Networking

The Trace Route Utility (tracert/traceroute)

The trace route utility does exactly what its name impliesit traces the route between two hosts. It does this by using Internet Control Message Protocol (ICMP) echo packets to report information back at every step in the journey. Each of the common network operating systems provides a trace route utility, but the name of the command and the output vary slightly on each. Table 2 shows the trace route command syntax used in various operating systems

Table 2 Trace Route Utility Commands

Operating System

Trace Route Command Syntax

Windows Server 2000/2003

tracert <IP address>

Novell NetWare

iptrace

Linux/UNIX

traceroute <IP address>

Macintosh

traceroute <IP address>


Trace route provides a lot of useful information, including the IP address of every router connection it passes through and, in many cases, the name of the router (although this depends on the router's configuration). Trace route also reports the length, in milliseconds, of the round-trip the packet made from the source location to the router and back. This information can help identify where network bottlenecks or breakdowns might be. The following is an example of a successful tracert command on a Windows 2000 system:

C:\>tracert 24.7.70.37
Tracing route to c1-p4.sttlwa1.home.net [24.7.70.37] over a maximum of 30 hops:
  1    30 ms   20 ms   20 ms  24.67.184.1
  2    20 ms   20 ms   30 ms  rd1ht-ge3-0.ok.shawcable.net [24.67.224.7]
  3    50 ms   30 ms   30 ms  rc1wh-atm0-2-1.vc.shawcable.net [204.209.214.193]
  4    50 ms   30 ms   30 ms  rc2wh-pos15-0.vc.shawcable.net [204.209.214.90]
  5    30 ms   40 ms   30 ms  rc2wt-pos2-0.wa.shawcable.net [66.163.76.37]
  6    30 ms   40 ms   30 ms  c1-pos6-3.sttlwa1.home.net [24.7.70.37]
Trace complete.

Similar to the other common operating systems, the tracert display on a Windows-based system includes several columns of information. The first column represents the hop number. You may recall that 'hop' is the term used to describe a step in the path a packet takes as it crosses the network. The next three columns indicate the round-trip time, in milliseconds, that a packet takes in its attempts to reach the destination. The last column is the hostname and the IP address of the responding device.

Of course, not all trace route attempts are successful. The following is the output from a tracert command on a Windows Server 2003 system that doesn't manage to get to the remote host:

C:\>tracert comptia.org
Tracing route to comptia.org [216.119.103.72]
over a maximum of 30 hops:
  1    27 ms    28 ms    14 ms  24.67.179.1
  2    55 ms    13 ms    14 ms  rd1ht-ge3-0.ok.shawcable.net [24.67.224.7]
  3    27 ms    27 ms    28 ms  rc1wh-atm0-2-1.shawcable.net [204.209.214.19]
  4    28 ms    41 ms    27 ms  rc1wt-pos2-0.wa.shawcable.net [66.163.76.65]
  5    28 ms    41 ms    27 ms  rc2wt-pos1-0.wa.shawcable.net [66.163.68.2]
  6    41 ms    55 ms    41 ms  c1-pos6-3.sttlwa1.home.net [24.7.70.37]
  7    54 ms    42 ms    27 ms  home-gw.st6wa.ip.att.net [192.205.32.249]
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.

In this example, the trace route request only gets to the seventh hop, at which point it fails; this failure indicates that the problem lies on the far side of the device in step 7 or on the near side of the device in step 8. In other words, the device at step 7 is functioning but might not be able to make the next hop. The cause of the problem could be a range of things, such as an error in the routing table or a faulty connection. Alternatively, the seventh device might be operating 100%, but device 8 might not be functioning at all. In any case, you can isolate the problem to just one or two devices.

The trace route utility can also help you isolate a heavily congested network. In the following example, the trace route packets fail in the midst of the tracert from a Windows Server 2003 system, but subsequently are able to continue. This behavior can be an indicator of network congestion:

C:\>tracert comptia.org
Tracing route to comptia.org [216.119.103.72]over a maximum of 30 hops:
  1    96 ms    96 ms    55 ms  24.67.179.1
  2    14 ms    13 ms    28 ms  rd1ht-ge3-0.ok.shawcable.net [24.67.224.7]
  3    28 ms    27 ms    41 ms  rc1wh-atm0-2-1.shawcable.net [204.209.214.19]
  4    28 ms    41 ms    27 ms  rc1wt-pos2-0.wa.shawcable.net [66.163.76.65]
  5    41 ms    27 ms    27 ms  rc2wt-pos1-0.wa.shawcable.net [66.163.68.2]
  6    55 ms    41 ms    27 ms  c1-pos6-3.sttlwa1.home.net [24.7.70.37]
  7    54 ms    42 ms    27 ms  home-gw.st6wa.ip.att.net [192.205.32.249]
  8    55 ms    41 ms    28 ms  gbr3-p40.st6wa.ip.att.net [12.123.44.130]
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13    69 ms    68 ms    69 ms  gbr2-p20.sd2ca.ip.att.net [12.122.11.254]
 14    55 ms    68 ms    69 ms  gbr1-p60.sd2ca.ip.att.net [12.122.1.109]
 15    82 ms    69 ms    82 ms  gbr1-p30.phmaz.ip.att.net [12.122.2.142]
 16    68 ms    69 ms    82 ms  gar2-p360.phmaz.ip.att.net [12.123.142.45]
 17   110 ms    96 ms    96 ms  12.125.99.70
 18   124 ms    96 ms    96 ms  light.crystaltech.com [216.119.107.1]
 19    82 ms    96 ms    96 ms  216.119.103.72
Trace complete.

Generally speaking, trace route utilities allow you to identify the location of a problem in the connectivity between two devices. After you have determined this location, you might need to use a utility such as ping to continue troubleshooting. In many cases, as in the examples provided in this chapter, the routers might be on a network such as the Internet and therefore not within your control. In that case, there is little you can do except inform your ISP of the problem.