As we previously discussed, the Internet Control Message Protocol (ICMP), which is documented in RFC 792, is a required protocol that is tightly integrated with IP. ICMP messages, delivered in IP packets, are used for out-of-band messages related to network operation.
ICMP is sometimes called an umbrella protocol, because it contains many sub-protocols, and provides a wide variety of information about a network’s health and operational status. Unique ICMP messages are sent in several situations such as when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to store and then forward a datagram, and when the gateway can redirect the host to send traffic through a more optimal route. Some of ICMPs functions are to:
- Announce network errors
- Announce network congestion
- Assist troubleshooting
- Announce timeouts
To assist in network troubleshooting, the Cisco IOS traceroute command, like the Cisco IOS ping command, tests the route between a router and another host or router. However, unlike the ping command, the traceroute command also identifies the IP addresses of the routers in the route.
The traceroute command is a very handy tool that can display the route that packets take from one host to another and can be useful in helping to dynamically debug network problems.
Where ping can be used to verify connectivity between devices, the traceroute command can also be used to discover the paths that packets take to a remote destination, as well as where routing breaks down. The purpose behind the traceroute command is to record the path the packet took to reach the destination.
To implement this functionality, pay attention to the Time-To-Live, or (TTL) field in the Layer 3 Internet header. This limit can specify how many hops (routers) an IP packet can go through before it is no longer forwarded. The TTL field is set by default depending on the Operating System being used, or it can be manually assigned.
When the TTL field reaches zero, a packet is no longer forwarded, and that router discards the packet. However, that router also sends out a message to the source host saying, “The TTL of the packet you originated has expired and I have discarded it.”
The traceroute command manipulates these values so that the first round of packets it sends out to the designated host are set to only go through one hop before being discarded.
The device that executes the traceroute command sends out a sequence of User Datagram Protocol (UDP) datagrams, each with incrementing TTL values, to an invalid port address (Default 33434) at the remote host. The sequence follows this order:
- First, three datagrams are sent, each with a TTL field value set to 1. The TTL value of 1 causes the datagram to timeout as soon as it hits the first router in the path. This router then responds with an ICMP “time exceeded” message which indicates that the datagram has expired.
- Next, three more UDP messages are sent, each with the TTL value set to 2. This causes the second router in the path to the destination to return ICMP “time exceeded” messages.
- This process continues until the packets reach their destination and until the system that originates the traceroute command receives ICMP “time exceeded” messages from every router in the path to the destination.
- Since these datagrams try to access an invalid port (Default 33434) at the destination host, the host responds with ICMP “port unreachable” messages that indicate an unreachable port. This event signals the traceroute process to finish.
The extended traceroute and extended ping commands are variations of the basic command. You can use the extended ping command to determine the type of connectivity problem, and then use the extended traceroute command to narrow down where the problem occurs.
An extended traceroute command can be used to see what path packets take in order to get to a destination, and to check routing at the same time. This is helpful for troubleshooting routing loops or determining where packets are getting lost. It also shows if a route is missing or if packets are being blocked by an Access Control List (ACL) or firewall.
As a final note, there are numerous third-party packages that provide Traceroute-type functionality. Some of these applications are extremely sophisticated and provide additional packet-forwarding information that is necessary for very in-depth tracing information.
Author: David Stahl