Minimum = 13ms, Maximum = 28ms, Average = 19ms
The first TTL is 118, so it can basically be judged that this is a Windows machine. From my machine to this machine, it passes through 10 nodes, because 128-118=10. The second one should be Linux, with the same reasons 64-54=10.
After understanding the above, some people may have some questions, such as the following:
1. Isn’t it said that the packages may take many paths? Why are the 4 packages I see the same TTL, and there is no difference?
This is because the path through which the packet passes is determined by some optimal selection algorithms. After the network topology is stable for a period of time, the routing path of the packet will be relatively stable on a shortest path. The specific calculations need to be studied in the routing algorithm, which is not discussed.
2. For the second machine in the example above, why not think it is a Windows machine that has passed 74 nodes? Because 128-74=54.
For this problem, we need to introduce another good ICMP protocol tool. However, the first thing to declare is that a package passes through 74 nodes is a bit scary, so it is better not to use such a path.
The tool to be introduced is tracert (traceroute under *nix). Let's see the result of using this command for the second machine above.
D:Documents and Settingshx>tracert 61.152.104.40
Tracing route to 61.152.104.40 over a maximum of 30 hops
1 13 ms 16 ms 9 ms 10.120.32.1
2 9 ms 9 ms 11 ms 219.233.244.105
3 12 ms 10 ms 10 ms 219.233.238.173
4 15 ms 15 ms 17 ms 219.233.238.13
5 14 ms 19 ms 19 ms 202.96.222.73
6 14 ms 17 ms 13 ms 202.96.222.121
7 14 ms 15 ms 14 ms 61.152.81.86
8 15 ms 14 ms 13 ms 61.152.87.162
9 16 ms 16 ms 28 ms 61.152.99.26
10 12 ms 13 ms 18 ms 61.152.99.94
11 14 ms 18 ms 16 ms 61.152.104.40
Trace complete.
From the result of this command, we can see that the route from my machine to the server is indeed 11 nodes (the 10 mentioned above seems to be the error of forgetting to calculate 0, it should be 64-54+1, hehe), rather than the TTL of 128 that has passed through more than 70 nodes.
Now that we have already said this, we might as well talk about the more advanced things about these two ICMP commands.
The first is the ping command. In fact, ping has such a parameter that you can ignore the default TTL value of the operating system and use the value you define to send the ICMP Request package.
For example, use the Linux machine and use the following command:
D:Documents and Settingshx>ping 61.152.104.40 -i 11
Pinging 61.152.104.40 with 32 bytes of data:
Reply from 61.152.104.40: bytes=32 time=10ms TTL=54
Reply from 61.152.104.40: bytes=32 time=13ms TTL=54
Reply from 61.152.104.40: bytes=32 time=10ms TTL=54
Reply from 61.152.104.40: bytes=32 time=13ms TTL=54
Ping statistics for 61.152.104.40:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 13ms, Average = 11ms
D:Documents and Settingshx>
In this command, we define the packetized TTL to 11. We knew earlier that I have to go to this server to pass through 11 nodes, so this output is no different from before. Now try using this:
D:Documents and Settingshx>ping 61.152.104.40 -i 10
Pinging 61.152.104.40 with 32 bytes of data:
Reply from 61.152.99.94: TTL expired in transit.
Reply from 61.152.99.94: TTL expired in transit.
Reply from 61.152.99.94: TTL expired in transit.
Reply from 61.152.99.94: TTL expired in transit.
Ping statistics for 61.152.104.40:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
D:Documents and Settingshx>
As you can see, the result is different. I defined TTL to 10 to send packets, and the result is TTL expired in transit. That is to say, the life cycle of this package ends before arriving at the server. Pay attention to the ip in front of this sentence. This ip happens to be the last ip before we tracert results to the server. The TTL of the packet is reduced to 0 here. According to our previous discussion, when the TTL is reduced to 0, the device will discard the packet and send an ICMP with an expired TTL feedback to the source address. The result here is the best proof.
Through this, it is proved again that from my machine to the server, I passed 11 nodes instead of more than 70, haha.
Finally, to consolidate the knowledge, some people may think that the tracer command is magical and you can discover the routing path through which a package passes. In fact, the principle of this command is in our discussion above.
Imagine what would happen if I sent a packet with TTL of 1 to the destination server?
According to the previous discussion, the TTL will be reduced to 0 for the first node departing from the Baogang. At this time, this node will respond to the feedback of TTL failure. This response contains the IP address of the device itself, so we get the address of the first node of the routing path.
Therefore, if we continue to send a packet with TTL=2, we will be responded to the TTL failure of the second node.
By analogy, we discover one by one that when the final result is not TTL failure but ICMP Response, our tracert ends, that's that simple.
By the way, add a ping command with a -n parameter to specify the number to be sent. If you specify this number, you will send the package according to your requirements instead of the default 4 packages. If you use the -t parameter, the command will be packetized until you forcefully abort it.