Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   traceroute    ( 8 )

распечатать трассировку пакетов маршрута к сетевому узлу (print the route packets trace to network host)

  Name  |  Synopsis  |  Description  |  Options  |    List of available methods    |  Note  |  See also  |

LIST OF AVAILABLE METHODS

In general, a particular traceroute method may have to be chosen
       by -M name, but most of the methods have their simple cmdline
       switches (you can see them after the method name, if present).

default The traditional, ancient method of tracerouting. Used by default.

Probe packets are udp datagrams with so-called "unlikely" destination ports. The "unlikely" port of the first probe is 33434, then for each next probe it is incremented by one. Since the ports are expected to be unused, the destination host normally returns "icmp unreach port" as a final response. (Nobody knows what happens when some application listens for such ports, though).

This method is allowed for unprivileged users.

icmp -I Most usual method for now, which uses icmp echo packets for probes. If you can ping(8) the destination host, icmp tracerouting is applicable as well.

This method may be allowed for unprivileged users since the kernel 3.0 (IPv4, for IPv6 since 3.11), which supports new dgram icmp (or "ping") sockets. To allow such sockets, sysadmin should provide net/ipv4/ping_group_range sysctl range to match any group of the user. Options:

raw Use only raw sockets (the traditional way). This way is tried first by default (for compatibility reasons), then new dgram icmp sockets as fallback.

dgram Use only dgram icmp sockets.

tcp -T Well-known modern method, intended to bypass firewalls. Uses the constant destination port (default is 80, http).

If some filters are present in the network path, then most probably any "unlikely" udp ports (as for default method) or even icmp echoes (as for icmp) are filtered, and whole tracerouting will just stop at such a firewall. To bypass a network filter, we have to use only allowed protocol/port combinations. If we trace for some, say, mailserver, then more likely -T -p 25 can reach it, even when -I can not.

This method uses well-known "half-open technique", which prevents applications on the destination host from seeing our probes at all. Normally, a tcp syn is sent. For non-listened ports we receive tcp reset, and all is done. For active listening ports we receive tcp syn+ack, but answer by tcp reset (instead of expected tcp ack), this way the remote tcp session is dropped even without the application ever taking notice.

There is a couple of options for tcp method:

syn,ack,fin,rst,psh,urg,ece,cwr Sets specified tcp flags for probe packet, in any combination.

flags=num Sets the flags field in the tcp header exactly to num.

ecn Send syn packet with tcp flags ECE and CWR (for Explicit Congestion Notification, rfc3168).

sack,timestamps,window_scaling Use the corresponding tcp header option in the outgoing probe packet.

sysctl Use current sysctl (/proc/sys/net/*) setting for the tcp header options above and ecn. Always set by default, if nothing else specified.

mss=num Use value of num for maxseg tcp header option (when syn).

info Print tcp flags of final tcp replies when the target host is reached. Allows to determine whether an application listens the port and other useful things.

Default options is syn,sysctl.

tcpconn An initial implementation of tcp method, simple using connect(2) call, which does full tcp session opening. Not recommended for normal use, because a destination application is always affected (and can be confused).

udp -U Use udp datagram with constant destination port (default 53, dns). Intended to bypass firewall as well.

Note, that unlike in tcp method, the correspond application on the destination host always receive our probes (with random data), and most can easily be confused by them. Most cases it will not respond to our packets though, so we will never see the final hop in the trace. (Fortunately, it seems that at least dns servers replies with something angry).

This method is allowed for unprivileged users.

udplite -UL Use udplite datagram for probes (with constant destination port, default 53).

This method is allowed for unprivileged users. Options:

coverage=num Set udplite send coverage to num.

dccp -D Use DCCP Request packets for probes (rfc4340).

This method uses the same "half-open technique" as used for TCP. The default destination port is 33434.

Options:

service=num Set DCCP service code to num (default is 1885957735).

raw -P proto Send raw packet of protocol proto. No protocol-specific headers are used, just IP header only. Implies -N 1 -w 5 . Options:

protocol=proto Use IP protocol proto (default 253).