{"id":818,"date":"2012-07-25T23:06:28","date_gmt":"2012-07-25T23:06:28","guid":{"rendered":"http:\/\/microsoftgeek.com\/?p=818"},"modified":"2018-09-06T23:00:52","modified_gmt":"2018-09-06T23:00:52","slug":"using-tracert","status":"publish","type":"post","link":"https:\/\/microsoftgeek.com\/?p=818","title":{"rendered":"Using Tracert"},"content":{"rendered":"

Tracert (also known as traceroute) is a Windows based tool that allows you to help test your network infrastructure. In this article we will look at how to use tracert while trying to troubleshoot real world problems. This will help to reinforce the tool’s usefulness and show you ways in which to use it when working on your own networks.<\/p>\n

This TCP\/IP utility allows you to determine the route packets take through a network to reach a particular host that you specify. Tracert works by increasing the “time to live” (TTL) value of each successive packet sent. When a packet passes through a host, the host decrements the TTL value by one and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded. Tracert, if used properly, can help you find points in your network that are either routed incorrectly or are not existent at all.<\/p>\n

Introduction<\/h2>\n

Tracert is a Windows based command-line tool that you can use to trace the path that an Internet Protocol (IP) packet takes to its destination from a source. Tracert will determine the path taken to a destination. It does this by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination. When sending traffic to the destination, it will incrementally increase the Time to Live (TTL) field values to aid in finding the path taken to that destination address. The path is outlined from this process.<\/p>\n

Using the following illustration, let\u2019s take a look at how tracert would function in a production network.<\/p>\n

\"\"<\/p><\/blockquote>\n

How to Use Tracert<\/h2>\n

As you saw in the last illustration, we will be sending traffic from a test workstation from Site B to a server at another site (Site A). The packets will traverse the wide area network (WAN) that separates the two sites over a T1 with a backup link via Integrated Services Digital Network (ISDN). To use the tracert utility, you simply need to know what your destination IP address is and how to use the tracert utility correctly as well as what to look for within the results.<\/p>\n

Tracert works by manipulating the Time to Live (TTL). By increasing the TTL and then each router decrementing as it sends it along to the next router, you will have a hop count from your source to your destination. A router hop would be a packet sent from one router to another router \u2013 that\u2019s a hop. When the TTL on the packet reaches zero (0), the router sends an ICMP “Time Exceeded” message back to the source computer. You can see an example of our sample network here in the next illustration; with a source and destination IP address\u2026 we will be using the workstation on Site B and a server at Site A for our test.<\/p>\n

\"\"<\/p><\/blockquote>\n

From this illustration you can see that the source IP will be 10.1.2.4 and the destination (for this example) will be 10.1.1.6. The normal route the packets should take would be from Site B to Site A over the higher capacity link, the T1 (1.544 Mbps). The ISDN link is 128 Kbps and is used as a backup if the primary link fails. Tracert once fired up and used will be able to show you that the packets sent will start from Site B, the PC at 10.1.2.4 and then traverse the T1 to 10.1.1.1. That router will know how to send the packets to its local LAN (10.1.1.0) and ultimately to 10.1.1.6.<\/p>\n

As the packets are sent, tracert will use the first interface on the router that it sees to report back your router hops, so let\u2019s take a look at our complete path before we send the test packets.<\/p>\n

\"\"<\/p><\/blockquote>\n

The path displayed is the list of routers in the path between a source host and a destination. One thing that is very important to remember is that near-side interfaces are used when reporting. The near-side interface is the interface of the router that is closest to the sending host in the path. In this example, you can see that the path is the T1 from Site B to Site A. Lets see now why it\u2019s important to know this.<\/p>\n

The way tracert works is, once launched and utilized, tracert will report (print out) a list in the order in which it heard back from each host that it passed on its way to its intended destination. This is good because you can learn much from this path. If you are getting \u2018near side\u2019 interfaces, then you would see a new set of IP addresses in the next illustration (192.168.10.1 and 192.168.11.1) 10.1 is used for the ISDN link and 11.1 is used for the T1 link. Why is this important?<\/p>\n

When you get results back from tracert, this could be confusing to some who are not adept with working with this tool, you will see WAN addressing instead of Site A\u2019s default gateway router which is 10.1.1.1. It\u2019s the same router, but it\u2019s a different interface. This is imperative for you to know when testing with tracert, because if you confuse this, you will not know what you are reading.<\/p>\n

For example, the path as you see in the last illustration is from 10.1.2.4 and then to 10.1.2.1 (the LAN\u2019s default gateway), and then it will traverse the WAN to 10.1.1.1. The only problem here is that you will not see that address come up. Since the T1 has an interface on Site A\u2019s router (11.1), and so does the ISDN link (10.1), these are the two IP address that are most important in the results of tracert \u2013 this is because in this example, the T1 may be down and now the path is over the ISDN link. This is working \u2018as advertised\u2019, but what happens when you bring the T1 back online \u2013 aside from feeling your network crawl from moving from a T1 at 1.544 Mbps to a 128 Kbps \u2013 is that you should not be using the ISDN link anymore. This is what we are going to test\u2026<\/p>\n

\"\"<\/p><\/blockquote>\n

The Tracert Test<\/h2>\n

Now, to use tracert, you simply need to open a command prompt. To do this, go to<\/p>\n

Start => Run => CMD => tracert<\/p><\/blockquote>\n

(note \u2013 you must type tracert, as you can see traceroute only works on UNIX\/Linux and other systems such as Cisco, etc)<\/p>\n

\"\"<\/p><\/blockquote>\n

In the following example of the tracert command and its output, the packet travels through two routers (as seen in the last illustration) to get to host 10.1.1.6. In this example, the default gateway from Site B is 10.1.2.1 and the IP address of the router on the WAN via the T1 and ISDN links (respectively) are 192.168.11.1 and 192.168.10.1.<\/p>\n

Lets first see what it should look like using the T1.<\/p>\n

C:\\>tracert 10.1.1.6
\nTracing route to 10.1.1.6 over a maximum of 30 hops
\n—————————————————
\n1\u00a0\u00a0\u00a0\u00a0\u00a0 2 ms\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 3 ms\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2 ms\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a010.1.2.1
\n2\u00a0\u00a0\u00a0\u00a0 25 ms\u00a0\u00a0\u00a0\u00a0\u00a0 83 ms\u00a0\u00a0\u00a0\u00a0\u00a0 88 ms\u00a0\u00a0\u00a0\u00a0\u00a0 192.168.11.1
\n3\u00a0\u00a0\u00a0\u00a0 25 ms\u00a0\u00a0\u00a0\u00a0\u00a0 79 ms\u00a0\u00a0\u00a0\u00a0\u00a0 93 ms\u00a0\u00a0\u00a0\u00a0\u00a0 10.1.1.6<\/p>\n

Trace complete.<\/p><\/blockquote>\n

Now, if the T1 was down and you were using the ISDN link, you can see that there is a different \u2018path\u2019 and you can also see that it takes \u2018longer\u2019 to get there.<\/p>\n

C:\\>tracert 10.1.1.6
\nTracing route to 10.1.1.6 over a maximum of 30 hops
\n—————————————————
\n1\u00a0\u00a0\u00a0\u00a0\u00a0 2 ms\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 3 ms\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2 ms\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 10.1.2.1
\n2\u00a0\u00a0\u00a0\u00a0 75 ms\u00a0\u00a0\u00a0\u00a0\u00a0 83 ms\u00a0\u00a0\u00a0\u00a0\u00a0 88 ms\u00a0\u00a0\u00a0\u00a0\u00a0 192.168.10.1
\n3\u00a0\u00a0\u00a0\u00a0 75 ms\u00a0\u00a0\u00a0\u00a0\u00a0 79 ms\u00a0\u00a0\u00a0\u00a0\u00a0 93 ms\u00a0\u00a0\u00a0\u00a0\u00a0 10.1.1.6<\/p>\n

Trace complete.<\/p><\/blockquote>\n

As you can see now, using tracert will help you to determine the network path as it is laid out through the network \u2013 AND \u2013 most importantly, how data traverses that path.<\/p>\n

Using Tracert Options<\/h2>\n

To use tracert, be aware of a few options you can use with it. The most helpful is the first one. Using the \u2013d option is always helpful when you want to remove DNS resolution. Name servers are helpful, but if not available or if incorrectly set or if you simply just want the IP address of the host, use the \u2013d option.<\/p>\n

\n

\n\n\n\n\n\n\n\n
-d<\/td>\nPrevents tracert from attempting to resolve the IP addresses of intermediate routers to their names. This can speed up the display of tracert results<\/td>\n<\/tr>\n
-h<\/td>\nSpecifies the maximum number of hops in the path to search for the target (destination). The default is 30 hops<\/td>\n<\/tr>\n
-j<\/td>\nYou can use this with a host list (HostList). Specifies that Echo Request messages use the Loose Source Route option in the IP header with the set of intermediate destinations specified in HostList. With loose source routing, successive intermediate destinations can be separated by one or multiple routers. The maximum number of addresses or names in the host list is 9. The HostList is a series of IP addresses (in dotted decimal notation) separated by spaces.<\/td>\n<\/tr>\n
-w<\/td>\nSpecifies the amount of time in milliseconds to wait for the ICMP Time Exceeded or Echo Reply message corresponding to a given Echo Request message to be received. If not received within the time-out, an asterisk (*) is displayed. The default time-out is 4000 (4 seconds)<\/td>\n<\/tr>\n
-?<\/td>\nDisplays help at the command prompt.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

tracert [-d] [-h MaximumHops] [-j HostList] [-w Timeout] [TargetName]<\/p><\/blockquote>\n

How to Use Tracert to Troubleshoot<\/h2>\n

There may be times where the output you get isn\u2019t so clear to you. For example, what if you get an asterisk? As just mentioned in the last section, an asterisk can be a false positive, because the ICMP packet may be traveling through, but something is stopping the report from coming back, most likely a firewall rule or access control list.<\/p>\n

You can use tracert to find out where a packet stopped on the network. In the following example, the default gateway has found that there is no valid path for any host. This would mean that both links are down \u2013 the T1 and the ISDN and there is no destination available.<\/p>\n

C:\\>tracert 10.1.1.6
\nTracing route to 22.110.0.1 over a maximum of 30 hops
\n—————————————————–
\n1\u00a0 10.1.2.1\u00a0 reports: Destination net unreachable.<\/p>\n

Trace complete.<\/p><\/blockquote>\n

From this example, you can see that when you sent the tracert test to 10.1.1.6, the LAN default gateway reported that it could not find a path \u2013 to see this in graphical format may help you to understand it better.<\/p>\n

\"\"<\/p><\/blockquote>\n

As just mentioned, since there is no path, the closest router to the source informs the source that there is no path.<\/p>\n

Important Notes<\/h2>\n

Here are some important notes that I have compiled to help you learn more about tracert.<\/p>\n