traceroute 的工作原理是什么

它发送一份TTL字段为1的IP数据包给目的主机，处理这份数据包的第一个路由器将TTL值减1，丢弃该数据包，并发送一份超时ICMP报文。 这样就得到了该路径中的第一个路由器的地址。 然后traceroute 在发送一份TTL=2的数据包，这样我们就能得到第二个路由器的地址， 继续这个过程直至该数据包到达目的地主机。 

我们看到，初始的TTL最大值为30， 是60byte 的packets. 

你如果星号*是因为过了5秒没有反应，就设为*

TTL:time to live Limit on number  of routers through which a datagram can pass. 

Traceroute 

1. TTL 

2. ICMP message time exceeded 

3. port unreachable Tracerooute 

1. traceroute send IP datagram with TTL of 1. the first route to handle datagram decrement TTL and discard the data and send back ICMP time exceeded. 

2. traceroute send IP datagram with TTL of 2. the second route to handle datagram decrement TTL and discard the data and send back ICMP time exceeded. 

3. ...

     4. After Traceroute reach the destination. 

Traceroute sends UDP dataprograms to the destination host, but it shoose the dst UDP port number to be unlikely value ( large than 30000), makeing it impossbile that an application using this port. 

this cause the host's UDP module to generate an ICMP "port unreachable" error. 

note:

There is no guarantee that the route today will be in use tomorrow, or even that two consecutive IP datagrams follow the same route. 

There is no guarantee that send path and return path are the same. 

traceroute does reverse name lookup to check the name of the routers. 

[root@localhost etc]# traceroute www.google.com

traceroute to www.google.com (216.58.196.196), 30 hops max, 60 byte packets

 1  10.35.16.1 (10.35.16.1)  1.733 ms  1.653 ms  1.790 ms

 2  10.35.23.25 (10.35.23.25)  0.395 ms  0.362 ms  0.509 ms

 3  10.35.23.6 (10.35.23.6)  66.342 ms  66.196 ms  66.250 ms

 4  10.4.242.29 (10.4.242.29)  66.381 ms  66.243 ms  66.095 ms

 5  10.0.66.98 (10.0.66.98)  67.480 ms  67.293 ms  67.307 ms

 6  192.168.12.5 (192.168.12.5)  67.588 ms  68.656 ms  68.604 ms

 7  192.55.14.30 (192.55.14.30)  68.554 ms  68.506 ms  68.569 ms

 8  192.55.14.34 (192.55.14.34)  69.613 ms  69.053 ms  68.715 ms

 9  203.117.132.49 (203.117.132.49)  70.058 ms  78.132 ms  86.226 ms

10  203.118.15.241 (203.118.15.241)  70.210 ms  87.421 ms 203.118.15.237 (203.118.15.237)  70.424 ms

11  203.118.16.2 (203.118.16.2)  70.013 ms  77.701 ms 203.118.15.254 (203.118.15.254)  70.224 ms

12  74.125.51.73 (74.125.51.73)  69.940 ms  69.799 ms  69.871 ms

13  108.170.240.163 (108.170.240.163)  70.629 ms 108.170.240.36 (108.170.240.36)  71.440 ms 108.170.240.98 (108.170.240.98)  75.486 ms

14  216.239.40.129 (216.239.40.129)  71.299 ms 216.239.42.47 (216.239.42.47)  71.691 ms  71.494 ms

15  64.233.175.108 (64.233.175.108)  76.205 ms 72.14.234.40 (72.14.234.40)  76.539 ms 64.233.175.108 (64.233.175.108)  75.869 ms

16  209.85.250.173 (209.85.250.173)  76.159 ms  76.020 ms  75.854 ms

17  kul06s14-in-f4.1e100.net (216.58.196.196)  76.028 ms  75.816 ms  75.876 ms

后面是重一个网页上摘录下来的， 写的灰常好。 

Traceroute is a program that shows your route taken by packets through a network. Yes. It traces the route of packets from source to destination. 

It sends a UDP packet to the destination taking advantage of ICMP's messages. So let's take a brief look at what ICMP and it's messages are. 

ICMP(Internet Control Message Protocol) is a companion to the IP protocol. It compsensates the IP protocol in error reporting since IP protocol doesn't have an error reporting method in place. 

ICMP only reports errors and expects higher layers of the OSI architecture model to handle and correct the errors. 

ICMP has two types of message - error reporting message and query messages. 

Query messages are generally used to diagnose network problems ( the ping tool uses ICMP's query messages). The error-reporting messages as the name suggests report errors if any in the IP packet.There are five types of error-reporting messages:

Destination unreachable 

Time exceeded 

source Quench 

Parameter Problem 

Redirection 

Traceroute uses the first two error-reporting messages - Destination unreachable and time exceeded

Now let's dive into the juice parts. starting with the image of the process' overview. 

- Traceroute creates a UDP packet from the source to destination with the TTL(Time-to-live =1)

The UDP packet reaches the first router wherethe router decrements the value of TTL by 1, thus making our DUP packets TTL=0, and hence teh packet gets dropped, it sends an ICMP message ( time exceeded) back to the source

- Traceroute makes a note of the router's address and the time taken for the round-trip. 

It sends two more packets (usually 3 packets) in the same way to get an average value of the round-trip time. Usually, the first round-trip takes longer than the other two duo to the delay in ARP finding the physical. the address stays in the ARP cache during the second and the third time and hence the process speeds up. 

- The steps that have occurred uptil now, occur again and again until the destination has been reached. the only change that happends is that the TTL is incremented by 1 when the UDP packet is to be sent to next router/host. 

- Once the destination is reached, Time exceeded ICMP message is not sent back this time becaused the destination has already been reached. 

But, the UDP packet used by tracerouet specifies the destination port number to be one that is not usually used for UDP. Hence. when the destination computer verifies the headers ot the UPD packet, the packet gets dropped duo to improper port being used and an ICMP message(this time- Destination Unreachable ) is sent back to the source. 

- When Traceroute encounters this message, it understands that the destinatio has been reached. Even the destinatnion is reached 3 times to get the average of the round-trip time. 

See by orign articles. 

https://2buntu.com/articles/1203/traceroute-how-does-it-work/

转载于:https://blog.51cto.com/bobo5620301/1831297