Some doubts regarding traceroute command

urviurvi Member Posts: 79 ■■□□□□□□□□
Hi Friends, 1) I was thinking how does traceroute or even tracert(in Windows) finds the remaining hops when it is getting "***** Request Time out" in the reply messages ? For example a sample below - PC>tracert 192.168.4.10 Tracing route to 192.168.4.10 over a maximum of 30 hops: 1 103 ms 45 ms 91 ms 192.168.1.1 2 56 ms 110 ms 125 ms 64.100.1.101 3 174 ms 195 ms 134 ms 64.100.1.6 4 246 ms 183 ms 179 ms 64.100.1.34 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 217 ms 285 ms 226 ms 64.100.1.62 9 246 ms 276 ms 245 ms 64.100.1.154 My question was how does tracert/traceroute identify the remaining hops even when some routers deny to reply to tracert/traceroute messages? Even after getting "Request Timeout" how does the tracert identify the remaining hops? [The above example is jsut imaginary and simulated but it mimics real life scenario and is cited jsut as an example] 2)My 2nd query was does hops in tracert or traceroute mean only "Routers" or it includes "Host PCs' as well? 3) I have windows 7 OS but when I ping from command line it shows different TTL values for different ip addresses! Why is that? For eg - a)For 127.0.0.1 TTL=128 b)For 192.168.1.1 TTL=64 c)For 172.14.102.1 TTL=63 Why are different TTL values for different ip addresses?? If someone cal please explain to me . Thanks in advance

Comments

  • georgiosgeorgios Member Posts: 48 ■■□□□□□□□□
    I think router protocol part of the book can explain those.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    The way that traceroute works is by incrementally increasing the TTL value of packet as it is send to the destination. Any router between the source and destination *may* send back an ICMP code 11 "Time exceeded" if the TTL is 0 when the packet reaches that router. If the router is configured to not send back the ICMP "Time exceeded" error code, then you will get a request time out message, the next packet will have a higher TTL value which the router which did not respond would forward to the next hop. Hope that makes sense.
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    urvi wrote: »
    My question was how does tracert/traceroute identify the remaining hops even when some routers deny to reply to tracert/traceroute messages? Even after getting "Request Timeout" how does the tracert identify the remaining hops?

    "The sender expects a reply within a specified number of seconds. If a packet is not acknowledged within the expected interval, an asterisk is displayed. The Internet Protocol does not require packets to take the same route towards a particular destination, thus hosts listed might be hosts that other packets have traversed. If the host at hop #N does not reply, the hop is skipped in the output."

    traceroute - Wikipedia, the free encyclopedia
    urvi wrote: »
    2)My 2nd query was does hops in tracert or traceroute mean only "Routers" or it includes "Host PCs' as well? 3) I have windows 7 OS but when I ping from command line it shows different TTL values for different ip addresses! Why is that? For eg - a)For 127.0.0.1 TTL=128 b)For 192.168.1.1 TTL=64 c)For 172.14.102.1 TTL=63 Why are different TTL values for different ip addresses?? If someone cal please explain to me . Thanks in advance

    So for your ethernet interface, the default TTL appears to be 64. Since ping'ing your default gateway (192.168.1.1) does not actually pass through the router, the TTL is not decremented and it reimains at 64. The reason it is reduced by one when ping'ing the IP 172.14.102.1, is because your packet is passing through your router to get there.

    As far as localhost being 128, I'm just going to assume that's a Windows quirk. But I don't know.
  • urviurvi Member Posts: 79 ■■□□□□□□□□
    Hi Thanks all of you specially Paul and Yfzblu. You really understood my problem. icon_smile.gif Actually , I will be more specific in my query and forgive my English- I want to know when some hops have rejected the traceroute packets ,(i know that the TTL value is regenerated by the source router and value is incremented by 1 for each new hop ) but how does the source router make the packets pass those routers which dont let the traceroute packet to pass,say, by using some Access-list or using some Firewall?
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Ahh - I see the confusion. The packets aren't actually being rejected. What's happening is that the router is not sending an icmp time-exceeded packet back to the source.

    When a source device is trying to do a traceroute to a destination device, it starts by sending 1 packet with a TTL of 1 (or is it zero, I can never remember) to the destination. The first router hop will see that the packet has exceed the time-to-live and has too choices. It can either drop the packet or send an ICMP time-exceeded packet back to the source device. If the device sends an ICMP time-exceeded packet back to the source device, that's how the source device knows the IP of the router. The source device will then send 1 more packet but this time with a TTL of 2. The source device will continue with incrementing the TTL everytime it sends a new packet until it reaches the destination device.

    One note that I think people sometimes get confused about, there is no such thing as a traceroute packet. The source device can send ICMP, TCP, or UDP. Unix systems for example usually use UDP. It is traceroute implementation specific. And I think Windows default tracert uses ICMP. That's why sometimes you will get different behaviour if a firewall blocks UDP packets as an example.
  • urviurvi Member Posts: 79 ■■□□□□□□□□
    Thanks Paul78 but what happens when the Router don't send back a Time Exceeded message back to the originating source device ?
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    What happens is that the traceroute implementation on the source device will typically implement a timeout timer and then increment the TTL and send the next packet.

    That is the:

    * * * Request timeout

    that you mentioned being reported by traceroute application.
Sign In or Register to comment.