Overview

We will examine how "traceroute" works. This lab can be done on a lab machine or your own machine. You do not need to print the trace. Just answer the questions on this handout and turn it in.

Note that the returned ICMP messages often contain the IP and UDP headers from the original request. This helps in matching them up.

Lab Instructions and questions

1. Stop the browser to be sure we do not have stray traffic.

2. Start Wireshark

3. Do a traceroute to a DNS server at an ISP (4.2.2.2). Use these options: Windows: tracert -d 4.2.2.2 LINUX: traceroute -n -q1 4.2.2.2 Note: the "-d" or "-n" parameter tells traceroute to not do a reverse DNS lookup on all the IP addresses. Otherwise, our trace will be littered with DNS requests.
   Note: The q1 parameter (LINUX only) tells traceroute to send just one UDP packet to each hop rather than the default of 3. This makes the trace easier to work with. With Windows, you will see 3 packets to each router along the path.

4. Stop Wireshark

5. Examine all of the UDP packets from your host to 4.2.2.2.

   • 1. What is the pattern of the TTL fields in the IP headers? _________________

   • 2. What is the pattern in the UDP destination port numbers? ________________________

   • 3. What is the pattern in the IP header IDentification field? _________________________

6. Answer these general questions:

   • 4. What is the ICMP type/code for the "Time-to-live exceeded" message? ______ ______

   • 5. What is the ICMP type/code for the "Destination unreachable" message? _____ ______

   • 6. What is the meaning of the particlar code we see for the "Destination unreachable messages?"

7. Questions about returned ICMP datagrams.

   • 7. Compare the IP addresses of hosts sending ICMP "Time-to-live exceeded" messages with the IP addresses in the traceroute console output. Which hosts send this ICMP message? ___________________________

   • 8. Which host(s) sends the ICMP "Destination unreachable" message? _________

8. Questions about the entire flow.

   • 9. Why are there more than one ICMP "Time-to-live exceeded" messages?

     __________________________________________________________

     __________________________________________________________

   • 10. Why are there more than one ICMP "Destination unreachable" messages?

     __________________________________________________________

     __________________________________________________________