What protocol is used for tracert. Description of the TRACERT command. Parameters and keys of the TRACERT utility

Vikonu trasuvannya to the point of recognition for help sending to the addressee moon-reminder. The message is sent via the Control Message Protocol (ICMP) with a permanent increase in the meaning of the term packet life (Time to Live, TTL).

Ways to see - this is a list of the closest router interfaces that are located on the way between the node of the dzherel and the point of recognition. The closest interface is the interface of the router, which is the closest to the router's node on the highway. Launched without parameters, the tracert command will display a conclusion.

To re-verify the measure, you can also speed up with the commands:

• PING - the main TCP / IP command, which is used to fix a problem in the network, check accessibility and resolve names;
• PATHPING - provide information about network latency and spend data on intermediate nodes.

Parameters and keys of the TRACERT utility

tracert [-d] [-h max_hops] [-j host_list] [-w interval [target_computer_name]

• -d - Try the tracert command to resolve the IP address of intermediate routers into names. Better visibility of the results of the tracert command.

• -h max_number_hops - Sets the maximum number of transitions to the route when searching for the final object. The value for locking up is 30.

• -j nodelist - Indicate for echo-requesting the inclusion of a free routing parameter in the IP header with a set of intermediate destinations assigned in the list_of_nodes. With proper routing, successful intermediate locations can be separated by one or more routers. The maximum number of addresses or names in the list is 9. The list of addresses represents a set of IP addresses (in dotted-decimal notation), separated by spaces.

• -w interval - Indicate in milliseconds the hour of vouching for the omission of moon-watches to the ICMP protocol or ICMP-alert about the end of the hour, in case of moon-request notifications. If you didn’t take the sheet by stretching the given hour, a star (*) will appear. Timeout after prompt 4000 (4 seconds).

• target_computer_name - Specify a point of recognition, assigned by IP address or node name.

• -? - Show proof in command line by the tracert utility.

Apply TRACERT commands

• To display the finalization in the command line on the command enter: tracert /?;
• In order to trace the path to the node, enter the command: tracert.ya.ru;
• To traverse the path to the node and forget to allow the skin IP address in the name, enter: tracert -d ya.ru.

Video - Robot with TRACERT utility

When searching for the causes of problems in the merezhі, the utility tracert sit in another place after the utility ping. Tracert(On Linux "e traceroute) Allowing you to designate a problem on some dealers (between some routers). To use the program, you need to use the command line a row of Windows abo linux viconati command:

Tracert yandex.ru

press enter, and bachimo approximately advance:

The image shows that between my computer and the yandex.ru server there are 12 intermediate routers, indicating the IP addresses of the routers and the hour of the packet passing to the skin router.

As if there was a problem on my destination (the route cannot be recognized to the destination, there is no connection with the next router, the node is not recognized in the destination, etc.) either way, it is possible to change the transit time of the packet, and to change the IP address of the router nya "Overloaded check interval for request ":

So how does the tracert utility work?

In order to pass on the power circuit, you need to guess the structure of the IP packet, or rather, guess about one field - TTL (Number of hops):

When the packet is edited, the field is set to 255 and then, the skin router, through which the packet passes, the value is changed by 1 tobto TTL=TTL-1. The router, which accepts the packet with TTL = 1, changes it to one, and then sees the packet, so that the value of the TTL field of the packet becomes one 0. After the packet has been rejected by the router, the ICMP notification with code 11 is sent to the packet manager: "Revisiting the timchasovy interval". At the header of the IP packet with ICMP messages dzherelomє IP addresses of the router that dropped the packet, and recognized- IP-addresses of the computer that sent the outgoing packet.

Now it’s not hard to figure out how to work Tracert:

• The IP packet is sent to the instructions of the vuzol (in our yandex.ru application) with the values ​​of the TTL field = 1
• the first router to the path of the packet changes the TTL and Drop (down) the packet
• The router manages ICMP to notify that the packet has died
• utility Tracert tracing an ICMP packet to the IP address of the router
• Anything not specified otherwise in startup options Tracert, Then the DNS server is overpowered and domain name router, which is
• The IP address (or domain name) of the first router is displayed in the console
• The IP packet is being redirected to the VUZOL, but TTL = 2
• Dropan packet on another intermediate router
• The procedure is repeated until the end, until the arrival of the recognition node (yandex.ru) or the number of intermediate nodes does not exceed the maximum value for tracert- 30 nodes.

The axis is cool and everything, nothing folding!

Live in a life of turmoil (especially for dial-up short-lived 😉 moments, if it’s impossible to reach some host (I often have www.microsoft.com; - |) - then a utility will come to the rescue (in Windows - tracert .exe For help, you can try to assign an IP-merezhі to such a dealership, becoming a loser - either the host has fallen, or the provider has a galma, or it’s bad for you with IP-s'dnannyam :).

But why do I love tracert in a fair way - so for the possibility of maintaining the IP-merezh, for the vino yes - and the stench is different, for the scale and for the purpose of directing;). First of all, you may need to check with your provider. For the help of traceroute, you can do it yourself, zastosovuchi in practice otrimani theoretical knowledge - about routing, DNS servers, backbone, pidmerezh systems, and that's a little about what;).

How do you work?

For the beginning, it is necessary to guess the format of the IP packet header, more precisely, one of the fields is TTL (Time To Live). This eight-bit field specifies the maximum number of hops (hop - "string" - datagrams passing from one router to another) with which packet can be included in the merezhі. leather router,
Process this datagram, complete the operation TTL = TTL-1. If TTL goes to zero, the router drops the packet,
ICMP notification override Time
Exceeded.

The utility sends a packet with TTL = 1 directly to the specified host, and checks which turn time exceeded. Vidpovidalny is recorded as the first hop (the result of the first croque on the road to the point). Then the packets with TTL = 2, 3, 4 and so on are forced sequentially. in order, until at the current value of the TTL the packet is not available to me and is not taken away from it.

* Nix traceroute sends UDP packets to the given host on a specific port - more for all not being taken by another service (for example 28942, 30471) or for reservations, for example 0, for locking - 33434. A series of 3 such packets with TTL = 1, upon arrival of arrivals, the hour of passage is set and the domain name of the transit node is determined (if you want to deposit in the given options). Then, a black series of packets with the same TTL are added, which are used for displaying one and the same hop. In the end, we will accept the end host as a port unreachable port, which means that the routing is complete.
The standard Windows console tracert works exactly the same, but sends only ICMP echo request packets.

I myself want to shrivele like a standard tracert, so we’ll sew it into CyberKit
See also Necrosoft Quick Traceroute). I can't do anything with Linux - I used only the standard Debian "ivsky traceroute :).

At the end, I’ll say, don’t try to experiment - it’s only possible in this way according to the right “understanding” measure. Look for information and swear by it. Hai be happy.

Practical lessons № 03-006

Merezheva tracert utility (traceroute in Linux, Cisco IOS, MAC OS). Principles of work and vikoristannya.

utility tracert victorious to follow the routes of IP packets in the chains, which is based on the variation of the TCP / IP protocol stack, including global measure Internet. In case of varying numbers, the programs need to remember that when robots are generated, a large number of IP packets are generated both on your host and on intermediate routers. Tse I create an addendum on the mesh.

tracert [- d] [- hmaximum number] [- j list of nodes] [-w interval] [target_computer_name]

parameters:

- d vіdmova vіd allow IP address of intermediary nodes in names

- hmaximum number the maximum number of transitions (strings) when searching for a recognized node

-j nodelist set a variable parameter of a valid routing in the IP header with a set of intermediate recognition points, specified in list of_nodes

-w interval set in milliseconds the hour of skin examination

target_computer_name sets the point of recognition, identified by IP-address or node name.

The robot of the utility is based on the manipulation of the fields of the standard header and options of the IP packet header. The main tool of the utility is instead of the "hour of life" field (or TTL).

Obov'yazykovym element є IP address or name of the node recognized.

After omitting this type of message, the utility edits a series (call three) of packets to the given address with the inserted TTL values ​​equal to 1. The chances of reaching the addressee of the packets are not possible; aє 0. And such a package of wines of goiter will be depleted after the end of the allowed hour of life in the border. Ale, when the goiter router is sent to the manager of the ICMP packet-none, notifications about the tragic share (type 11, code 0).

As a result, your computer promptly rejects three notifications about the lowering of the previous packages. Remembering the hour of the alarm and fixing the hour of the ICMP notification, the tracert utility does not care about the middle hour of the alarm, as it appears on the screen.

Then we start a series of packets with TTL equal to 2, and so on until the packets reach the point of recognition.

If at the address of the host or the router you receive an addressing packet with TTL, if you have reached the value 1, the vin is accepted. There is no need to overcome the need, ICMP notifications about the end of the hour of life will not be generated.

In order to recognize that the transfer has been successfully completed, all series of packets are sent with UDP notifications added to them, from the assigned port number, which is not known to the owner. On the intermediate routers, there is no value, but the owner, having recognized the failure to speed up the deposited information, appears to be confused about the source of the authority with the same ICMP protocol, and with other values ​​of type (3) and code (3) of notification.

Such information is interpreted by the manager as confirmation of the completion of the inspection.

An important feature of the tracert utility is the ability to recognize the names of intermediate nodes. This allows you to put together a statement about the organizational structure and geographic distribution of the route of the packets.

The names of the nodes are based on the Domain Name System (DNS):

Formally, and coristuvachi, and programs can be sent to hosts, mailed screenshots those other resources in the Internet for their IP addresses, even though for the program the procedure "memory" IP addresses are not disturbed by anything in the "memory" whether any other 4 bytes of information, whether of any type, then for corystuvach it is important just from the point of view to organize our memory. In addition, the identification of any services with IP addresses of hosts or servers, on which they function, will greatly complicate the procedure of transferring them to different needs. For the appearance of the "human factor" and the addition of machine names to their address, it was necessary to select ASCII text names. Prote, merezha rozumіє іlki іlki іlki іlіnі іrіdії, іn prоіbіn іnіzmіnіnіnіnіnі ASCII-ryadkіv іn IP аddresses.

If everything had just begun, in the ARPANET the difference between text and binary addresses was saved in special files , in which all hosts and their IP addresses were protected. In Merezha, which is made up of hundreds of great machines, such a pidkhid pratsyuvav is quite pleasant.

And if thousands of working stations were connected to the border, there were problems: the number of records grew quickly, it was necessary to save money, and centralized management of the names of all hosts in the gigantic international network was difficult to complete.

For the solution of these problems, the bula was divided domain name service (DNS, domain name system). This system is victorious for the conversion of hostnames and recognition points email in an IP address, but it can also be used for other purposes. The designation of the DNS system was given in RFCs 1034 and 1035.

Domain names are called names, which are composed of words, between which to put a spot. The only word of the name is given to the host. All other words satisfy their domain name. The naming system has a hierarchical, tree-like structure.

Leather vuzol (cups for little ones) can be labeled up to 63 symbols. The root of the tree is a special vuzol without a mark. Tags can take revenge capital letters abo small. The name of the domain (domain name) for any node in the tree is a sequence of marks, which starts from the node and acts as a root, with which the marks are divided by points. (Here you can see the vіdmіnu vіd zvichnoї us file system, De povny path starts from the top (root) and descends down the tree).

Use the root name, which is denoted by the symbol ".", It is often not written in the domain name. Іsnuyut domain names of the first level. They are divided into 2 categories - domain names in territories and domain names in subject areas. Domain names of another equal and next ones can be the same, in which case it is impossible to use two identical domain names or hosts. Since N i is the domain name of the i-th equal, and T is a word, then the domain name i + 1 equal follows the rule N i +1 = T + N i .. The domain name ends in short, it is called an absolute domain name (absolute domain name) or a fully qualified domain name (FQDN).

Once again, the IP address shards uniquely identify hosts in a group, based on a one-to-one correspondence between anonymous host names and anonymous addresses.

The setting value is set by the table, in which style of records like "Hostname, IP-addresses", the number of host domain names. When naming a new host, the entry in the table needs to be added, as if renaming is necessary, the entry needs to be changed. Corystuvatisya such a system of names manually, so that the stench is easily forgotten and not tied to the territorially localized IP-merezh. Transferring resource understandings from one host to another, you just need to change the entry for that name in the name table. On one site it is easy to trim such a table for the Internet and it is impossible to upgrade it in the current state.

Database DNS є rozpodіlenoyu. ІєєєІаrchіchnіy systemі і ініні відпоідє ієієрічічна system DNS servers, On any placement of fragments of the table. Ideally, for a skin domain, an okremy name server is to blame. At the database of the name server, no matter how equal, records are kept about all child domains of the offensive equal. All domains of the first level are placed in the database of root servers (root name servers). Your service organization NIC.

In reality, one host can host a database for a number of domains, and however, or a cross-border database can be hosted on multiple hosts. The head of the name tree, which is known under the same management at the same time as the hosts on which the data base is set up, is called the DNS zone. Ring in the zone - one primary DNS server (primary name server) and a few backup (secondary name servers). Changes in the zone are entered into the database of the primary zone server with further duplication of information on the secondary server.

The process of transferring information from the primary server to the secondary server is called zone transfer. If there is a new host in the zone, the administrator adds additional information (minimum, name and IP address) to the disk file on the primary server. The secondary servers regularly check the primary ones (sound the skin for 3 years), and as the primary ones, they keep new information, the second one takes away the most recent transfers of the zone.

Depending on the given functionality of the system and її structure, the following two components are included in the protocol: the protocol for resolving names in IP addresses and the protocol for exchanging data between nodes of the distributed data base, zone, between the main and backup servers of the zone.

The system will allow the address.

In order for the software security of the TCP / IP protocol stack to be handled by the name service, the stack settings are responsible for specifying the IP address of the name server, the host or another server that accepts requests from the host. If the application element wins for identifying the other party in the domain name session, the IP address discovery process is initiated. The Host Name Service Application Element requests the name server. If the name server can allow the address, then it will correct the answer to the address. If the nameserver cannot allow the request, it may initiate two scripts to allow the name

the server sends the address of the root name server in the warehouse, and the host forms a request to the th server (iterative request).

The zone server forms a request to the root server, retrieving the input, buffering it, and editing the input with the host address, requesting the service (recursive request).

The opinion of the server, which controls the domain, is called authoritative.

The name server on the Internet is responsible for cleaning up the base addresses of the root servers.

allowed names . While its main function is to allow the domain name of the host in the IP address, the DNS protocol securely and reversely allowed the IP addresses in the domain name for the additional subzones of the reverse zone in_addr.arpa.

The very feasibility of this protocol allows the tracert utility not only to be successfully used when specifying a trace window, but also to give us information about the names of intermediate nodes.

Nutrition for self-verification

What is the system of domain names and why wins.

What is the maximum size of the domain node tag

Yake im'ya maє root DNS domain

How to type and code ICMP tracert tracert utility

Like the IP header field of the packet is selected for setting the packet lifetime in the tracert utility

tracert utility options

Purpose of the tracert utility and its options

Necessary possession

IBM PC - a sum of EOM with a licensed Windows operating system, connected up to local lines, go to the Internet.

manager

1. Using the tracert command, determine the route for extending IP packets to the site www.sgu.ru

2. Using the tracert command, set the route for extending IP packets to one of the target sites: www. nla. gov. au , www. ibge. gov. br , www. kunaicho. go. jp(You can choose any site beyond the borders of Russia).

3. Repeat the trace with the -d option.

4. Describe the structure of the DNS name traced by you server.

5. Victory services www. ip2 location. com/ demo. aspx(Abo analogous) and select a clear space for the expansion of intermediate points on the route.

6. Paint the route map.

7. Comment on the results.

The message about the robot is displayed in other or electronic form with the submission of copies of the screens of the robot utility.

Zastosuvannya of these utilities allows you to run a route to a remote host, set the round-trip delay time (RTT-round-trip delay time), IP-addresses and in the current domain names of the intermediate router. Their work is based on ICMP notifications about pardons.

How to practice Tracert.

The time of life (TTL) value of the first packet is changed to 1. If the IP protocol of the first router receives the packet, then it will change the TTL to one and reject 0 according to its algorithm. є node-jerelu ICMP - notification about pardoning the end of the hour by datagrams (ICMP notification type 11 code 0). Do you want to know the name of the router and its IP address. When the ICMP notification arrives at the router, the timer value determines the packet turnover time (RTT), as well as (from the ICMP notification) the name of the IP address of the intermediate router. Let's force the attacking IP packet, but now from the TTL values ​​\u200b\u200bwe equal 2. This packet will already reach another router, but again I "die" there about a similar one, but the rank is reported to the node of the manager. And so until quiet fir, until you reach the end knot. On the basis of these findings, there will be a trace. for example:

Route routing to rt.ru with a maximum number of streams 30: 1 3 ms 1 ms 2 ms net235-72.ufa.ertelecom.ru 2 2 ms 2 ms 1 ms bb2.bsr02.ufa.ertelecom.ru 3 2 ms 1 ms 1 ms lag-10-438.bbr01.samara.ertelecom.ru 4 18 ms 18 ms 18 ms 46.61.227.202 5 19 ms 19 ms 18 ms 46.61.227.201 6 19 ms 19 ms 19 ms so-0-0-0.m10 -ar2.msk.ip.rostelecom.ru 7 19 ms 19 ms 19 ms 109.207.0.226 8 19 ms 19 ms 19 ms www.rt.ru Routing completed.

Given the trace mi bachimo that the host www.rt.ru is available with the number of streams (hops) - 8, yogo ip 109.207.14.4, and the hour of the round trip to this resource becomes 19ms.

How to practice Traceroute.

The principle is identical, for one blame. Utila for zamovchuvannyam, send UDP-datagrams to the specified host to some other port, call - to "high", more for all not busy with another service (for example 12500, 30678) or for reservations (for example 0), in fresh versions lock-in port - 33434. A series of 3 such packets with TTL = 1 is superseded, upon arrival of the letters, the transit hour is set and the domain name of the transit node is assigned. Then, as it was said above, the last series of packages with TTL = 2 and so on are being overpowered. In the end, we will accept the type of the end host in the “Port unreachable” (PORT_UNREACHABLE), which means the completion of the routing.

An example of tracing to the same resource:

Traceroute to rt.ru (109.207.14.4), 30 hops max, 40 byte packets 1 * * * 2 bb1.bsr02.ufa.ertelecom.ru (212.33.234.101) 13.059 ms 13.222 ms 13.597 ms 3 lag-10-438. bbr01.samara.ertelecom.ru (212.33.233.111) 0.360 ms 0.382 ms 0.612 ms 4 46.61.227.202 (46.61.227.202) 17.484 ms 17.511 ms 17.512 ms 5 46.61.2 27.201 (46.61.227.201) 17.803 ms 17.791 ms 17.778 ms 6 so -0-0-0.m10-ar2.msk.ip.rostelecom.ru (87.226.139.74) 18.179ms 18.211ms 17.988ms 7 109.207.0.226 (109.207.0.226) 18.213ms 18.697ms 18.28 8 ms 8 * * * ^ C

Because of the result of the vivedennya, the blame was given, why in this day the trasuvanny did not last until the end, and the so-called stars (* * *) appeared at the Visnovka, and the vidpovіd yakraz and polagaє vіdminnіst (in this butt). Even more often, routers / hosts are set up in such a way that they don’t stink on a similar kind of drink, in such a state, stars appear. Tse absolutely does not mean that there are problems. Tse to fight for the sake of rozvantazhiti obladnannya. In this application, 1 and 8 hop is not recognized on UDP datagrams, however, if you run the traceroute utilities with the -I key, then trace the route, which I send the given key to using ICMP datagrams.

$ Traceroute -I rt.ru traceroute to rt.ru (109.207.14.4), 30 hops max, 40 byte packets 1 .ufa.ertelecom.ru (212.33.234.101) 8.095ms 38.117ms 50.262ms 3 lag-10-438.bbr01.samara.ertelecom.ru (212.33.233.111) 0.382ms 0.407ms 0.417ms 4 4 6.61.227.202 (46.61.227.202 ) 17.592 ms 17.623 ms 17.613 ms 5 46.61.227.201 (46.61.227.201) 17.597 ms 17.609 ms 17.613 ms 6 so-0-0-0.m10-ar2.msk.ip.rostelecom.ru (87.226 .139.74) 17.943 ms 17.924 ms 18.001 ms 7 109.207.0.226 (109.207.0.226) 18.092 ms 18.026 ms 18.010 ms 8 www.rt.ru (109.207.14.4) 18.205ms 18.301ms 18.308ms

Visnovok.

The following indicates that the marks can be blamed when traversing ICMP packets, but it does not mean that there is a problem. All lie down in order, as if the administrator had secured the possession. All yoga is free and nalashtovuetsya out of yoga needs. This phenomenon is completely normal. So there is no trace of panic, as the terminal host does NOT ping. As a whole it is possible that the resource simply closed up looking at them.