Saturday, April 4, 2009

Using Tracert

Introduction

Tracert is a Windows based command-line tool that you can use to trace the path that an Internet Protocol (IP) packet takes to its destination from a source. Tracert will determine the path taken to a destination. It does this by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination. When sending traffic to the destination, it will incrementally increase the Time to Live (TTL) field values to aid in finding the path taken to that destination address. The path is outlined from this process.

Using the following illustration, let’s take a look at how tracert would function in a production network.


How to Use Tracert

As you saw in the last illustration, we will be sending traffic from a test workstation from Site B to a server at another site (Site A). The packets will traverse the wide area network (WAN) that separates the two sites over a T1 with a backup link via Integrated Services Digital Network (ISDN). To use the tracert utility, you simply need to know what your destination IP address is and how to use the tracert utility correctly as well as what to look for within the results.

Tracert works by manipulating the Time to Live (TTL). By increasing the TTL and then each router decrementing as it sends it along to the next router, you will have a hop count from your source to your destination. A router hop would be a packet sent from one router to another router – that’s a hop. When the TTL on the packet reaches zero (0), the router sends an ICMP "Time Exceeded" message back to the source computer. You can see an example of our sample network here in the next illustration; with a source and destination IP address… we will be using the workstation on Site B and a server at Site A for our test.

From this illustration you can see that the source IP will be 10.1.2.4 and the destination (for this example) will be 10.1.1.6. The normal route the packets should take would be from Site B to Site A over the higher capacity link, the T1 (1.544 Mbps). The ISDN link is 128 Kbps and is used as a backup if the primary link fails. Tracert once fired up and used will be able to show you that the packets sent will start from Site B, the PC at 10.1.2.4 and then traverse the T1 to 10.1.1.1. That router will know how to send the packets to its local LAN (10.1.1.0) and ultimately to 10.1.1.6.
As the packets are sent, tracert will use the first interface on the router that it sees to report back your router hops, so let’s take a look at our complete path before we send the test packets.

The Tracert Test
Now, to use tracert, you simply need to open a command prompt. To do this, go to
Start => Run => CMD => tracert
(note – you must type tracert, as you can see traceroute only works on UNIX/Linux and other systems such as Cisco, etc)


Using Tracert Options

To use tracert, be aware of a few options you can use with it. The most helpful is the first one. Using the –d option is always helpful when you want to remove DNS resolution. Name servers are helpful, but if not available or if incorrectly set or if you simply just want the IP address of the host, use the –d option.
-d Prevents tracert from attempting to resolve the IP addresses of intermediate routers to their names. This can speed up the display of tracert results.

-h Specifies the maximum number of hops in the path to search for the target (destination). The default is 30 hops.

-j You can use this with a host list (HostList). Specifies that Echo Request messages use the Loose Source Route option in the IP header with the set of intermediate destinations specified in HostList. With loose source routing, successive intermediate destinations can be separated by one or multiple routers. The maximum number of addresses or names in the host list is 9. The HostList is a series of IP addresses (in dotted decimal notation) separated by spaces.

-w Specifies the amount of time in milliseconds to wait for the ICMP Time Exceeded or Echo Reply message corresponding to a given Echo Request message to be received. If not received within the time-out, an asterisk (*) is displayed. The default time-out is 4000 (4 seconds)

-? Displays help at the command prompt.

tracert [-d] [-h MaximumHops] [-j HostList] [-w Timeout] [TargetName]

How to Use Tracert to Troubleshoot

There may be times where the output you get isn’t so clear to you. For example, what if you get an asterisk? As just mentioned in the last section, an asterisk can be a false positive, because the ICMP packet may be traveling through, but something is stopping the report from coming back, most likely a firewall rule or access control list.

You can use tracert to find out where a packet stopped on the network. In the following example, the default gateway has found that there is no valid path for any host. This would mean that both links are down – the T1 and the ISDN and there is no destination available.

C:\>tracert 10.1.1.6Tracing route to 22.110.0.1 over a maximum of 30 hops ----------------------------------------------------- 1 10.1.2.1 reports: Destination net unreachable.
Trace complete.

From this example, you can see that when you sent the tracert test to 10.1.1.6, the LAN default gateway reported that it could not find a path – to see this in graphical format may help you to understand it better.


As just mentioned, since there is no path, the closest router to the source informs the source that there is no path.

Important Notes

Here are some important notes that I have compiled to help you learn more about tracert.
Tracert also doesn’t help you to find ‘latency’. To trace a path and provide network latency and packet loss for each router and link in the path, use the pathping command. Visit my author section on this site to learn about pathping.

Tracert is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network Connections. This is a TCP/IP utility that uses ICMP, a protocol within the TCP/IP protocol suite.

On modern Linux distros the traceroute (not tracert although some Linux systems allow you to use tracert too!) utility uses UDP datagram’s with a port number of 33434. Windows uses ICMP echo request (type 8) better known as ping packets.

Read RFC 792 for more information about ICMP and its internals.


Summary

In this article we covered the basics of tracert. Tracert (also known as traceroute) is a Windows based tool that allows you to help test your network infrastructure. In this article we looked at and covered how to use tracert while trying to troubleshoot real world problems such as multiple paths or downed links. This will help to reinforce the tool's usefulness and show you ways in which to use it when working on your own networks. This TCP/IP utility allows you to determine the route packets take through a network to reach a particular host that you specify. Tracert works by increasing the "time to live" (TTL) value of each successive packet sent. When a packet passes through a host, the host decrements the TTL value by one and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded. Tracert, if used properly, can help you find points in your network that are either routed incorrectly or are not existent at all. Tracert (and traceroute) is a tool that you must master if you plan on working on networks – this (with ping and pathping) can be used to help you map and troubleshoot your network with ease. Stay tuned for more!



No comments:

Post a Comment