Problem Statement Map of OSU Routers Gopi Krishna Tummala Rupam Kundu Graduate Students The Ohio State University
Significance Analyzing the map of routers helps to understand how internet works. how client host and a remote host in different places establishes a connection between them A map of routers can lead to localiztion
Traceroute In computing, traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. Traceroute: – list the router hops between the client host and a remote host. – The IP address and domain name (if there is one) of each router is returned to the client
Basic Concepts Each IP packet that you send on the internet has got a field called as TTL. TTL stands for Time To Live. TTL is measured by the no of hops. It is the maximum number of hops that a packet can travel through across the internet, before it is discarded. Each router that comes in between the source and destination will go on reducing the TTL value before sending to the next router.
Basic Concepts If the destination is not found even when TTL value becomes 0 the receiving router will drop the packet and informs the original sender. The information send by the router back to the original sender is called as "ICMP TTL exceeded messages". Of course in internet when you send something to a receiver, the receiver will come to know the address of the sender. Hence when an ICMP TTL exceeded message is sent by a router, the original sender will come to know the address of the router.
How Traceroute Works Traceroute makes use of this TTL exceeded messages to find out routers that come across your path to destination(Because these exceeded messages send by the router will contain its address). Traceroute works by sending UDP packets with gradually increasing TTL value, starting with TTL value of 1. The first router receives the packet, decrements the TTL value and drops the packet because it then has TTL value zero. The router sends an ICMP Time Exceeded message back to the source.
SourceRouter 1Router 2 Destination 1 st UDP packet TTL = 0 ICMP Time Exceeded TTL=1 Traceroute makes a note of the router’s address and the time taken for the round-trip. It sends two more packets in the same way to get an average value of the round-trip time. 2 nd UDP packet TTL=2 ICMP Time Exceeded TTL=1 TTL = 0 3rd UDP packet TTL=3TTL=2 TTL=1 UDP packet dropped due to error in port number ICMP Destination port Unreachable How Traceroute Works Once the destination is reached, Time exceeded ICMP message is NOT sent back this time because the destination has already been reached. But, the UDP packet used by Traceroute specifies the destination port number to be one that is not usually used for UDP. Hence, when the destination computer verifies the headers of the UDP packet, the packet gets dropped due to improper port being used and an ICMP message (this time – Destination Unreachable) is sent back to the source. When Traceroute encounters this message, it understands that the destination has been reached.
Installing Traceroute in Linux(using Terminal)
Executing Traceroute in Linux Program name Remote host domain name
Results of Traceroute in Linux Hop 1-4: OSU router
Traceroute in Windows Program name Remote host domain name
Traceroute results Hop 1-4: OSU routers
* means? The stars in the output mean that they are filtered, most likely by a firewall. traceroute to google.com ( ), 30 hops max, 60 byte packets 1 se4-vl3020.net.ohio-state.edu ( ) ms ms ms 2 kc1-forg2-3.net.ohio-state.edu ( ) ms ms ms 3 kc3-teng1-1.net.ohio-state.edu ( ) ms ms ms 4 clmbk-r9-xe-1-0-1s330.core.oar.net ( ) ms ms ms 5 clmbs-r9-xe-0-0-0s100.core.oar.net ( ) ms ms ms 6 clmbs-r5-xe-3-3-0s100.core.oar.net ( ) ms ms ms 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * *
OVERALL MAP ( data collected in following places on Campus)
At Physics research building, We observe 7-hops to exit ohio-state ip- space IP-Address of each hop is shown below Tracing route to google.com [ ] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms se4-vl1116.net.ohio-state.edu [ ] 2 9 ms <1 ms <1 ms se3-vl59.net.ohio-state.edu [ ] 3 5 ms 4 ms 2 ms ms <1 ms <1 ms se3-vl62.net.ohio-state.edu [ ] 5 1 ms <1 ms <1 ms se4-teng7-1.net.ohio-state.edu [ ] 6 8 ms 11 ms 43 ms kc1-forg2-3.net.ohio-state.edu [ ] 7 <1 ms <1 ms <1 ms kc3-teng1-1.net.ohio-state.edu [ ] 8 3 ms 1 ms 1 ms clmbk-r9-xe-1-0-1s330.core.oar.net [ ] 9 1 ms 1 ms 4 ms clmbn-r0-xe-1-2-1s100.core.oar.net [ ] 10 1 ms 1 ms 1 ms clmbn-r5-xe-4-2-0s100.core.oar.net [ ] 11 4 ms 4 ms 4 ms toldb-r5-et-1-0-0s100.core.oar.net [ ] ms 14 ms 14 ms ms 14 ms 14 ms ms 14 ms 14 ms ms 14 ms 14 ms ord31s22-in-f14.1e100.net [ ] Trace complete.
At Physics research building, We observe 7-hops to exit ohio-state ip- space IP-Address of each hop is shown below Yellow bulbs indicate wired experiment
At Caldwell building, We observe 3-hops to exit ohio-state ip- space white bulbs indicate wireless experiments
At Dreese Lab, We observe 3 to 4 hops to exit ohio-state ip-space
At Bakers system building, We observe 3 hops to exit ohio-state ip-space
At Thompson Library, We observe 3 to 4 hops to exit ohio-state ip-space
Observations First hop x.x.even.x routers
Observations using Wireless First hop x.x.odd.x DHCP servers
Observations 1)In most of the cases, ip-address of first hop changes from building to building and floor to floor(in case of wireless) 1)We observed first hop ip-address is always in the format of xx.xx.xx.1 and changes from floor to floor but the corresponding hop addresses remains the same. 1)We observed in Thompsons library odd numbers are DHCP servers and even numbers are routers. xx.xx.even.1 --> dhcp servers xx.xx.odd.1 --> routers
A step beyond the work Where am I ?? No GPS ! Track the IP-Address ??? Often the IP-Address registration and location are not updated. (Try searching where am I in Google )
A step beyond the work Solution : IP-based maps. (with location-IP map information, computer can be localized.) Additional benefits: 1)Protection against spoofing 2) Network analysis (which link has too much load)
END