5.5.a ping, traceroute with extended options

Traceroute

General Operation

If you execute the traceroute ip-address command on a source device (such as a host, or a router acting as a host), it sends IP packets toward the destination with Time To Live (TTL) values that increment up to the maximum specified hop count. This is 30 by default. Typically, each router in the path towards the destination decrements the TTL field by one unit while it forwards these packets. When a router in the middle of the path finds a packet with TTL = 1, it responds with an Internet Control Message Protocol (ICMP) “time exceeded” message to the source. This message lets the source know that the packet traverses that particular router as a hop

There are some differences with the way the traceroute command is implemented in the various operating systems this document discusses.

Cisco IOS and Linux

The TTL for the initial User Datagram Protocol (UDP) datagram probe is set to 1 (or the minimum TTL, as specified by user in the extended traceroute command. The destination UDP port of the initial datagram probe is set to 33434 (or as specified in the extended traceroute command output). The extended traceroute command is a variation of the ordinary traceroute command which allows the default values of the parameters used by the traceroute operation such as TTL and destination port number to be modified. For more information on how to use the extended traceroute command, refer to Using the Extended ping and Extended traceroute Commands. The source UDP port of the initial datagram probe is randomized and has logical operator OR with 0x8000 (ensures a minimum source port of 0x8000). These steps illustrate what happens when the UDP datagram is launched:

Note: The parameters are configurable. This example starts with n = 1 and finishes with n = 3.

  1. The UDP datagram is dispatched with TTL = 1, destination UDP port= 33434, and the source port randomized.
  2. The UDP destination port is incremented, the source UDP port is randomized, and the second datagram dispatched.
  3. Step 2 is repeated for up to three probes (or as many times as requested in an extended traceroute command output). For each of the probes sent, you receive a “TTL exceeded” message, which is used to build a step-by-step path to the destination host.
  4. TTL is incremented, and this cycle repeats with incremental destination port numbers, if the ICMP “time exceeded” message is received. You can also get one of these messages:
    • An ICMP type 3, code 3 (“destination unreachable,” “port unreachable”) message, which indicates that a host has been reached.
    • A “host unreachable,” “net unreachable,” “maximum TTL exceeded,” or a “timeout” type of message, which means that the probe is resent.

Cisco routers send UDP probe packets with a random source port and an incremental destination port (to distinguish the different probes). Cisco routers send the ICMP message “time exceeded” back to the source from where the UDP/ICMP packet was received.

The Linux traceroute command is similar to the Cisco router implementation. However, it uses a fixed source port. The -n option in the traceroute command is used to avoid a request to a name server.

R2#traceroute 10.1.1.4 numeric
Type escape sequence to abort.
Tracing the route to 10.1.1.4
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.1.1 1 msec 0 msec 0 msec
2 10.1.1.4 1 msec * 1 msec
R2#traceroute 10.1.1.4 numeric
Type escape sequence to abort.
Tracing the route to 10.1.1.4
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.1.1 5 msec 1 msec 1 msec
2 10.1.1.4 1 msec * 1 msec

see Narbik Gap Lab 07-1 task 2, below:

2.5.d General operations