4

When does traceroute use TCP? Or does it just use UDP, also why does Traceroute use UDP on MacX and ICMP on windows? I thought ICMP just contains a message saying what caused the error of a packet and does not transmit segments like TCP and UDP.

MadHatter
  • 79,770
  • 20
  • 184
  • 232
user171131
  • 145
  • 2
  • 4
  • 7

3 Answers3

4

ICMP messages are still IP packets. Traceroute uses ECHO Request (ICMP type 8) by default on Unix and Windows with incrementing TTLs, logging the sending address of each Time Exceeded (Type 11) message it gets back from the hops along the route. (cf: http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol)

This is the 'correct' way to do it, but you can run in to problems if some of the systems on the route drop or differently handle ICMP traffic.

Some implementations of traceroute (on Linux for example) have -T and -U options for switching to TCP/UDP instead (and a following -p argument to specify a destination port). This is useful for more closely simulating real traffic, which might get you a more accurate result in some cases.

I suspect the OSX implementation defaults to UDP for that reason, but I can't say for sure. You might find a switch to use ICMP instead.

SmallClanger
  • 9,127
  • 1
  • 32
  • 47
  • `Traceroute uses ECHO Request (ICMP type 8) by default on Unix and Windows` ... not correct. Windows **does** use ICMP by default, but Unix does not. Not sure there is a single blanket statement for traceroute on the whole spectrum of Unices. Most Linux distros I have seen do not even include traceroute. BSD and OS X default to UDP. – Jim L. Aug 06 '19 at 21:35
1

Windows Tracert typically uses ICMP with a specific TTL. The TTL is increased each hop until it reaches the destination. This means the first hop has a TTL (max-hop-count) of 1. Even though the packet doesn't reach the target, the first hop drops it and sends a TIME EXCEEDED message back, this message is used to map the route, and the next ICMP is sent with a TTL of 2.

OSX and Linux use UDP by default with increasing port numbers, but both can be configured to use TCP, UDP, ICMP, or GRE packets.

David Houde
  • 3,200
  • 1
  • 16
  • 19
  • 1
    but why UDP, why is it not TCP default, is there a specific reason, is it because UDP is faster? – user171131 Apr 25 '13 at 11:59
  • TCP is a connection-oriented protocol. tcp trace doesnt establish a connection, and doesnt make use of a full handshake, error checking, windowing, or any of the other TCP features....so yeah, probably done for speed. – David Houde Apr 25 '13 at 12:07
  • Traceroute (any implementation) uses a constrined TTL and decrements it for each hop until it either reaches it's destination or TTL=0. – symcbean Apr 25 '13 at 12:31
  • 1
    I'm a little confused, does it not start with a low TTL, working up to the destination? – David Houde Apr 25 '13 at 12:59
  • @DavidHoude's answer is the correct one. – Jim L. Aug 06 '19 at 21:36
0

To make GNU traceroute use ICMP like Windows does, use:

traceroute host -I
Cees Timmerman
  • 222
  • 3
  • 8