Volume 1 seventh, eight chapters
Chapter 7 is the basic principle of the PING program, and Chapter 8 is the principle of traceroute (Win2000 is tracert). It mainly introduces some principles, and explains the content of the actual TCPDUMP.
The PING program uses ICMP reply request to detect whether the remote host is up to. (You cannot continue to judge whether the port is up. To view the port, you should use the scanner.) The network library in Win2000 has provided network function libraries (ICMP.dll) can be implemented with ICMP to detect remote hosts. This is the easiest way to read the results of the PING, or embed the Ping source code, or embedding the source code (no way, people lazy). Ping actually has a R option, used to record the route through, I have never known. (ping)
Www.google.com -r 7) Record 7 routers. According to the analysis, you can record up to 8 to 9 items according to the environmental restrictions.
In addition to echo request, ICMP can also be used to implement time request. In the ICMP packet, you can include a transmission time, and the destination host is received after receiving itself. This can make a time check and can determine the communication speed between the source and the purpose. Since the specific content is more annoying, there are too many types, and you can't remember the meaning of each type.
Generally, it is only the easiest function of using it when using ping: Checking the host could not be connected. In fact, the other options it provides, you can implement a number of details, such as packet length, TTL, routing, wide / striker, and the like.
TRACETROUTE, that is, TRACE ROUTE, tracking route. This program is the earliest of Van Jacobson. The source code can be found online, but I haven't found it yet. The main principle is the processing of the packet TTL (Time to Live, Survival time) during IP routing. When the router receives an IP packet, the TTL of the IP packet is modified (and the resulting head inspection and CHECKSUM changes). For each package, check this TTL is 0 or 1. If so, this package has not arrived at the destination, and there is not much remaining time, it is definitely not the destination. This router simply discards this package and sends an ICMP notification to the source host, saying that this package has timemorted. The ICMP notification information contains the IP used when the current router is sent.
This can be constructed by constructing a packet, which routes have passed when they reach a host. When the packet of a TTL is 1, when it arrives at the first router, it has timeminal, and the first router will send a notification to the timeout, so that the IP of the first router can be recorded. Then TTL plus 1, safe through the first router, and the processing of the second router is the same, packet loss, sending a notification package timeout, so that the second router IP is recorded, thereby Go down until this packet reaches the target host, thereby printing all passers.
In communication, the IP layer is only responsible for the route and transmission of the data, and does not process the content of the packet. For example, ICMP, or TCP, UDP, these protocols are transmitted depending on the transmission function of the IP layer. In the host of the communication between communication, after receiving the packet of these protocols, it is generally on the corresponding host of the communication, and there will be programs to process this data. Direct IP datagrams are useless (Win2000 drive layers can directly use IP reports without having to add other protocols, but generally not use). Therefore, the TraceRoute program sends a UDP package to test. For routers, UDP datagrams are just a kind of IP datagram, which does not care about the specific content of the UDP datagram. Until this package reaches the main chance of the destination, the core of the destination host parses the UDP datagram and finds that the data is required to have a process in use. If found, the notification process has data arrival. And if you can't find it, send a "destination port is unreachable" ICMP error data back to the source host. This will be fully determined. Trcertroute establishes a UDP packet, constantly modify the TTL value and send it out. If you receive the "timeout", it means that the router just arrives, and if the "port is not arrogant" error, it means that the destination host has just arrived. . This way, the route is complete, the program ends.
There are a few details:
1. The route of the local area network is relatively stable, so the response time printed with TraceRoute is not large. If it is used to track the route of a wide area network, since the routing information of the WAN is dynamically changed, it is not to determine that the time is more time consumption, and the time and routing information can only be used as a reference.
2. TTL selection. If the TTL is large enough, it is not possible to print all routes, such as a packet through 300 routers to the destination. Of course, it is unlikely to have so many routes in an existing network environment. The TTL information has only one byte in the IP datagram, which is to set up to 255 (256 will start again from 0). The purpose of setting this information is to prevent some stupid datagrams from being unimpeded to the network without disappearing. Every time a router is passed by a router, the router minus TTL 1 (or the number of seconds passing before the router is processed), there is always one time will be reduced to 1, and the router will discard it.
3.Traceroute is ended with the "port is not arrogant". The premise is that the port required in the UDP datagram is not used on the destination host. And if there is a process on the destination host to use this port, receive this package and processed in normal way so that TraceRoute will not receive the "port irreparable" error. In order to avoid this, the port of the UDP datagram is high (the implementation in the book is the initial value 33435, and each time it is sent once, the port number can be 65535). Normal procedures generally do not use these high ports. The problem is how Traceroute will handle if there is this situation? It seems that the Solaris system may use high ports, how is it.
4. During the transmission, you have to pass a lot of routes. Before you reach the destination host, you may have to pass the gateway, firewall, and other filters such as IDS, and send the package can not arrive at the destination host or a problem. Even if it arrives, the transmission ICMP information cannot return is also a problem. Because there are too many levels that pass along the way, there is no way to meet this information, if you don't forward this information, then there is no way.
The book also mentioned that there is an option in the original Traceroute, which can specify the router passed by the packet. If it is a wide route, you can only pass the specified route. If it is strict route, you must pass the specified router in the specified order. Because this option may cause a fixed routing processing information, there is already canceled in the published source code. But you can find a patch or can be used. From the comparison result, it seems that the specified router is not as good as the router adopts the default route. For strict roads, it is even more difficult to succeed, because it is not necessarily that the router you specify exactly to the next router. This chapter is more complicated, can't find the network environment experiment, while the principle analysis can not see. The source code is not, if there is really, the current level is estimated to see something. Don't understand it first, you may know when you look at it.
