Interesting links (mostly IT-related) I post and comment on
Wednesday, July 7, 2010
Tracert - two ways to do it
A discussion came up at work about how traceroute works on different platforms. I knew some use UDP and some just use ICMP but I didn't know why they were so different. Here is a description of why and how each works. Rather interesting.
I was wondering what the difference between Wireshark and Traceroute was. I'm guessing that the difference is that Wireshark is a general purpose, higher-level application, but Traceroute is a command line tool for focused trouble-shooting? Is that the message from this post from inetdaemon?
Wireshark is a packet capture and network analysis application. It has origins in Ethereal. It is definitely one of the first things I load on a new machine. If you want to learn more about it check out Laura Chappell's site. She has a good intro to the application at http://www.chappellseminars.com/s-wireshark101.html
Traceroute was designed to essentially show the general route traffic takes from one host to another. It is used less and less as a troubleshooting tool since icmp is usually blocked anymore (as is a lot of UDP).
http://tracert.com is a site I used to use back in the Clearwire days to test but that was years and years ago. Many of the servers don't work anymore but the SLAC site (www.slac.stanford.edu) does.
I did a traceroute on the site from SLAC to tracert.com and it looks like this:
Executing exec(traceroute, -m 30 -q 3 -f 3, 207.158.52.56, 140) traceroute to 207.158.52.56 (207.158.52.56), 30 hops max, 140 byte packets 3 rtr-border1-p2p-core1.slac.stanford.edu (134.79.252.133) 0.644 ms 0.425 ms 0.399 ms 4 slac-mr2-p2p-rtr-border1.slac.stanford.edu (192.68.191.245) 0.374 ms 0.264 ms 0.258 ms 5 sunnsdn2-ip-slacmr2.es.net (134.55.217.2) 0.805 ms 0.696 ms 0.679 ms 6 sunncr1-sunnsdn2.es.net (134.55.209.98) 0.807 ms 0.842 ms 0.808 ms 7 eqxsjrt1-te-sunncr1.es.net (134.55.38.146) 1.232 ms 1.253 ms 1.244 ms 8 te1-3-0d313.cir1.sanjose2-ca.us.xo.net (206.111.6.89) 1.513 ms 36.829 ms 1.538 ms 9 vb2001.rar3.la-ca.us.xo.net (207.88.13.110) 11.361 ms 10.920 ms 10.676 ms 10 ae0d0.mcr1.sandiego-ca.us.xo.net (216.156.0.122) 13.344 ms 13.223 ms 13.349 ms 11 ae1d0.mcr2.sandiego-ca.us.xo.net (216.156.1.62) 13.336 ms 13.218 ms 13.220 ms 12 216.55.27.6 (216.55.27.6) 13.615 ms 13.766 ms 13.625 ms 13 s6.hostlocal.com (207.158.52.56) 13.342 ms 12.938 ms 13.350 ms
Not too abnormal. Hop count, hostname and/or IP address, latency. I wish my latency at home were this good. ;)
SLAC the linear accelerator, I haven't thought of that place in about twenty years! I went to school near there and I remember that my friend worked there until she got a job at CERN and moved to Geneva.
Thank you for complete explanation for Wireshark vs tracert. I am working on an SQL take-home test as part of a job interview at the moment, and it is tough going....
Wow, thanks for sharing. That was fascinating.
ReplyDeleteI was wondering what the difference between Wireshark and Traceroute was. I'm guessing that the difference is that Wireshark is a general purpose, higher-level application, but Traceroute is a command line tool for focused trouble-shooting? Is that the message from this post from inetdaemon?
ReplyDeleteAnd thanks for the link to intedaemon's site too!
Wireshark is a packet capture and network analysis application. It has origins in Ethereal. It is definitely one of the first things I load on a new machine. If you want to learn more about it check out Laura Chappell's site. She has a good intro to the application at http://www.chappellseminars.com/s-wireshark101.html
ReplyDeleteTraceroute was designed to essentially show the general route traffic takes from one host to another. It is used less and less as a troubleshooting tool since icmp is usually blocked anymore (as is a lot of UDP).
http://tracert.com is a site I used to use back in the Clearwire days to test but that was years and years ago. Many of the servers don't work anymore but the SLAC site (www.slac.stanford.edu) does.
I did a traceroute on the site from SLAC to tracert.com and it looks like this:
Executing exec(traceroute, -m 30 -q 3 -f 3, 207.158.52.56, 140)
traceroute to 207.158.52.56 (207.158.52.56), 30 hops max, 140 byte packets
3 rtr-border1-p2p-core1.slac.stanford.edu (134.79.252.133) 0.644 ms 0.425 ms 0.399 ms
4 slac-mr2-p2p-rtr-border1.slac.stanford.edu (192.68.191.245) 0.374 ms 0.264 ms 0.258 ms
5 sunnsdn2-ip-slacmr2.es.net (134.55.217.2) 0.805 ms 0.696 ms 0.679 ms
6 sunncr1-sunnsdn2.es.net (134.55.209.98) 0.807 ms 0.842 ms 0.808 ms
7 eqxsjrt1-te-sunncr1.es.net (134.55.38.146) 1.232 ms 1.253 ms 1.244 ms
8 te1-3-0d313.cir1.sanjose2-ca.us.xo.net (206.111.6.89) 1.513 ms 36.829 ms 1.538 ms
9 vb2001.rar3.la-ca.us.xo.net (207.88.13.110) 11.361 ms 10.920 ms 10.676 ms
10 ae0d0.mcr1.sandiego-ca.us.xo.net (216.156.0.122) 13.344 ms 13.223 ms 13.349 ms
11 ae1d0.mcr2.sandiego-ca.us.xo.net (216.156.1.62) 13.336 ms 13.218 ms 13.220 ms
12 216.55.27.6 (216.55.27.6) 13.615 ms 13.766 ms 13.625 ms
13 s6.hostlocal.com (207.158.52.56) 13.342 ms 12.938 ms 13.350 ms
Not too abnormal. Hop count, hostname and/or IP address, latency. I wish my latency at home were this good. ;)
SLAC the linear accelerator, I haven't thought of that place in about twenty years! I went to school near there and I remember that my friend worked there until she got a job at CERN and moved to Geneva.
ReplyDeleteThank you for complete explanation for Wireshark vs tracert. I am working on an SQL take-home test as part of a job interview at the moment, and it is tough going....
An online friend of mine teaches a lot of Windows and SQL and has a blog with info. You might check it out: http://blog.netnerds.net/
ReplyDelete