally
generated icmp time out packets. The configuration is included so you can apply it to any middle router to get
similar results.
Take care,
Navneet.
Navneet.Gaur
Re: doubts regarding traceroute command Jul 1, 2014 12:06 AM
Hi Rick.
2.
C:\>ping yahoo.com
3.
C:\>ping msn.com
4.
C:\>ping www.cisco.com
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
11
doubts regarding traceroute command
Take care,
Navneet.
Navneet.Gaur
Re: doubts regarding traceroute command Jul 1, 2014 12:18 AM
Hi Rick.
1. You can use a utility named "visual route" to get the visual representation of the above as well.
Take care,
Navneet.
R1 - R2 - 10.1.1.0
R3 - R4 - 20.1.1.0
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
12
doubts regarding traceroute command
R2
Extended IP access list 101
10 deny icmp host 192.168.1.2 any time-exceeded (12 matches) ---> will deny time exceeded message
from 192.168.1.2 toward R1(outwards)
20 permit ip any any (9 matches)
R1
R1#traceroute 30.1.1.2
2 * * *
Im blocking a time exceed response from 192.168.1.2. So that response is being filtered and hence
showing as * in the above output.
R1 does not get a time exceeded message from R2, so how does it know to reach R5 on 30.1.1.2?
R1#show ip route
------omitted----------
And..........................
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
13
doubts regarding traceroute command
So your answer will get a BIG ZERO out of 100 points! I am disappointed really by these
type of answers from a Cisco forum.
2ndly,Sarah also repeated what I already know and to much more depth. Again a "0" out
of 100. Because you people didnt even understood my question maybe my English is a
problem for you.
Anyways Bye
Thank You all for trying to help me
ehhhh...I'm not interested in receiving the biscuits you are throwing around. Do what you want to do with them.
Above is prone to slip-ups. So clarifications and verification welcome from "experts only"
Navneet.Gaur
Re: doubts regarding traceroute command Jul 1, 2014 4:00 AM
Hi B1tmaps.
Navneet.Gaur wrote:
Hi B1tmaps.
1. If the routers are configured to block "all" icmp / udp packets, then you will not get any
replies at all.
2. The network.
Click on the image to enlarge
R1#traceroute 4.1.1.5
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
14
doubts regarding traceroute command
4. The block on R2
R2#show access-lists
Extended IP access list 101
10 deny icmp any any (10 matches)
20 permit ip any any
R2#
R2#show running-config
Building configuration...
---output omitted---
interface FastEthernet0/0
ip address 1.1.1.2 255.0.0.0
ip access-group 101 out
duplex auto
speed auto
5. The result.
R1#traceroute 4.1.1.5
Type escape sequence to abort.
Tracing the route to 4.1.1.5
1 1.1.1.2 84 msec 64 msec 32 msec
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *
R1#
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
15
doubts regarding traceroute command
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Take care,
Navneet.
I would attempt an explanation now I better understand your question B1tmaps, however it would seem that
Navneet and Sarah have both provided good answers for you.
Cheers
Seth
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
16
doubts regarding traceroute command
@Seth,
@B1tmaps,
Every router knows the next hop and will use its own routing table to proceed towards the destination. Time
exceeded is used for reporting purpose only.
R1 will look at its routing table, send it out to R2, to get to R5. R2 will use its routing table and send it out to R3
to get to R5. R3 will look into its routing table and finally the destination on R5.
So, I'm guessing when R1 does not receive a time exceeded from 192.168.1.2, the interface on R3, so on time
out (request time out), R1 now will send the next packet with the incremented TTL value, so it reaches R4 in
the above case and we see the response from 20.1.1.2 which is on R2...and proceeds further down.
I'm not going to be able to confirm the above as I'm having issues with Wireshark. Maybe someone else can
weigh in too.
Navneet.Gaur
Re: doubts regarding traceroute command Jul 1, 2014 12:47 PM
Hi Rick.
1. It's a pleasure.
Take care,
Navneet.
B1tmaps
Re: doubts regarding traceroute command Jul 2, 2014 4:10 AM
in response to Navneet.Gaur
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
17
doubts regarding traceroute command
Thanks Navneet and Sarah but I am suddenly very busy so randomly i chose some Helpful answers after
cursory look. Will get back soon and mark the correct answer.
Thank You Seth for contributing.
Ya I am indeed going thru a very bad patch
Bye cya
"My question was how does tracert/traceroute identify the remaining hops even when some routers deny
to reply to tracert/traceroute messages? Even after getting "Request Timeout" how does the tracert identify
the remaining hops?"
and when I started labbing it, that question kept bothering me....how does the source still know the routers
downstream. I knew, the answer is there, but I wasn't thinking (which proves how much more I need to work). I
was trying to see if there is any response that the source gets if Time-exceeded is blocked, so it figures out the
IP address of that router and gets past it. That logic too made no sense, and my wireshark gave up on me and
I couldn't confirm that either.None of the previous answers here too were able to point that out, and were just
clouding and working around your question.
Then I had a chat with Adam Loveless....who so effortlessly told me..."Its the routing table"....and of course my
reaction was oh #@#@!! that's it...!!
So, Adam, I'm going to take this opportunity to tell everyone how sweet you are and how you help everyone on
CLN while being so down to earth and unpretentious. Thank you for being so.
So, if anyone deserves to be credited, it has to be Adam Loveless, really I just came up with the answer "the
routing table" because of him, and anyone one can lab it after reading someone elses solution. And that's what
you were looking for I think B1tmaps....:"the routing table"
1 2 Previous Next
2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
18