HostedDB - Dedicated UNIX Servers
-->
Internet Security Professional Reference:Understanding TCP/IP
Previous Table of Contents Next


The traceroute Command

The traceroute command is used to trace the route that a packet must take to reach the destination machine. This command works by utilizing the time-to-live (TTL) field in the IP packet to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the remote host. The following code uses the traceroute command: 

# traceroute toradm.widgets.ca
traceroute to toradm.widgets.ca (142.77.253.13), 30 hops max, 40 byte
packets
1  gateway (198.73.138.50)  10 ms  10 ms  10 ms
2  nb.ottawa.uunet.ca (142.77.17.1)  260 ms  300 ms  270 ms
3  gw.ottawa.uunet.ca (142.77.16.3)  240 ms  240 ms  270 ms
4  wf.toronto.uunet.ca (142.77.59.1)  280 ms  260 ms  310 ms
5  alternet-gw.toronto.uunet.ca (142.77.1.202)  250 ms  260 ms  250 ms
6  nb1.toronto.uunet.ca (142.77.1.201)  260 ms  250 ms  260 ms
7  toradm (142.77.253.13)  880 ms  720 ms  490 ms
#

As in the preceding example, the traceroute command attempts to trace the route that an IP packet would follow to some Internet host. The command works by sending probes until the maximum number of probes has been sent, or the remote responds with an ICMP PORT UNREACHABLE message.

In the output of the traceroute command in the preceding example, the times following the hostname are the round trip times for the probe. From this output, you can see that for a packet to travel from the originating host (oreo.widgets.ca), it must travel through seven hosts to reach the destination system, toradm.widgets.ca. The following illustrates another invocation of traceroute:

# traceroute gatekeeper.dec.com
traceroute to gatekeeper.dec.com (16.1.0.2), 30 hops max, 40 byte packets
1  gateway (198.73.138.50)  10 ms  10 ms  10 ms
2  nb.ottawa.uunet.ca (142.77.17.1)  250 ms  240 ms  240 ms
3  gw.ottawa.uunet.ca (142.77.16.3)  270 ms  220 ms  240 ms
4  wf.toronto.uunet.ca (142.77.59.1)  260 ms  270 ms  250 ms
5  alternet-gw.toronto.uunet.ca (142.77.1.202)  250 ms  260 ms  260 ms
6  Falls-Church1.VA.ALTER.NET (137.39.7.1)  470 ms  960 ms  810 ms
7  Falls-Church4.VA.ALTER.NET (137.39.8.1)  760 ms  750 ms  830 ms
8  Boone1.VA.ALTER.NET (137.39.43.66)  910 ms  810 ms  760 ms
9  San-Jose3.CA.ALTER.NET (137.39.128.10)  930 ms  870 ms  850 ms
10  * * Palo-Alto1.CA.ALTER.NET (137.39.101.130)  930 ms
11  gatekeeper.dec.com (16.1.0.2)  830 ms  910 ms  830 ms
#

In this case, hop 10 did not report right away, but rather printed two asterisks before printing the gateway name and the round trip time. When traceroute does not receive a response within three seconds, it prints an asterisk. If no response from the gateway is received, then three asterisks are printed.

Note:  Because of the apparent network load that traceroute can create, it should only be used for manual fault isolation or troubleshooting. This command should not be executed from cron or from within any automated test scripts.

The arp Command

The arp command displays and modifies the Internet-to-Ethernet address translation table, which normally is maintained by the address resolution protocol (ARP). When a hostname is the only argument, arp displays the current ARP entry for that host. If the host is not in the current ARP table, then arp displays a message to that effect. The following illustrates using arp to find the Ethernet address for a specific host. 

$ arp gateway
gateway (198.73.138.50) at 0:0:c0:11:57:4c
$ arp ovide
ovide (198.73.138.101) -- no entry

This illustrates the behavior of arp when no arguments are present. arp behaves a little differently, however, when options are combined. The available options for arp are defined in table 1.11.

Table 1.11
arp Options
Option Description
-a Lists all the entries on the current ARP table.
-d host Deletes the corresponding entry for host from the ARP table.
-s host address Creates an entry in the ARP table for the named [temp] [pub] [trail]host, using an Ethernet address. If the keyword [temp] is included, the entry is temporary. Otherwise, the entry is permanent. The [pub] keyword indicates that the ARP entry will be published. Use of the [trail] keyword implies that trailer encapsulation is to be used.
-f file Instructs arp to read the named file and create ARP table entries for each of the named hosts in the file.

The most commonly used option with arp is -a, which prints the entire ARP table, and is illustrated here: 

$ arp -a
ovide.widgets.ca (198.73.138.101) at 0:0:c0:c6:4f:71
gateway.widgets.ca (198.73.138.50) at 0:0:c0:11:57:4c
chelsea.widgets.ca (198.73.138.6) at 8:0:20:2:94:bf
fremen.widgets.ca (198.73.138.54) at 0:0:3b:80:2:e5$

ARP is most commonly used to help debug and diagnose network connection problems. arp can help in that regard by assigning the Ethernet address for a given host. This is done by using the -s option, as shown here: 

$ arp gateway
gateway (198.73.138.50) at 0:0:c0:11:57:4c
# arp -s ovide 0:0:c0:c6:4f:71
# arp -a
ovide.widgets.ca (198.73.138.101) at 0:0:c0:c6:4f:71 permanent
gateway.widgets.ca (198.73.138.50) at 0:0:c0:11:57:4c
#

This example illustrates adding an entry to the arp table. If you could not communicate with the remote host before the arp table entry was created, then you might have an addressing problem. If you still cannot communicate with the remote host after establishing the arp entry, then the problem is more likely to be hardware.


Previous Table of Contents Next