This blog has moved. Please update your bookmarks.

Fetching A Web Page - Interlude

There's a rather funny experiment you can do, if you've never done it before. It's a little utility called "tracert" (on Windows at least, on Unix it's usually called "traceroute"). It will display the exact path that your tiny little packets travel over the internet.

Running the traceroute utility, someone said, is like sending out a large number of pirates with parrots. (Don't ask me where he got his mental pictures from.) Each pirate is instructed to go a specific number of steps, and then spontaneously die, commit suicide, dig himself into a hole or perform any other action that will result in his immediate death, and thereby causing his parrot to fly home to you and report the last known position.

traceroute, as the legend thus has it, sends out a large number of pirates. The first pirate takes one step, then dies, and his parrot flies immediately home to you and reports the first position. The second pirate takes two steps, dies immediately, and his parrot in turn flies home and reports the second position.

In TCP/IP, this is accomplished through a special little flag on each packet sent, called TTL, or Time To Live. Each time a packet passes a router, the TTL value is decreased by one, and when it reaches zero, the packet is discarded and a notice sent "home" to inform the sender of the action.

So traceroute sends out packets, each one with increasing TTL value (actually it usually sends three packets for each TTL, for better statistics) and records the answers it gets back. Let's try it:
C:\>tracert www.cnn.com

Tracing route to cnn.com [64.236.24.20]

1 1 ms 1 ms 1 ms [hidden]
2 2 ms 2 ms 2 ms [hidden]
3 2 ms 2 ms 2 ms 172.19.3.1
4 3 ms 2 ms 2 ms rb-uplink-gw-hq.artech.se
5 2 ms 2 ms 2 ms skv-1-gw.artech.se
6 4 ms 4 ms 4 ms gw-sonera.artech.se
7 12 ms 12 ms 12 ms Se4-0-4-bdn-pe2.got.se.sn.net
8 12 ms 12 ms 14 ms pos1-9.rgn-p1.got.se.sn.net
9 28 ms 28 ms 28 ms ge0-0-0.joo.peer1.ams.nl.sn.net
10 29 ms 29 ms 28 ms ge-3-1.a00.amstnl02.nl.ra.verio.net
11 29 ms 28 ms 28 ms ge-0-1-1-4.r20.amstnl02.nl.bb.verio.net
12 37 ms 37 ms 37 ms p16-7-1-0.r20.londen03.uk.bb.verio.net
13 68 ms 39 ms 68 ms p4-0.aol.londen03.uk.bb.verio.net
14 37 ms 37 ms 75 ms bb2-loh-S1-1-0.atdn.net
15 111 ms 149 ms 147 ms bb2-nye-P5-0.atdn.net
16 111 ms 146 ms 111 ms bb2-vie-P12-0.atdn.net
17 123 ms 161 ms 123 ms bb1-atm-P3-0.atdn.net
18 159 ms 159 ms 122 ms pop1-atl-P5-0.atdn.net
19 * * * Request timed out.
20 * ^C
(I hid the first two entries for security reasons.)

What happened here? Well, for each TTL level (on the left hand side), three packets were sent out. traceroute measured the time it took for each packet to "come back home". The address was recorded as well, showing us that we first leave "artech.net" (that's my ISP for work), then go through various instances of "sn.net", "verio.net" and "atdn.net".

Usually, some of these can be looked up. ATDN apparently means AOL Transit Data Network. Feel free to look up the others by typing in "www." and the domain name. (www.sn.net, for instance).

After hop number 18, our packets mysteriously disappear. Why is that? Usually that means that between router 18 and router 19, there sits a grim, menacing device called a firewall. A firewall is a security device that makes sure that only certain types of traffic pass through, according to very strict rules. Our parrot-carrying pirates typically belong to those types of traffic that get stopped. Beyond the firewall, our pirates disappear, and the parrots are efficiently shot down before they can make it back again. Alas, such is the world of Internet security.

Firewalls are usually put there to protect the network against malicious intrusion; which is part of the reason why our parrots are shot down without mercy. However, it could also have meant that the routers beyond number 18 doesn't work. CNN.com is such a big company, though, so that is unlikely; had all traffic stopped at router number 5 instead (still within our ISP), you can safely bet your horses on a temporary network problem.

All in all, before we continue, traceroute is a remarkable little utility that allows you to track how traffic flows on the internet. In the right hands, it can be used to diagnose router errors, link failures and other types of common problems. Or just for playing with.


0 Comments:

Post a Comment

<< Home

 

Blog contents copyright © 2005 Mats Gefvert. All rights reserved.