大家好,又见面了,我是你们的朋友全栈君。
命令:mtrXXX.XXX.XXX.XXX
效果:
如果加上-n参数可以显示IP而不是反向解析成域名:
例如mtr -nXXX.XXX.XXX.XXX
![Machine generated alternative text:[ve .75] Dancentos65 Keys: Help 4. 777 19.9 35 1.4 29 13.8 13.8 79.1* 196 .129 .78 .199 2.4 3.4 (G.G.G.G) Display mode Resta rt statistics Orde r fields my quit t race route sun Jan 19 2916 Packets Loss* Snt Host 777 777 777 . 193.9.8.2G . 189 .149.129.157 . 229 .181 . 219.142.1.157 . 219.141.139.154 19. Las t Pings Avg Best 1.7 Wrst StDev 9.2](http://qn.javajgs.com/20220616/7e1caa5d-c899-475b-86ae-a74c273002bf20220616b1d60661-a5b6-4258-8bb9-87a1743caa4e1.jpg)
mtr的工作原理:
利用IP报文头部的TTL值来进行探测
我们以目标IP为106.120.78.190为例:
抓包见附件,我们看到如下的交互过程:
前4个报文展开来看:
第一个:
![Machine generated alternative text:Frame Number 106. 120.78. 106.120.78.190 106.120.78.190 106.120.78.190 106.120.78.190 168, 0 4 168, 0 4 106.120.78.190 168 0 4 168, 0 4 106.120.78.190 168 0 4 168, 0 4 106.120.78.190 168 0 4 168, 0 4 106.120.78.190 219.141.133.238 168, 0 4 168, 0 4 106.120.78.190 168 0 4 168, 0 4 168 0 4 Frame Details 01 192. 168 Time Date Local Adjusted 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 2016/1/8 Time Offset 4.6975380 4.7979270 4.8382820 4.9986560 5.0992710 5.1770390 5.1791640 2772790 2891540 3776130 3810560 5.4779790 4818690 5.5783070 .5808840 5.6786170 5.6811270 7699750 .8612980 5.9526660 6.0440380 1354480 Source 192. 04 192.16804 192.168 0 4 192.168 0 4 192.168 0 .9.8.18 Destnaton 106.120.78.190 106.120.78.190 106.120.78.190 106.120.78.190 192. 106.120.78.190 192. 106.120.78.190 192. 106.120.78.190 106.120.78.190 106.120.78.190 106.120.78.190 106.120.78.190 106.120.78.190 106.120.78.190 106.120.78.190 106.120.78.190 Protocol Name ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP Descripton ICMP:Echo Reauest Messaae, From ICMP:Echo Request Message, From ICMP:Echo Request Message, From ICMP:Echo Request Message, From ICMP:Echo Request Message, From ICMP:Tme Exceeded Message ICMP:Echo Request Message, From ICMP:Tme Exceeded Message ICMP:Echo Request Message, From ICMP:Tme Exceeded Message ICMP:Echo Request Message, From ICMP:Tme Exceeded Message ICMP:Echo Request Message, From ICMP:Tme Exceeded Message 192. 168.0. To 192. 168.0.4 To 192. 192. 192. 103 192. 180 192. 192. 192. 192. 192. 149.129.157 218.30.112.137 220.181.0.57 106.120.78.190 106.120.78.190 192.168 0 192.168 0 4 192.168 0 4 192.168 0 4 192.168.0.4 192. 192. 192. 192. 78, 192.168. o. 192.168. o. 192.168. o. 192.168. o. 192,168.0. 4 To 4 To 4 To 4 To 4 To ICMP: ICMP: ICMP ICMP: ICMP: ICMP ICMP• Echo Request Message, From •Echo Reply Message, From 106.120.78.190 To 192.168.014 Echo Request Message, From 192.168.014 To 106.120.78. :Echo Reply Message, From 106.120.78.190 To 192.168.014 Echo Request Message, Echo Request Message, •Echo Request Message, •Echo Request Message, . Echo Reouest Messaoe. x A-BC] , sourc, Packet ID 190 From 192.168.014 To 106.120.78.190 From 192.168.014 To 106.120.78.190 From 192.168.014 To 106.120.78.190 From 192.168.014 To 106.120.78.190 From 192.168.014 To 106.120.78.190 Frame : Number IS, Captured Frame Length Medi al yep e — ETHERNET Hex Details Decode As Width Ethernet: E type = Internet IP (IPv4) , DestinationAddress: [12—34—56—78 Ipv4: Src 192.168.0.4, Dest 106.120. 78.190, Next Protocol ICMP, Versions: IPv4, Internet Protocol; DifferentiatedServicesFieId: DSCP: Header Length o, Ecu. Total Length: 64 (Ox40) Identification: 40231 (Ox9D27) 1 (Oxl) checksum: 41651 (OxA2B3) SourceAddress: 192. 168. 0.4 DestinationAddress: 106. 120. 78. lcmp: Echo Request Message, From 190 20 106.120.78 0000 0006 oooc 0012 0018 001E 0024 002A 0030 0036 oosc 0042 0048 12 oo 08 oo oo oo oo oo oo 34 17 oo 27 78 oo oo oo oo oo oo oo co oo oo oo oo oo oo 78 oo oo BE oo oo oo oo oo oo 09 oo oo 08 oo oo oo oo oo oo 40 04 oo 80 oo oo oo oo oo oo 190](http://qn.javajgs.com/20220616/55234b7e-b8d6-446a-b616-a8a9628391f9202206162e3f0b3a-678f-4b41-9f3e-84663ef13cc01.jpg)
第二个:
![Machine generated alternative text:Frame : Number 19, Captured Frame Length = 78, MediaTy-pe — ETHERNET g„Ethernet: E type = Internet IP (IPv4) , DestinationÄddress: [12—34—56—78 Ipv4: Src 192.168.0.4, Dest 106.120. 78.190, Next Protocol ICMP, A-BC] , sourc Packet ID Versions: IPv4, Internet Protocol; DifferentiatedServicesFieId: DSCP: Total Length: 64 (Ox40) Identification: 40232 (Ox9D28) 2 (Ox2) Nextprotocol: ICMP, 1 checksum: 41394 (OxAIB2) SourceAddress: 192. 168. 0.4 Header Length o, Ecu: 20 DestinationÄddress: 106. 120. 78. 190 lcmp: Echo Request Message, From 192.168. 106.120.78 190](http://qn.javajgs.com/20220616/293fd948-4cf5-48a5-9fb2-d6677f905817202206165b845a81-4555-41d6-b5c5-46c0e1d3c3a71.jpg)
第三个第四个的TTL分别为3和4。
即向目的端依次发TTL=1,TTL=2,TTL=3…的ICMP报文,当TTL=1时,到达第一个路由之后,就直接返回了,如果该路由没有任何返回结果,则在mtr界面上就显示为???,这也是为什么我们的结果中前4跳都显示为???,应该是对应的azure设备。
接着,在TTL=5的报文发出后,我们收到了103.9.8.18返回的TimeExceeded Message,即这一跳的设备返回TTL过期的错误给我们,所以也就知道了这一跳的IP地址以及可达性。
依次类推,继续发送TTL+1的ICMP报文,直到真正我们mtr的目的IP返回了一个ICMP响应报文:
然后再重新开始TTL=1的新一轮探测。
上面实验的前提是为虚拟机指定了PIP,这样回显的ICMPTime Exceeded Message才能够到达主机从而知道每一跳的地址。
在Azure虚拟机中做了一下tracert,发现原理和mtr相同,配置PIP后同样可以显示出结果:
![Machine generated alternative text:106 .120.?8.190 racing route to 196.78 .126.106 . static .bätelecom.net uer a maximum OF 30 hops: 30 ms 30 ms 36 ms 42 ms 43 ms 32 ms 31 ms [106.120.?8.190] 36 42 31 Request timed out. Request timed out. Request timed out. Request timed out. 42.159.128.80 180.149.129.15? Request timed out. 219.142.1.15? bä141-158-1?4.bäte1ecom.net [219 .141 .158.174] ms 196.78 .126.106 . static .bätelecom.net [106 .120.78. 90] race complete .](http://qn.javajgs.com/20220616/1f66e49a-55e6-45e9-b68c-57e107e3958c202206166e6a3b27-a407-4f1d-808d-f210fa5aad391.jpg)
同时,从抓包也可以看出,tracert计算延迟时间是通过发送ICMP报文与收到Time Exceeded Message的时间差来计算的,例如:
![Machine generated alternative text:www.baidu.com racing route to www.a.shifen.com [220.181 .112.244] uer a maximum OF 30 hops: 180.149.129.15? 220.181.112.244 Request timed out. Request timed out. Request timed out. Request timed out. 42.159.128.80 Request timed out. Request timed out. 220.181.1?.22 Request timed out. race 30 ms 30 ms complete . 30 ms 30 ms 32 35](http://qn.javajgs.com/20220616/274ac58c-efbd-499b-9806-df8ca17c709120220616afdf817a-0275-4bdb-87ee-a7a707c125591.jpg)
看到第6跳,两次超时加一次32ms,从抓包来看,前两次没有收到Time Exceeded Message:
最后,又在虚拟机配置PIP的情况下使用traceroute进行了实验,发现traceroute的原理是发送UDP报文(也可以使用-I参数指定使用ICMP报文),同样利用TTL递增的原理,同样可以收到Time Exceeded Message的ICMP报文,但是却没有显示任何结果,原因是尽管收到了Time Exceeded Message,但是traceroute并不像mtr一样会对响应时间和丢包率进行统计,或者像tracert一样利用Time Exceeded Message的返回时间进行计算,因此当3次Time ExceededMessage收到后,traceroute就判断这个node不可达,所以在结果中就只能看到全是*的情况。
当指定-I参数时,traceroute会使用ICMP报文进行探测而非UDP,因此当到达实际要探测的目的端IP时,目的端IP会返回Echo Reply Message:
此时,能够看出中间经过的跳数(但是每一跳的IP不会回显),以及到这个目的端IP的延迟:
而使用UDP的时候,没有ICMP的Echo Reply Message,所以探测会一直持续下去没有任何结果(知道达到最大跳数30):
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/148771.html原文链接:https://javaforall.net
