Monday, 4 April 2016

Tracroute: Know Where Your Packet Goes



Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. Traceroute is UNIX command, the Windows equivalent is Tracert.


Traceroute works by sending packets with gradually increasing TTL value, starting with TTL value of one. The first router receives the packet, decrements the TTL value and drops the packet because it then has TTL value zero. The router then sends an ICMP Time Exceeded message back to the source. The next set of packets are given a TTL value of two, so the first router forwards the packets, but the second router drops them and replies with ICMP Time Exceeded. Therefore, it can monitor where the packets stop each iteration, since the packet will be dropped after it goes to new node.


To run the traceroute, just type traceroute domain/ip_destination. In this example, I traceroute to www.mit.edu. The server should be located in Massachusetts, USA, and we will see where the packet goes.



 
  • The first packet went to gateway 192.168.0.1 which is my router address. On each iterations, there are three timers in ms. This means traceroute sent the packets three times to the destination. The common reason is to make sure that the timer is not a fluke and we could take the average for better accuracy.
  • 2nd hop is login router. This ip address is actually my DNS server that is integrated with my router. The time to get there is increasing from the time to get to the router, but still fast, with the average of 4.5 ms 
  • 3rd hop is IP address 36.70.112.1. From this network, we could assume that it already outside from my network. To detect the owner of this IP we could use whois. Whois able to detect this as an address of one of the offices of my ISP.
 
  • The 4th packet has a domain name as the destination which is speedy.telkom.net.id. It is also the name of my ISP. Further details of the location with whois is shown below.  
 
  • 5th hop is only IP address number, so I checked with whois. It appears to be another ISP office addres, but this time located in West Sumatera. From the 3rd – 5th hop, the time are not realy have big differences, since all of these hops are still in my country region.
 
  • 6th hop has quite increment in the speed. It has  stated there that it is the address of akamai Tech. Akamai is a content delivery network in Cambridge, Massachusetts. Since MIT is in the same teritory, we could assume that Akamai is the gateway to MIT.
     
  • The last hop is the destination which is www.mit.edu. Note that the time to get there is not ha significant difference with the 6th hop since they are in the same region in USA.


That’s it my experience using traceroute. Now we know where exactly our packet goes before it reaches its destination.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)