The tracert Command
The tracert command is interesting in that it shows how many hops are necessary to connect from some-device to some-other-device.
Like ping, tracert uses ICMP packets to provide you with information about the connection to your target. Specifically, tracert reports the route that your packets take in getting to the target you're trying to reach.
The basic tracert command syntax is 'tracert host '.
For example, tracert www.cisco.com should produce output similar to..
C:\>tracert www.microsoft.com
Tracing route to www.microsoft.com.nsatc.net [207.46.245.92]
over a maximum of 30 hops:
1 * * * Request timed out.
2 18 ms 15 ms 17 ms f2s3-hg1.ilford.broadband.bt.net [217.41.128.200
3 18 ms 17 ms 15 ms 217.41.128.161
4 18 ms 17 ms 19 ms 217.41.128.238
5 19 ms 21 ms 19 ms i-194-106-33-73.freedom2surf.net [194.106.33.73]
6 19 ms 21 ms 19 ms i-194-106-32-16.freedom2surf.net [[194.106.32.16]
7 20 ms 21 ms 19 ms 213.232.64.50
8 20 ms 19 ms 19 ms sl-bb21-lon-8-0.sprintlink.net [213.206.128.45]
9 88 ms 89 ms 89 ms sl-bb21-tuk-10-0.sprintlink.net [144.232.19.69]
10 88 ms 87 ms 89 ms sl-bb20-tuk-15-0.sprintlink.net [144.232.20.132]
11 94 ms 93 ms 93 ms sl-bb21-rly-15-1.sprintlink.net [144.232.20.120]
12 100 ms 101 ms 103ms sl-bb22-rly-13-0.sprintlink.net [144.232.7.254]
13 164 ms 163 ms 161 ms sl-bb22-sj-10-0.sprintlink.net [144.232.20.186]
14 163 ms 161 ms 163 ms sl-bb20-sj-15-0.sprintlink.net [144.232.3.166]
15 163 ms 163 ms 161 ms sl-gw11-sj-9-0.sprintlink.net [144.232.3.138]
16 164 ms 163 ms 163 ms sl-ciscopsn2-11-0-0.sprintlink.net [144.228.44.1]
17 156 ms 155 ms 155 ms sjce-dmzbb-gw1.cisco.com [128.107.239.89
18 156 ms 155 ms 155 ms sjck-dmzdc-gw2.cisco.com [128.107.224.73]
19 * * * Request timed out.
Trace complete. |
The tracert command lists various devices, such as routers or gateways you have to pass through to get to the target and shows you three ping times to each of those devices. The distance between one device and the next is called a "hop."
The trace to www.cisco.com is interesting. The first hop times out. I.e.
1 * * * Request timed out.
This means the device at that hop did not respond to an ICMP packet. This is likely due to a firewall ignoring the packet. You might wonder how tracert knows there is a device at hop 1 if the device does not respond. Well, it uses the TTL value.
All ICMP packets include a TTL value. The default value for Windows is 128. Every time a device forwards a packet, it decreases the TTL value by 1. Eventually, if the route is long enough, the TTL value may reach the value of 1 and the device that receives the packet with the TTL value of 1 sends back a
'TTL expired in transit'.
Tracert exploits this 'TTL expired in transit' behaviour by sending the first packet with a TTL value of 1 (instead of 128), hoping for an expired message from the first device. Then it sends the next packet with a TTL value of 2, hoping the second device will send an expired message, then it sends the next packet with the TTL value increased to 3 and so on, until the destination is reached.
Since the first device did not respond to the first ICMP packet but the second device sent an expired message, then tracert deduces there is a silent device at hop 1.
The trace above showed 19 hops between my computer and cisco's web site. The trace did not make it all the way, again probably due to a firewall.
There are plenty of utilities on the Internet, some free, some not, that do the same job as ping and tracert. Here is an example of software that traces a route and represents it visually.
|