Wednesday, September 26, 2018

Traceroute Basics

https://linuxconfig.org/traceroute-basics

Objective

Install and use of traceroute in Linux.

Distributions

This guide supports Ubuntu, Debian, Fedora, OpenSUSE, and Arch Linux.

Requirements

A working Linux install with a network connection.

Difficulty

Easy

Conventions

  • # - requires given linux command to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - given linux command to be executed as a regular non-privileged user

Introduction

Traceroute finds the path network packets take between your computer and a destination. That destination could be a website, server, or another machine on your network. If you can send network packets to it, you can test the path with traceroute. It's a helpful tool for understanding how data flows through a network.

What Does Traceroute Do?

Traceroute sends packets out to a target computer and records all of the steps those packets take on their way. It prints out the IP addresses and domain names of the servers those packets pass through on their way into your terminal window.

You'll be able to see how long it takes for your packets to reach their destination, and you'll be able to see why some websites take longer to load than others, based on the amount of hops traffic takes on the way.

Traceroute can be used to map local networks in a way too. If you're conducting a security audit, you may be able to use traceroute from within a target network to gain an understanding of how the network is configured and what devices are on it.


How Does It Work?

Traceroute works by exploiting the "time to live" property that networking packets have. All packets have a set number of bounces that they can make between computers before they are automatically dropped. This feature prevents lost packets from being endlessly passed around a network, slowing down legitimate traffic.

As a packet moves from network device to another, the device checks the time to live of that packet. If the number of bounces it has left is above one, it'll decrease the number by one and pass it along to the next device. If that number is one, it'll drop the packet because decreasing the time to live by one will bring it to zero, killing the packet. If a device drops a packet, it'll send word back to the sender telling it that it dropped the packet because the time to live expired.

Traceroute uses those expiration messages to test the route between your computer and a destination. It'll start off sending out a packet with a time to live of one. The first device will drop it, sending back a message with its own IP address. Then, traceroute will send another packet with a time to live of two. The second device will send back the expiration message. Traceroute will continue the process until it reaches your target.

Installing Traceroute

Traceroute is a basic Linux system utility. It's available in nearly all distribution repositories. Use your package manager to install it on your system.

Ubuntu/Debian

$ sudo apt install traceroute

Fedora

# dnf install traceroute

OpenSUSE

# zypper in traceroute

Arch Linux

# pacman -S traceroute


Basic Usage

Traceroute is simple. Run the traceroute command followed by a destination. That destination can be an IP address or a domain name.
$ traceroute linuxconfig.org
Traceroute To LinuxConfig
Traceroute to LinuxConfig
You'll see traceroute working in real time in your terminal window. It's always interesting to see how many hops a packet actually makes. Sometimes, you only need a handful before reaching your destination. Other times, it seems like a packet travels across half the Internet to get there.

Traceroute Blocked
Traceroute Blocked
Sometimes, you'll see that traceroute stops outputting any actual information in your terminal and starts showing asterisk characters, like in the image above. Some networks are configured to block traceroute. If your packets move through such a network at any point on their journey, traceroute will not work.

Try it out with an IP address too. You'll notice it's the same exact process.

Feel free to try this on your own network too. You'll be able to see if there are any slow areas or bottlenecks that need to be improved.

Useful Flags

You really don't need any flags to use traceroute, but there are a few that can help, depending on your situation. First, you can easily switch between IP4 and IP6 with the -4 and -6 flags.
$ traceroute -4 linuxconfig.org
By default, traceroute uses icmp(ping) packets. If you'd rather test a TCP connection to gather data more relevant to web server, you can use the -T flag.
$ traceroute -T linuxconfig.org
If you'd like to test a specific port, the -p flag can help with that.
$ traceroute -p 53 192.168.1.1
You can also manually control when traceroute starts and ends. You can do this by using the -f flag to set the first time to live and the -m for the max time to live. The example below will begin on the third hop and end on the tenth.
$ traceroute -f 3 -m 10 linuxconfig.org

Closing Thoughts

Traceroute is an wonderful multi-purpose tool for studying and understanding network traffic. It can help you form a solid picture of path that packets take both on your local network and the Internet as a whole.

No comments:

Post a Comment