分类: 网络与安全
2008-03-13 09:12:03
* Windows版本:
Tracert
通过递增“生存时间 (TTL)”字段的值将“Internet 控制消息协议 (ICMP) 回响请求”消息发送给目标可确定到达目标的路径。所显示的路径是源主机与目标主机间的路径中的路由器的近侧路由器接口列表。近侧接口是距离路径中的发送主机最近的路由器的接口。
该诊断工具通过更改“生存时间 (TTL)”的值向目标发送“ICMP 回响请求”消息来确定到达目标的路径。要求路径上的每个路由器在转发数据包之前至少将 IP 数据包中的 TTL 递减 1。这样,TTL 就成为最大链路计数器。数据包上的 TTL 到达 0 时,路由器应该将“ICMP 已超时”的消息发送回源计算机。Tracert 发送 TTL 为 1 的第一条“回响请求”消息,并在随后的每次发送过程将 TTL 递增 1,直到目标响应或跃点达到最大值,从而确定路径。默认情况下跃点最大值是 30,可使用 -h 参数指定。检查中间路由器返回的“ICMP 超时”消息与目标返回的“回响答复”消息可确定路径。但是,某些路由器不会为使用到期 TTL 值的数据包返回“已超时”消息,而且有些路由器对于 tracert 命令不可见。在这种情况下,将为该跃点显示一行星号 (*)。
要跟踪路径并为路径中的每个路由器和链路提供网络延迟和数据包丢失信息,请使用 pathping 命令。
只有当网际协议 (TCP/IP) 协议在 
网络连接中安装为网络适配器属性的组件时,该命令才可用。
举例:
tracert corp7.microsoft.com
tracert -d corp7.microsoft.com
tracert
-j
详细参数参见windows帮助
* Linux版本:
It starts by sending an IP packet (either ICMP or User Datagram Protocol—UDP) to its specified destination, but it sets the TTL field to 1. The packet "expires" at the first hop, and that router tells us that the packet expired using an ICMP message, which allows us to identify where that first hop is. Now we send another IP packet off to the destination, but this time the TTL field is set to 2. The packet will expire at the second hop, and that router will notify us once again. By continually incrementing the TTL until we reach the destination, we can discover which routers are standing in between our host and our destination.
* 图形版本:
Windows:
Linux:VisualRoute and McAfee Visual Trace: and
图形版本依赖whois数据库,未必精确
|
Table 14-3: Traceroute Options
|
|
|
Option |
Explanation |
|
-g |
Specifies a loose source-routing list for the packet to follow. |
|
-i |
Specifies the network interface to use when choosing a source IP address
to route from (for hosts with more than one network interface). |
|
-I |
Uses ICMP instead of UDP for the traceroute. By default, traceroute
sends UDP packets to ports that normally don't have anything listening on
them, so that the destination host will respond with an ICMP PORT_
UNREACHABLE message when the packet reaches its destination. |
|
-m |
Sets the maximum number of hops to take before reaching the destination.
If traceroute doesn't reach the destination in hops number of hops, it
gives up. The default is 30. |
|
-n (Unix) |
Does not resolve IP addresses. Usually makes your traceroute a lot
faster, but obviously you give up obtaining useful location-based information
from the hostnames. |
|
-p |
If we're using UDP traceroute and the destination actually has someone
listening on or around the default UDP port (which is 33434), we can specify
a different port here. |
|
-w (Unix and Windows) |
Sets how long traceroute should wait for a response from an intermediate
hop. |
# traceroute
traceroute to
1
2 192.168.0.101 (192.168.0.101) 0.274 ms 0.195 ms 0.191 ms
3 192.168.0.86 (192.168.0.86) 0.415 ms 0.321 ms 0.329 ms
4
每个节点有3个响应时间。可能中间有*但不影响trace,一般为该点不回送ICMP报文。有可能是防火墙阻挡或者ICMP "time exceeded"太短。
错误信息:
|
Table 14-4: Traceroute Hop
Information |
|
|
Flag |
Description |
|
!H |
ICMP host unreachable |
|
!N |
ICMP network unreachable |
|
!P |
ICMP protocol unreachable |
|
!S |
Source route failed |
|
!F |
Fragmentation needed |
|
!X |
Communication administratively prohibited |
|
!# |
ICMP unreachable code # |
使用-v可以查看详细的错误信息。
# traceroute -v 222.91.95.226
traceroute to 222.91.95.226 (222.91.95.226), 30 hops max, 46 byte packets
1
2
192.168.0.101 (192.168.0.101) 36 bytes to
3
172.19.109.57 (172.19.109.57) 36 bytes to
4 *
172.19.109.57 (172.19.109.57) 36 bytes to
5
172.19.109.57 (172.19.109.57) 36 bytes to
只有防火墙和入侵检测系统能阻挡外部traceroutes。Traceroute优先使用UDP协议,而不是ICMP(Uses ICMP instead of UDP for the traceroute. By default, traceroute sends UDP packets to ports that normally don't have anything listening on them, so that the destination host will respond with an ICMP PORT_ UNREACHABLE message when the packet reaches its destination.)
Linux上把/proc/sys/net/ipv4/icmp_echo_ignore_all设置为1,无法ping通,但是traceroute可以跟踪的。
