1.1.2.4 Lab – Mapping the Internet Answers
Objectives
- Part 1: Test Network Connectivity Using Ping
- Part 2: Trace a Route to a Remote Server Using Windows Tracert
- Part 3: Trace a Route to a Remote Server Using Web-Based and Software Tools
- Part 4: Compare Traceroute Results
Background
Route tracing software is used to list the networks that data must traverse from the user’s originating end device to a distant destination network.
This network tool is typically executed at the command line as:
tracert <destination network name or end device address>
(Microsoft Windows systems)
or
traceroute <destination network name or end device address>
(Unix and similar systems)
Route tracing utilities allow a user to determine the path or routes as well as the delay across an IP network. Several tools exist to perform this function.
The traceroute (or tracert) tool is often used for network troubleshooting. By showing a list of routers traversed, it allows the user to identify the path taken to reach a particular destination on the network or across internetworks. Each router represents a point where one network connects to another network and through which the data packet was forwarded. The number of routers is known as the number of “hops” the data traveled from source to destination.
The displayed list can help identify data flow problems when trying to access a service such as a website. It can also be useful when performing tasks such as downloading data. If there are multiple websites (mirrors) available for the same data file, one can trace each mirror to get a good idea of which mirror would be the fastest to use.
Two trace routes between the same source and destination conducted some time apart may produce different results. This is due to the “meshed” nature of the interconnected networks that comprise the Internet and the Internet Protocol’s ability to select different pathways over which to send packets.
Command-line-based route tracing tools are usually embedded within the operating system of the end device.
Other tools, such as VisualRoute™, are proprietary programs that provide extra information. VisualRoute uses available online information to graphically display the route.
This lab assumes the installation of VisualRoute. If the computer you are using does not have VisualRoute installed, you can download the program using the following link:
http://www.visualroute.com/download.html
Ensure that you download the Lite Edition.
Scenario
Using an Internet connection, you will use three route tracing utilities to examine the Internet pathway to destination networks. This activity should be performed on a computer that has Internet access and access to the command line. First, you will use the Windows embedded tracert utility. Second, you will use a web-based traceroute tool (http://www.subnetonline.com/pages/network-tools/online-traceroute.php). Finally, you will use the VisualRoute traceroute program.
Instructor Note: In many study locations, you do not have access to the command prompt. Appendix A contains traceroutes to use. Depending on the situation, this lab may be assigned to be done in class or as homework or may be performed by the instructor as an explanatory demonstration.
Free software programs, such as VisualRoute, can quickly become outdated. If VisualRoute Lite Edition is no longer available when you complete this lab, type “download visual traceroute tool” into your preferred search engine.
Some institutions disable ICMP echo responses used by both the ping and traceroute utilities. Before students begin this activity, make sure there are no local ICMP datagram restrictions. This activity assumes that ICMP datagrams are not restricted by any local security policy.
Required Resources
1 PC with Internet access
Instructions
Part 1: Test Network Connectivity Using Ping
Step 1: Determine whether the remote server is reachable.
To trace the route to a distant network, the PC used must have a working connection to the Internet.
a. The first tool we will use is ping. Ping is a tool used to test if a host is reachable. Packets of information are sent to the remote host with instructions to reply. Your local PC measures if a response to each packet is received, and how long it takes for those packets to cross the network. The name ping comes from active sonar technology in which a pulse of sound is sent underwater to bounce off of terrain or other ships.
b. From your PC, search for “cmd”.
c. At the command-line prompt, type ping www.cisco.com.
d. The first output line displays the Fully Qualified Domain Name (FQDN) e144.dscb.akamaiedge.net. This is followed by the IP address 23.1.48.170. Cisco hosts the same web content on different servers throughout the world (known as mirrors). Therefore, depending upon where you are geographically, the FQDN and the IP address will be different.
e. From this portion of the output:
Four pings were sent and a reply was received from each ping. Because each ping was responded to, there was 0% packet loss. On average, it took 54 ms (54 milliseconds) for the packets to cross the network. A millisecond is 1/1,000th of a second.
Instructor Note: If the first ICMP packet times out, it may be because the computer resolved the destination address. This should not happen if you ping again, as the address is now cached.
Streaming video and online games are two applications that suffer when there is packet loss, or a slow network connection. A more accurate determination of Internet connection speed can be determined by sending 100 pings, instead of the default 4. Here is how to do that:
And here is what the output from that looks like:
f. Now ping Regional Internet Registry (RIR) websites located in different parts of the world:
For Africa:
C:\> ping www.afrinic.net
For Australia:
C:\> ping www.apnic.net
For Europe:
C:\> ping www.ripe.net
For South America:
C:\> ping www.lacnic.net
All these pings were run from a computer located in the U.S. What happens to the average ping time in milliseconds when data is traveling within the same continent (North America) as compared to data from North America traveling to different continents?
The answer varies by location. In the data above, the average ping time in milliseconds increases noticeably.
What is interesting about the pings that were sent to the European website?
At the time these pings were sent, the site was inaccessible.
Part 2: Trace a Route to a Remote Server Using Tracert
Step 1: Determine what route across the Internet traffic takes to the remote server.
Now that basic reachability has been verified by using the ping tool, it is helpful to look more closely at each network segment that is crossed. To do this, the tracert tool will be used.
a. At the command-line prompt, type tracert www.cisco.com.
b. Save the tracert output in a text file as follows:
- Right-click the title bar of the Command Prompt window and choose Edit > Select All.
- Right-click the title bar of the Command Prompt window again and choose Edit > Copy.
- Search for and open Notepad.
- To paste the output into Notepad, choose Edit > Paste.
- Choose File > Save As and save the Notepad file to your desktop as tracert1.txt.
c. Run tracert for each destination website and save the output in sequentially numbered files.
C:\> tracert www.afrinic.net C:\> tracert www.lacnic.net
d. Interpreting tracert outputs.
Routes traced can go through many hops and a number of different Internet Service Providers (ISPs), depending on the size of your ISP and the location of the source and destination hosts. Each “hop” represents a router.
Because computers talk in numbers, rather than words, routers are uniquely identified using IP addresses (numbers with the format x.x.x.x for IPv4 addresses). The tracert tool shows you what path through the network a packet of information takes to reach its final destination. The tracert tool also gives you an idea of how fast traffic is going on each segment of the network. Three packets are sent to each router in the path, and the return time is measured in milliseconds. Now use this information to analyze the tracert results to www.cisco.com. Below is the entire traceroute:
Below is the breakdown:
In the example output shown above, the tracert packets travel from the source PC to the local router default gateway (hop 1: 192.168.1.1) to the ISPs Point of Presence (POP) router (hop 2: 10.18.20.1). Every ISP has numerous POP routers. These POP routers are at the edge of the ISP’s network and are the means by which customers connect to the Internet. The packets travel along the Verizon network for two hops and then jump to a router that belongs to alter.net. This could mean that the packets have traveled to another ISP. This is significant because sometimes there is packet loss in the transition between ISPs, or sometimes one ISP is slower than another.
There is an Internet tool known as Whois. The Whois tool allows us to determine who owns a domain name. A web-based Whois tool is found at http://whois.domaintools.com/. This domain is also owned by Verizon according to the web-based Whois tool.
To summarize, Internet traffic starts at a home PC and travels through the home router (hop 1). It then connects to the ISP and travels through its network (hops 2-7) until it arrives at the remote server (hop 8). This is a relatively unusual example in which there is only one ISP involved from start to finish. It is typical to have two or more ISPs involved as displayed in the following examples.
e. Now examine an example that involves Internet traffic crossing multiple ISPs. Below is the tracert for www.afrinic.net:
What happens at hop 7? Is level3.net the same ISP as hops 2-6, or a different ISP? Use the Whois tool to answer this question.
At hop 7, the packet changes location. The ISP is not the same as hops 1-6.
What happens in hop 10 to the amount of time it takes for a packet to travel between Washington D.C. and Paris, as compared with hops 1-9?
On hops 1 through 9, most packets traverse your link in 50 ms or less. On the link from Washington, D.C. to Paris, the time increases to 132 ms.
What happens in hop 18? Do a Whois lookup on 168.209.201.74 using the Whois tool. Who owns this network?
The time to traverse a link in the network increases from 159 to 340 ms. Due to the time increase, the traffic is likely to go to a different network than the Layer 3 backbone. According to the Whois tool, the IP address (168.209.201.74) belongs to the African Network Information Center.
f. Type tracert www.lacnic.net.
What happens in hop 7?
The time it takes for a packet to traverse the network increases dramatically by more than four times: from approximately 40 ms to 180 ms. Did the students perform a Whois lookup of registro.br with the Whois web tool?: http://whois.domaintools.com/. If they did, the information they received was not that helpful. Did the students access http://translate.google.com/ to obtain a translation of Núcleo de Informação e Coordenação do Ponto? It would have been more useful to make a request for “top domain.br” in a search engine, which would have revealed that we were on a Brazilian network. Internet detective work can be fun.
Part 3: Trace a Route to a Remote Server Using Web-Based and Software Tools
Step 1: Use a web-based traceroute tool.
a. Use http://www.subnetonline.com/pages/network-tools/online-tracepath.php to trace the route to the following websites:
- www.cisco.com
- www.afrinic.net
Capture and save the output in Notepad.
www.cisco.com: TracePath Output: 1: pera.subnetonline.com (141.138.203.105) 0.157ms pmtu 1500 1: gw-v130.xl-is.net (141.138.203.1) 1.168ms 2: rt-eu01-v2.xl-is.net (79.170.92.19) 0.566ms 3: akamai.telecity4.nl-ix.net (193.239.116.226) 1.196ms www.afrinic.com: TracePath Output: 1: pera.subnetonline.com (141.138.203.105) 0.175ms pmtu 1500 1: gw-v130.xl-is.net (141.138.203.1) 0.920ms 2: rt-eu01-v2.xl-is.net (79.170.92.19) 0.556ms 3: xl-internetservices.nikhef.openpeering.nl (217.170.0.225) 10.679ms 4: r22.amstnl02.nl.bb.gin.ntt.net (195.69.144.36) asymm 5 4.412ms 5: ae-5.r23.londen03.uk.bb.gin.ntt.net (129.250.5.197) 49.349ms 6: ae-2.r02.londen03.uk.bb.gin.ntt.net (129.250.5.41) asymm 7 8.842ms 7: dimensiondata-0.r02.londen03.uk.bb.gin.ntt.net (83.231.235.222) 18.080ms 8: 168.209.201.74 (168.209.201.74) 196.375ms 9: csw4-pkl-gi1-1.ip.isnet.net (196.26.0.101) asymm 10 186.855ms 10: 196.37.155.180 (196.37.155.180) 185.661ms 11: fa1-0-1.ar02.jnb.afrinic.net (196.216.3.132) 197.912ms
How is the traceroute different when going to www.cisco.com from the command prompt (see Part 2) rather than from the online website? (Your results may vary depending upon where you are located geographically, and which ISP is providing connectivity to you.)
The tracert command run from the command prompt in part 1 ended up on a server in Cambridge, Massachusetts. The traceroute command executed from the website in the Netherlands reached a mirror server in the Netherlands. The cisco.com domain is hosted by numerous websites or mirror sites around the world. This is done so that access time to the site is fast from anywhere in the world.
Compare the tracert from Part 1 that goes to Africa with the tracert that goes to Africa from the web interface. What difference do you notice?
The route through Europe goes through another ISP. There is no single backbone to the Internet, there are actually many backbones to the Internet. They all connect to the interconnection points. Network performance at one ISP could be very different from network performance at another ISP.
Some of the traceroutes have the abbreviation asymm in them. Any guesses as to what this means? What is its significance?
It is an abbreviation for “asymmetric”. It means that the test packet took one route to reach the destination and a different route to return. Imagine a person driving from home to New York City. On the way to that city, he notices that the road is congested and that traffic is moving slowly. You might decide to go home by a different (or asymmetrical) route.
Step 2: Use VisualRoute Lite Edition.
VisualRoute is a proprietary traceroute program that can display the tracing path results graphically.
a. Please download the VisualRoute Lite Edition from the following link if it is not already installed:
http://www.visualroute.com/download.html
If you have any trouble downloading or installing VisualRoute, ask your instructor for assistance. Ensure that you download the Lite Edition.
b. Using VisualRoute, trace the routes to www.cisco.com.
c. Record the IP addresses in the path in Notepad.
Part 4: Compare Traceroute Results
Compare the traceroute results to www.cisco.com from Parts 2 and 3.
Step 1: List the path to www.cisco.com using tracert.
192.168.1.1 > 10.18.20.1 > 130.81.196.190 > 130.81.22.46 > 152.63.1.57 > 152.63.17.109 > 152.63.21.14 > 23.1.144.170
Step 2: List the path to www.cisco.com using the web-based tool on subnetonline.com.
141.138.203.105 > 141.138.203.1 > 79.170.92.19 > 19.239.116.226
Step 3: List the path to www.cisco.com using VisualRoute Lite edition.
192.168.1.17 > 192.168.1.1 > 10.18.20.1 130.81.196.188 > 130.81.151.1 130.81.22.46 > 152.63.9.249 > 152.63.17.109 > 152.63.21.14 > 23.1.144.170
Did all the traceroute utilities use the same paths to www.cisco.com? Explain.
Las rutas de rastreo entre el mismo origen y destino establecidas en diferentes momentos pueden producir distintos resultados. Esto se debe a la naturaleza de “malla” de las redes interconectadas que conforman Internet y a la capacidad de los protocolos de Internet para seleccionar diferentes rutas por las que se deben enviar paquetes.
Reflection
Having now viewed traceroute through three different tools (tracert, web interface, and VisualRoute), are there any insights that using VisualRoute provided that the other two tools did not?
Answers may vary. One possible detail is that VisualRoute graphically highlights the amount of time it takes to travel between hops on the Internet. Highlighting the slowest times in yellow and red makes it more clear that there are network problems along these links.
Appendix A
C:\> tracert www.cisco.com Tracing route to e144.dscb.akamaiedge.net [23.1.144.170] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms dslrouter.westell.com [192.168.1.1] 2 38 ms 38 ms 37 ms 10.18.20.1 3 37 ms 37 ms 37 ms G3-0-9-2204.ALBYNY-LCR-02.verizon-gni.net [130.81.196.190] 4 43 ms 43 ms 42 ms so-5-1-1-0.NY325-BB-RTR2.verizon-gni.net [130.81.22.46] 5 43 ms 43 ms 65 ms 0.so-4-0-2.XT2.NYC4.ALTER.NET [152.63.1.57] 6 45 ms 45 ms 45 ms 0.so-3-2-0.XL4.EWR6.ALTER.NET [152.63.17.109] 7 46 ms 48 ms 46 ms TenGigE0-5-0-0.GW8.EWR6.ALTER.NET [152.63.21.14] 8 45 ms 45 ms 45 ms a23-1-144-170.deploy.akamaitechnologies.com [23.1.144.170] Trace complete. C:\> tracert www.afrinic.net Tracing route to www.afrinic.net [196.216.2.136] over a maximum of 30 hops: 1 1 ms <1 ms <1 ms dslrouter.westell.com [192.168.1.1] 2 39 ms 38 ms 37 ms 10.18.20.1 3 40 ms 38 ms 39 ms G4-0-0-2204.ALBYNY-LCR-02.verizon-gni.net [130.81.197.182] 4 44 ms 43 ms 43 ms so-5-1-1-0.NY325-BB-RTR2.verizon-gni.net [130.81.22.46] 5 43 ms 43 ms 42 ms 0.so-4-0-0.XT2.NYC4.ALTER.NET [152.63.9.249] 6 43 ms 71 ms 43 ms 0.ae4.BR3.NYC4.ALTER.NET [152.63.16.185] 7 47 ms 47 ms 47 ms te-7-3-0.edge2.NewYork2.level3.net [4.68.111.137] 8 43 ms 55 ms 43 ms vlan51.ebr1.NewYork2.Level3.net [4.69.138.222] 9 52 ms 51 ms 51 ms ae-3-3.ebr2.Washington1.Level3.net [4.69.132.89] 10 130 ms 132 ms 132 ms ae-42-42.ebr2.Paris1.Level3.net [4.69.137.53] 11 139 ms 145 ms 140 ms ae-46-46.ebr1.Frankfurt1.Level3.net [4.69.143.137] 12 148 ms 140 ms 152 ms ae-91-91.csw4.Frankfurt1.Level3.net [4.69.140.14] 13 144 ms 144 ms 146 ms ae-92-92.ebr2.Frankfurt1.Level3.net [4.69.140.29] 14 151 ms 150 ms 150 ms ae-23-23.ebr2.London1.Level3.net [4.69.148.193] 15 150 ms 150 ms 150 ms ae-58-223.csw2.London1.Level3.net [4.69.153.138] 16 156 ms 156 ms 156 ms ae-227-3603.edge3.London1.Level3.net [4.69.166.154] 17 157 ms 159 ms 160 ms 195.50.124.34 18 353 ms 340 ms 341 ms 168.209.201.74 19 333 ms 333 ms 332 ms csw4-pkl-gi1-1.ip.isnet.net [196.26.0.101] 20 331 ms 331 ms 331 ms 196.37.155.180 21 318 ms 316 ms 318 ms fa1-0-1.ar02.jnb.afrinic.net [196.216.3.132] 22 332 ms 334 ms 332 ms 196.216.2.136 Trace complete. C:\> tracert www.lacnic.net Tracing route to lacnic.net [200.3.14.10] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms dslrouter.westell.com [192.168.1.1] 2 38 ms 37 ms 37 ms 10.18.20.1 3 37 ms 38 ms 40 ms G3-0-9-2204.ALBYNY-LCR-02.verizon-gni.net [130.81.196.190] 4 43 ms 42 ms 43 ms so-5-1-1-0.NY325-BB-RTR2.verizon-gni.net [130.81.22.46] 5 46 ms 75 ms 46 ms 0.ae2.BR3.NYC4.ALTER.NET [152.63.16.49] 6 43 ms 43 ms 43 ms 204.255.168.194 7 178 ms 182 ms 178 ms ge-1-1-0.100.gw1.gc.registro.br [159.63.48.38] 8 172 ms 180 ms 182 ms xe-5-0-1-0.core1.gc.registro.br [200.160.0.174] 9 177 ms 172 ms 181 ms xe-4-0-0-0.core2.nu.registro.br [200.160.0.164] 10 173 ms 180 ms 176 ms ae0-0.ar3.nu.registro.br [200.160.0.249] 11 184 ms 183 ms 180 ms gw02.lacnic.registro.br [200.160.0.213] 12 180 ms 179 ms 180 ms 200.3.12.36 13 182 ms 180 ms 180 ms www.lacnic.net [200.3.14.10] Trace complete.