Friday, June 21, 2013

How Does Traceroute Work

This is actually a pretty cool tool.  This works basically by sending out a "ping -i" command.  Lets say I wanted to know what the third hop was from where my laptop was sitting.  I would do the following:
ping -i 3

You would find the third hop IP address reply back, because you are setting the TTL of 3 when sending that ping out.  That is exactly how traceroute works, except it keeps sending out a 'ping -i' command up until hop #30, which is the default expiration.
Notice this packet captures below:

See above.  I stared my capture at TTL of 3 on my traceroute.
Now look below, you can see the next TTL of 4 that is sent out by the traceroute.

Now, see again below, the next TTL of 5 is set by the program traceroute.

Traceroute is a pretty cool tool.  It takes advantage of incrementing the TTL until it reaches its destination (or reaches its limit), telling you all the way what IP you are hitting to your destination.
If you want to read more on "ping -i", click on this link.

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.