Tracing the Web Server / Website
TraceUtility
When you encounter problems while connecting to servers on your TCP/IP network, determining the path that an IP packet is following can yield important information in your troubleshooting expedition. Fortunately, all versions of Windows provide you with a utility called Tracert. This utility is specifically designed to trace the route that an IP packet follows from source to destination.
How it works
To trace the route between the source and destination computers, the Tracert utility sends out a series of data packets called Internet Control Message Protocol (ICMP) echo request packets. Basically, ICMP packets are messages that two systems on a TCP/IP network use to share IP status and error information. When a system receives an ICMP echo request, it answers back with an ICMP echo reply.
To get each server or router in the path to send an ICMP echo reply, the Tracert utility configures the ICMP echo request packets with a timer value called Time To Live (TTL). As each system in the path receives an ICMP packet, it is instructed to decrement the TTL value by 1 before passing it on to the next system. If decrementing the TTL value yields 0, instead of passing the ICMP packet on to the next system, that system is instructed to send an ICMP Time Exceeded message back to the source, along with its IP address and the current time. When the Tracert utility receives this return packet, it records the information and displays it in a table on the screen.
With this in mind, let’s take a closer look at how the how Tracert uses TTL to trace the route from the source to the destination. To begin, the first set of three ICMP packets that the Tracert utility configures have a TTL value of 1. These packets are sent out on the path. When the first system receives these packets, it decrements the TTL value by 1, which yields 0. As such, the first system sends an ICMP Time Exceeded message back to the source, along with its IP address and the current time. The Tracert utility then sends out a second set of three ICMP packets, this time with a TTL value of 2. These packets get passed from the first system to the second system on the path. When the second system decrements the TTL value and gets 0, it sends an ICMP Time Exceeded message back to the source along with its IP address and the current time. At this point, Tracert has documented the first two systems in the path. Then, the whole procedure repeats with a TTL value of 3 and so on, to a maximum of 30 iterations.
If the final destination system is reached, the return packet will contain a different type of ICMP error message. Tracert will then compare the IP address in this packet with the one specified as the destination, recognize that they’re the same, display a completion message, and then terminate. If an error occurs that prevents Tracert from reaching the final destination system, that information will appear in the output table.
An example
Now that you have a basic understanding of how the Tracert utility works, let’s see an example to help you put all the pieces together.
The Tracert utility is a DOS-based program. As such, to use it, you open an MS-DOS Prompt in Windows 9x/Me or a command prompt in Windows NT/2000 and type Tracert followed by the hostname or IP address of the system to which you want to trace the route. As soon as you do, Tracert goes to work and displays a line in the table each time it receives the ICMP Time Exceeded message from one of the systems in the path to the destination. Keep in mind that this procedure can take a few minutes to complete.
For example, if you want to trace the route from your system to the DriverGuide.com Web site, you’d type
Tracert
Running this Tracert command from my example system yielded the results shown inFigure A.
The Tracert utility displays the results of the route trace in a table one line at a time.Studying the results
Let’s take a moment to study the results generated by running this example Tracert command. As soon as you launch the Tracert utility, it will display the destination both as a host name and an IP address, as indicated by number 1 in Figure A. As you can see, it will also specify that it will send the ICMP packet a maximum of 30 times, which directly corresponds to the maximum TTL value. Tracert refers to the sending of packets from one system to the next as hops.
Each line in the table represents information sent back from a system in the path between the source and destination. The first column in the output table (indicated by number 2 in Figure A) shows the number of hops it took to go from the source to that particular system. For example, it took one hop to get to the first system, which in this case is designated by the IP address 37.297.233.179.
The second, third, and fourth columns (indicated by number 3 in Figure A) show the round-trip time (RTT) in milliseconds for each of the ICMP packets in a set. This tells us how long it took a packet to get from the source to that particular system and back again. By default, three packets are sent to each system so that you can get a good idea of the average RTT. Keep in mind that any RTT value less than 500 ms is acceptable.
The fifth column (indicated by number 4 in Figure A) lists the IP address of each system in the path. If Tracert is able to resolve the hostname, you’ll see it next to the IP address.
As you can see, it took 13 hops to reach the final destination from my test system. You’ll also notice that the first three RTT values are much smaller as those devices are closer to the source. The RTT values progressively get larger as the ICMP packets travel farther and farther onto the Internet to reach the destination system.
Troubleshooting with Tracert
Now, let’s take a look at how you can use Tracert to troubleshoot problems on your TCP/IP network. Suppose you’ve used the IPConfig and ping commands to test the connections on your local network, but you’re having trouble reaching a remote system on your WAN. The remote system is up and running, but you can’t get a response with the ping utility. The next step is to turn to the Tracert utility.
When you use Tracert, you might see a number of anomalies in the output table that can indicate a problem. Let’s take a closer look the most common problems.
The first problem results from the TTL value hitting 30 before the destination is reached. In this case, you’ll see several rows that have asterisks in the middle three columns and the error message Request Timed Out in the last column, as shown inFigure B.
A series of asterisks and the error message Request Timed Out in several consecutive rows indicates a problem.
In my example problem, the last system to send back an ICMP Time Exceeded message was 208.111.121.42. As such, you can assume that the connection problem lies between that system and the next one or with the next system itself. With this information, you can narrow down your troubleshooting efforts to a specific system.
Another type of problem that you may encounter involves what I call the badminton syndrome. In this situation, two systems pass the ICMP packet back and forth until the TTL value drops to zero. Then, the ICMP packet never gets past these two systems. Such a problem would appear in Tracert’s output table, asTable Ashows below:
10 / 130 ms / 151 ms / 90 ms / 152.63.37.82
11 / 130 ms / 90 ms / 110 ms / 152.63.37.83
12 / 90 ms / 120 ms / 100 ms / 152.63.37.82
13 / 111 ms / 100 ms / 130 ms / 152.63.37.83
Tracert output table
(I’ve only shown hops 10 through 13 to illustrate this problem.) Of course, this type of a loop would continue until the number of hops reached 30. This would indicate a routing problem with one or both of the systems involved.
Command-line switches
Tracert has a few command-line switches that allow you to customize the way it works. For example, you can make the Tracert utility work faster if you tell it not to attempt to resolve IP addresses to host names with the -d switch as in
Tracert –d
Table Bprovides a listing of common Tracert switches and their descriptions.
Switch / Description
-d / Does not resolve IP addresses to hostnames
-h # / Specifies a custom number of hops
-j host_list / Specifies a loose source route in which you redirect the path through a specific system
-w # / Specifies how many milliseconds to wait for each reply
Tracert command-line switches
About Visual Route - Trace Route and Network Diagnostic Software
Features
- Full hop by hop trace route
- Reverse tracing
- Historical Analysis
- Packet Loss Reporting
- Reverse DNS
- Ping plotting
- Port Probing
- FireFox and IE plugin
Traceroute
Key diagnostic data such as packet loss and response times are displayed in an easy to understand traceroute table. Hop by hop analysis makes it easy to pin point problem areas.
Reverse trace (remote agents)
One of the most powerful features of VisualRoute (SupportPro edition) is the ability to create remote agents. Remote agents allow the user to perform a reverse trace between two locations without actually being present in either location.
Reverse DNS
Use VisualRoute to perform a reverse DNS lookup. This allows the user to uncover the IP address behind a domain name, such as
Ping plotting
Plot response times for any domain/IP address over a period of time. The data is displayed in an easy to read graph and data can be accessed historically.
Historical data
Past data can be easily accessed using VisualRoute. This allows the user to easily compare previous data which in turn makes it quicker to locate network problems.
Continuous traceroute
Traceroutes performed over a period of time make it easy to monitor performance degradation that can occur over large time spans.
IP Location Reporting
The physical geographical locations of network servers and routers is key information for understanding routing problems, viewing the actual route path on global map provides an instant of picture of routing efficiency and distances.
//Address the Screen Shot of the Visual Trace Route taken in Lab