Tracerouting in an IP Network

In Cisco IOS, when you issue the traceroute command on a router, it sends probes to the particular destination IP address that you specify. The probes sent out are UDP packets with a high destination UDP port. The first probe sent out has its IP TTL set to 1, the second probe has its IP TTL set to 2, and so on. In Cisco IOS, the high destination UDP port is a number that is greater than 30,000. Because the first probe sent out has a TTL of 1, the TTL of the packet expires on the next-hop router. Figure 13-1 shows what happens with the first probe when tracerouting.

Figure 13-1 Tracerouting in an IP Network: Probe 1

Probe 1

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 1

Dest UDP Port

= 35678

Router 1 10.1.1.1

Router 1 10.1.1.1

Router 2 10.1.1.2

Router 3 10.200.200.2

Router 4 10.200.203.2

Loopback 0 10.1.2.1

Router 5

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.1.1.2 TTL = 255 TTL Exceeded

As you can see, Router 2 creates an Internet Control Message Protocol (ICMP) message of the type "TLL exceeded" (ICMP type 11, code 0) and sends it to the originator of the packet. At that point, you get the first line in the output of the traceroute, displaying the IP address of the router that generated the ICMP message. You can see this in Example 13-1.

NOTE In Cisco IOS, three probes are sent by default for each TTL value.

Router 1 then sends a probe with TTL set to 2. This packet has its TTL expire on the third router. This router returns an ICMP "TTL exceeded" message, and the second line in the output of the traceroute appears. This is displayed in Figure 13-2.

Figure 13-2 Tracerouting in an IP Network: Probe 2

Probe 2

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 2

Dest UDP Port

= 35678

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 1

Dest UDP Port

= 35678

Router 1 10.1.1.1

Router 2 10.1.1.2

Router 3 10.200.200.2

Router 4 10.200.203.2

Loopback 0 10.1.2.1

Router 5

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 254 TTL Exceeded

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 255 TTL Exceeded

The process continues like this until a probe hits the destination—a router or host—with the IP address you provided in the traceroute command. The destination device receives the packet (the TTL is not expiring), notices that it is an UDP packet, but also notices that it does not have an application running for that particular UDP port. The reason for choosing such a high UDP port is that it is unlikely that an application on the destination device is using it and that the destination device will generate an ICMP message. The destination generates an ICMP "port unreachable" (ICMP type 3, code 3) message and sends it to the originator. Figure 13-3 illustrates the behavior of the last probe.

Figure 13-3 Tracerouting in an IP Network: Probe 4

Probe 4

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 4

Dest UDP Port

= 35678

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 3

Dest UDP Port

= 35678

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 2

Dest UDP Port

= 35678

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 1

Dest UDP Port

Router 1

Router 2 10.1.1.2

Router 3 10.200.200.2

UDP Port 35678?

Loopback 0 10.1.2.1

Router 4 10.200.203.2

Router 5

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.1.3.1 TTL= 252 Port Unreachable

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.1.3.1 TTL = 253 Port Unreachable

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.1.3.1 TTL = 254 Port Unreachable

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.1.3.1 TTL = 255 Port Unreachable

At this point, the traceroute stops, and the output looks like the one in Example 13-1.

Example 13-1 Example of a Traceroute in an IP Network

Router1#traceroute 10.1.2.1

Type escape sequence to abort. Tracing the route to 10.1.2.1

2 10.200.200.2 28 msec 28 msec 32 msec

3 10.200.203.2 28 msec 28 msec 28 msec

4 10.1.3.1 16 msec 20 msec 16 msec

Micro Expression Master

Micro Expression Master

If You Could Read Everyone Life A Book You Can Have Better Career, Great Relationships And Become Successful. This Book Is One Of The Most Valuable Resources In The World When It Comes To Reading the smallest and tiniest body Language and know what people are thinking about.

Get My Free Ebook


Post a comment