Here i have the response when i use commands ping and tracert for google.com
Now, i am still new to networking, but i need to know how to interpret the response that i got here:
1) First off, i need to know how many packets were sent in both cases, with ping it's easy, since it says explicitly that 4 packets were sent.
How can i know how many packets was sent using tracert command? I only can read number of hops from the response to tracert.
2) Now,how can i know the size of IP packets in both cases?
With ping i have 32 bytes of data and 20 bytes of IP header, but i don't know the size of ICMP header (it might be 8 bytes as it is in UDP, but i don't know for sure)
on the other hand, with tracert, theres no info about size of data being sent so i don't know anything.
3) How many different packets were sent in terms of IP header in first and in second case? (I have no idea how to answer this, i thought that IP header is not changing when sending echo request, but i don't know about tracert)
4) How many there way double sided TCP connections were established with google.com when we were sending these messages?
I suppose that answer is zero, since both ping and tracert use ICMP protocol. Is that correct?
Any help appreciated!
Best Answer
Traceroute works by sending packets with increasing time-to-live values. Different versions of traceroute send different kinds of packets, but the basic idea is that either a) the packet arrives at the target, which answers, or b) a router in the way sees the TTL is expired and sends a error ICMP packet back. As this whole business is unreliable in many ways, most traceroutes send packets with each TTL three times. Your example therefore shows 27 packets. Just to repeat, it emphatically does not show you the route from A to B; it shows the points at which 27 packets gave up. Which if the route isn't changing, might show you something of the normal route for normal packets, but this is just a guess from the backscatter of the failed packets.
The normal way to find out about the size of packets is to use a packet analyser such as tcpdump or Wireshark (or its commandline sister tshark). You don't have enough information in your question to have an answer to this. To find out the details of ICMP packets, see RFC 792.
The best way to see the different headers is to look at the them with a packet analyser; but basically the ping IP headers are the same from one to the next (but the ICMP values differ); while in the traceroute the headers have different TTL values.
Obviously there's no TCP in ping, so none there. In the traceroute, only three packets reached the target. Often these are UDP packets, receiving ICMP Port Unreachable packets; depending on the traceroute implementation they might be TCP opens, also receiving Port Unreachable, but just by accident might hit an open port and receive a SYN-ACK, but that won't count as a full three-way handshake to open both sides of the TCP connection.