一、TraceRoute的工作原理
traceroute可使用的协议有:ICMP、UDP和TCP。Microsoft使用ICMP;unix和cisco router等一些系统使用UDP,Ubuntu使用的是ICMP或TCP。
a. ICMP traceroute: 使用ICMP Echo Request, Echo Reply and TTL-expired.
源发出ICMP Equest,第一个request的TTL为1,第二个request的TTL为2,依此递增直至第30个;中间的router送回ICMP
TTL-expired ( ICMP type
11)通知source(packet同时因TTL超时而被drop),由此source知晓一路上经过的每一个router;最后的
destination送回ICMP Echo Reply。
所以中间任何一个router上如果封了ICMP Echo
Request, traceroute就不能工作;如果封了type 11 (TTL-expired),
中间的router全看不到,但能看到packet 到达了最后的destination;如果封了ICMP Echo
Reply,中间的全能看到,最后的destination看不到。
b.UDP traceroute: 使用ICMP TTL-expired(type 11), ICMP port unreachable(type 3, code 3), UDP port >32768.
source发出UDP packet, source port使用随机的任何大于32768的高段port, destination
port从33434开始每送个probe依此递增,直至33434+29,(cisco
router上使用extended-traceroute命令可以修改这个起始的33434 port #), 同时TTL从1开始依此递增,直至1+29=30(最多送30个probe)。中间的router送回 ICMP
TTL-expired,使得source得知了中间的每一个router,最后的destination送回TTL-expired 和ICMP
port unreachable (因为任何主机上都没有应用使用UDP port# >32768这样的高段port)。
所以中间某处封掉UDP
port>32768回导致traceroute不工作;封掉TTL超时会使source看不到中间的router(有的router根本不支持回
送TTL超时);封掉type3 code3可能看不到destination.
另外需要知道的是,由于回送TTL-expired的信息需要CPU生成一个packet,必须打断 CPU,为保证其它工作的正常进行,cisco
router每隔一秒才处理traceroute,所以在source 上你可能看到中间一路 * * *,但却看得到最后的destination.
这时你应知道这是中间的router CPU太忙或者中间路由器不回送TTL-expired包的原因。二、ubuntu中的用法
Usage:
traceroute [ -46dFITnreAUV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w waittime ] [ -q nqueries ] [ -s src_addr ] [ -z sendwait ] host [ packetlen ]
Options:
-4 Use IPv4
-6 Use IPv6
-d --debug Enable socket level debugging
-F --dont-fragment Do not fragment packets
-f first_ttl --first=first_ttl
Start from the first_ttl hop (instead from 1)
-g gate,... --gateway=gate,...
Route packets through the specified gateway
(maximum 8 for IPv4 and 127 for IPv6)
-I --icmp Use ICMP ECHO for tracerouting
-T --tcp Use TCP SYN for tracerouting
-i device --interface=device
Specify a network interface to operate with
-m max_ttl --max-hops=max_ttl
Set the max number of hops (max TTL to be
reached). Default is 30
-N squeries --sim-queries=squeries
Set the number of probes to be tried
simultaneously (default is 16)
-n Do not resolve IP addresses to their domain names
-p port --port=port Set the destination port to use. It is either
initial udp port value for "default" method
(incremented by each probe, default is 33434), or
initial seq for "icmp" (incremented as well,
default from 1), or some constant destination
port for other methods (with default of 80 for
"tcp", 53 for "udp", etc.)
-t tos --tos=tos Set the TOS (IPv4 type of service) or TC (IPv6
traffic class) value for outgoing packets
-l flow_label --flowlabel=flow_label
Use specified flow_label for IPv6 packets
-w waittime --wait=waittime
Set the number of seconds to wait for response to
a probe (default is 5.0). Non-integer (float
point) values allowed too
-q nqueries --queries=nqueries
Set the number of probes per each hop. Default is
3
-r Bypass the normal routing and send directly to a
host on an attached network
-s src_addr --source=src_addr
Use source src_addr for outgoing packets
-z sendwait --sendwait=sendwait
Minimal time interval between probes (default 0).
If the value is more than 10, then it specifies a
number in milliseconds, else it is a number of
seconds (float point values allowed too)
-e --extensions Show ICMP extensions (if present), including MPLS
-A --as-path-lookups Perform AS path lookups in routing registries and
print results directly after the corresponding
addresses
-M name --module=name Use specified module (either builtin or external)
for traceroute operations. Most methods have
their shortcuts (`-I' means `-M icmp' etc.)
-O OPTS,... --options=OPTS,...
Use module-specific option OPTS for the
traceroute module. Several OPTS allowed,
separated by comma. If OPTS is "help", print info
about available options
--sport=num Use source port num for outgoing packets. Implies
`-N 1'
-U --udp Use UDP to particular port for tracerouting
(instead of increasing the port per each probe),
default port is 53
-UL Use UDPLITE for tracerouting (default dest port
is 53)
-P prot --protocol=prot Use raw packet of protocol prot for tracerouting
--mtu Discover MTU along the path being traced. Implies
`-F -N 1'
--back Guess the number of hops in the backward path and
print if it differs
-V --version Print version info and exit
--help Read this help and exit
Arguments:
+ host The host to traceroute to
packetlen The full packet length (default is the length of an IP
header plus 40). Can be ignored or increased to a minimal
allowed value
阅读(4481) | 评论(0) | 转发(0) |
