General, Dedicated servers, Network, Root server

Network diagnostics - Part 1

Trace routes:

In order to solve problems such as poor accessibility or possibly non-accessibility, it can often help to look at the path taken by the packets. The tool for such analyzes is traceroute (tracerd in Windows).

traceroute determines the route and shows it with DNS resolution and response times. Other implementations such as MTR still show data such as packet loss per hop.

Sample output (s) from traceroute:

1.) ( 0.406 ms po3.core2- ( 0.399 ms 0.391 ms

2.) ( 3.553 ms 3.546 ms *

3.) ( 3.644 ms ( 3.571 ms ( 3.625 ms

4.) ( 5.254 ms 4.722 ms ( 3.589 ms

5.) ( 3.647 ms ( 3.674 ms ( 3.602 ms

6.) ( 3.528 ms 3.569 ms ( 3.607 ms

To find out the individual waypoints ("hops"), traceroute uses the Time-To-Live (TTL) field of the IP header. The TTL is normally used to prevent an IP packet with an incorrect configuration, for example, from being forwarded indefinitely. Each hop the packet comes over decreases the TTL. If this has reached 0, the packet is discarded and an ICMP response is sent back. Traceroute uses exactly this behavior. First, packets with a TTL of 1 are sent. The first router to receive the packet reduces the TTL and discards it, since the TTL now has the value 0. The router then sends a ICMP TIME_EXCEEDED back and traceroute learned the first hop of our way. The next packets are sent with a TTL of 2. The first router reduces the TTL again, but this time sends the packets on and the next router discards them. By repeating this process and continuously increasing the TTL, the complete path is recognized. At some point the TTL is so high that the goal is achieved. The target responds with one ICMP PORT_UNREACHABLE. The reason for this is that traceroute sends all packets with (usually) invalid port numbers. To achieve this, traceroute starts with a very high port number and increases the value for each subsequent packet. Getting from ICMP PORT_UNREACHABLE for traceroute the signal is that the end of the route has been reached.

There are a few things to consider when interpreting the values:

A complete analysis always includes both directions. The traceroutes don't always look the same. It is possible that the packets are routed differently in one direction than in the other. In addition, it is possible that different IP addresses answer on the return route than on the outward route, because the router interface is always recognized as a hop, which sends the ICMP back, depending on the function.

There may be an increased packet loss with individual routers. This is mostly because ICMP traffic has a very low priority and therefore other traffic is given priority. It does not mean that there is also traffic loss for normal traffic.

Problems can present themselves as a packet loss over several hops. In addition, very different outward and return routes can lead to problems.


Your team from

previous Post Next Post

You Might Also Like

No Comments

Leave a Reply

This website uses Akismet to reduce spam. Learn more about how your comment data is processed.