Traceroute Interview Questions and Answers # 7

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys in this video i'm going to explain about uh one of the most frequently asked entry question about the trace root command so we will see why do we use traceroute how traceroute works what is the ttl value used in the trace route will the source and destination ip changes in the traceroute process how the source knows the destination ip is reached and what protocol used in address route so trace route is a very powerful tool when you are doing the ip reachability troubleshooting so these are some of the expected questions in a networking interview related to traceroute i'm going to use a cisco packet tracer tool uh to explain about how the traceroute works and also how to find answers for all these questions so this is my cisco packet tracer tool so i have some 5 routers router 0 1 2 3 and 4. i'm going to initiate a trace from 10.10.1.1 to the destination tonti.1.2 so when i initiate a trace the packet travels vr router one two three and four and we will see how uh trace route works uh when i initiate the command tracer from router zero so before i uh start doing that i will just quickly explain why the traceroute is used basically let's say when you initiate a ping from uh router 0 that is 1010 1.1 to the destination 20.1.2 and let's say the ping fails you can give a trace route command to find where exactly the packet uh getting dropped in the path right so so basically when you initiate a trace route the result shows what are the hops it went through to reach the destination let's say when i initiate a tracer from uh ten.10.1.1 to the destination 2021.2 the packet reaches router one and the traceroute the first job we will see this ip then the router to the second hop and third hop you'll see this ip and finally the destination router so basically traceroute gives the information what are the hops and its ip address it traverses to reach the destination ip address so the trace root commands reveals the ip address of the devices in the path to reach its destination so i will first explain the theory what happens when i initiate the trace route from router 0 that is from 1010 1.1 to reach router 4. when i give the command trace route and then this destination ip 2020 1.2 in the router the source router the traceroute process initiates a icmp request packet to this destination that is a 2020 1.2 and it will set the first packet of the trace route it will first set the ttl value as one so the packet uh sent out uh to the the immediate nest hop basically the router checks in the routing table for the entry 20.20.1.2 it checks the desktop ip address is 1010 1.2 the process sends it to the nest up ip address that is router 1 router 1 receives that packet the destination ip it's there in the routing table or not it will check let's say if the routing entry is there uh it knows to reach 2021.2 it has to send the packet out of this database but uh before that it will reduce the ttl value by one so the default behavior of a router is that when it receives the packet and before it forwards to the next router it will reduce the ttl value by one uh since this particular trace route uh the first packet that we send with the detail value one it sends a message back to the source that the ttl uh is aspired so that is the icmp ttl spared message from router 1 to router 0 with the source ip of 1010 1.2 and destination 1010 1.1 now this router 0 receives that packet and it notes down the source ip 1010 1.2 and it notes down the first hop in the path to reach the destination is 10 10 1.2 now it will send by default three icmp packets in a test router output i will show that and after that it will send another icmp packet to the destination 2021.2 with the ttl value 2. so now this time again the router uh source router sends the packet to router one this time router one receives it and it checks the routing table it knows uh the desktop uh to reach 2021.2 is 10.10.2.2 that is router 2 ip address now it reduces the ttl value by 1 now the ttl value becomes 1 and the packet is sent out of router 1 and router 2 receives it and router 2 also checks in his routing table for the destination ip2021.2 it knows to reach 22.20.1.2 it has to send the packet out of uh this interface to reach router 3. the nest of ipv will be 2020 2.2 but before it sends the packet out it the default behavior is to decrease the detail value by one and when it does the detail value becomes zero so now router two will send an icmp ttl spread message back to the source that is 10.10.1.1 now this is detailed aspect message will be sent from router 2 to router 1 and router 1 to the source 10.10.2 so now this icmp ttl spread message sent with the source ip address of for ten.tender 2.2 and destination ip address 10.10.1.1 so now the source knows the second half in the path to the destination is 10.10.2.2 now the source router will again send the icmp um to the destination 2021.2 with a ttl value of 3. now the same process continues router 1 receives it reads the detail value makes it 2 router 2 receives it reduces detailed value by 1 that it will become value 1 now it reaches out to 3. now router 3 it knows to send the packet to 2021.2 it has to send over this interface which is directly connected but this time again it will reduce the detail value by 1 and now the ttl value become 0 router 3 will send a ttl aspired message with the source ip address of 2020 2.2 and destination ip 10.10.1.1 so that packet that icmp ttlsphere message packet goes to router 2 1 and then reaches the source router now the source router notes down the iprs of uh the the device that responding the dtl expert message that is 2022.2 so it notes down uh the third hop in the path to reach the destination is 2022.2 now it will send the icmp packet with the detail value 4 and router 1 reduces by 1 it becomes 3 router 2 again reduces by 1 becomes 2 now router 3 receives it and it reduced by one now the detail will become one and then it reaches to router four now router four is the actual uh destination this packet in the routing environment it will be routers will use a when it initiates it because it's actually sends with a udp packet with a random port number basically i will show in the packet capture when that packet reaches router 4 the router 4 will send a port untraceable message so that packet again goes back to router 3 2 1 and then the source router when the source router sees the port unreachable message it knows it has reached the destination to which the trace route was initiated so this is the process now we will see in the simulation mode so this is the router cli i'm going to initiate the trace route to 20.20.1.2 that is our destination ip20.20.1.2 so the traceroute is initiated now let's see in the simulation mode you can see it's a basically a udp packet i'll open up and see the traceroute process starts the nest trace the device encrypts the pu into a udp segment and you can see it's basically an ip packet with the source ip 10.10.1.1 destination 2021.2 and udp you can see the destination port number 33434 basically since udp packet such a random port number so that basically there is no service listening on this port number that's why you will get a reply when it reaches the destination actually when it reaches 2021.2 you will see a port unreachable message okay now we'll see the next command if i give it will initiate icmp packet you can see this icmp packet okay you will see this one this is the second packet the second packet which is going from uh you can see in the screen going from zero to one that is from 0 to 1 actually we will open up this packet and see you can see the dtl value set to 1 there is the first packet going out so when it reaches the router 1 the router 1 sends icmp dtlsp message you can see the device sends a nice empty detail spare message and in the router i just want to show that you can see there is no entry right now but when the ttl spread message reaches the source router you will see there is an entry okay now it reaches and you can see it notes on the first hop that is 10.10.1.2 sensor reply detail is paired and this is the one packet on icmp packet totally it will send three icmp packet for each uh um you know iteration of that you know cycle for one particular hop you can see that again it sends it will send icmp reply now you will see that second packet how much time it took now the third one so when you get an icmps replay message you'll see all that so um for each hop basically it will send three icmp request each with the detail value 1 so now it will send an icmp packet with the detail value 2. so this packet if you open and see you can see the detail value is set to 2 and the source ip destination app remains the same now this packet will reach router 1. so router 1 have an entry to reach this destination 2021.2 so it will send it to router 2 but it will reduce the detail value from 2 to 1. so this packet if i open and see so you can see it release the detail value 1 and then it will be sent to router 2 and router 2 receives it it knows there is a entry to reach 20.20.1.2 but since the detail value is one it when it reduces to reduces the title value by one it becomes zero then it becomes a ttl spare basically you can see the packet atlas where the device sends nice mp uh time accelerate message back to the sender and drops the packet so it will like uh do for like three iteration now let's see on the router right now there is no entry when it reaches the source router it will not down that ip that is router 2's ip address 10.10.2.2 you can see it notes down 10.10.2.2 that's the first icmp packet now again it sends it totally sent three packets actually and one more thing to note down is that this icmp uh time exceeded message when the icmp reply packet comes with the time uh actual message that ttl will be like 255. you can check that here you can see when the packet coming from the source 10.10.2.2 that is router 2's ip address tender 10.2.2 the reply becomes a 255 when it reaches here it becomes 254 like that it will keep reducing you can see the second packet with its millisecond how much time it took now it sends one more icmp packet the third one and then it replace back so you can see all the three icmp packets time detail is given now it will send another icmp packet with the detail value 3. you can open and see that you can see the source ip10.10.1.1 destination201.2 and the detail value is three now the packet goes to router one the ttl become to here let's confirm that okay still three it's not remove it when it sends out it becomes three yeah it reduces by two here now the packet is sent out to three so this packet when you open and see it will be one so the detail becomes one when reaches router three and the router three uh before it's sent to router four it has reduced it to reduce it by one so it will become um spared and you can see the device sends an icmp time exceeded message back to its sender so this packet when it reaches here and check the header so the detail is 255 the source ip is 20.2.2 which is nothing but router 3's ip address you can see the source ip 2020 2.2 that is router 3's ip address interface ip address 2020 2.2 and it's ending to the center destination ip 10.10.1.1 which is the actual source where the trace was initiated now when it reaches router 1 [Music] we'll see the source the source will be same destination will same the detail is reduced to 254. now if you open the source router you can see it notes down the that hop to reach the destination 2022.2 that is router 3 ip address now it will send one more packet so totally three packets will be sent so once all sent and received you can see it took like six milliseconds to reach the that hop and then get the replay back now it will send icmp with the ttl value four let's open up and see the packet itself we can see the detail value set to 4 sources 10 10 1.1 destination 2020.1.2 so it goes to router 1 detail releases 1 by there and then 2 and then 3 now in 3 let's open this packet you can see it is all going like a udp packet but if you open up and see and the detailed value how it gets reduced there the udp source porter destination issue port actually now the packet is going to reach router 4 which is the actual destination we will see what happens there uh so so far we will see a crash mark on the icmp packet itself because it says icmp ttl as paired now first time you will see a grass mark on the green green represents the udp packet we will see what happens there so the interface receives the frame and it checks the entry is there for the mac and ip entry is also there and there is no service running listening on this port that is the destination port 33434 the device drops the segment that is for this particular destination port there is no service listening here that is expected actually and ideally it sends a you can see the device sends back an icmp port unbreachable message so when the source 10.1.1 receives this icmp port unreachable message it knows that the traceroute you know process reached the actual destination ip and we are getting that's the reason uh we are getting the icmp port and ritual message instead of icmp time accelerated message the ttl expert message actually and again that will happen uh thrice and you can see the actual destination 20 dot you can see the trace rule initiative for 2021.2 that finally they entered here and also you can see this router in the path let's open up and see the icmp ttl values it keeps reduces in the each up in the reply the default value is 255 and they each hop when it replies uh it gets reduced only thing to note here is when the icmp sorry the trace route is initiated from this router uh that type we will uh deliberately change the ptl value like one two three on each iteration in order to find the uh hops what are the hops it passes to reach the destination but the icmp port unreachable or the icmp time accident reply that is coming from the each hop in the path it uses a default ttl value that is 255. only the traceroute process uh sets the ttl value when initiated from the source like one two three uh for each of the hop until it reaches the destination that is the default behavior of the trace route see okay so this is the last one port unreachable message is coming back to the source router okay now you can see the trace route completed in the source to reach the destination uh 2021.2 it has gone through 10.1.1.10.1.1.1.2 there is this router 1 interface ip address the second hop is 10. 2.2 that is router 2 interface ip address 10.10.2.2 then the third half is 2020 2.2 which is nothing but router 3 interface ip address then the final destination ip 2020 1.2 now coming back to the the possible questions for traceroute like why do we use stress route that i uh explained in the beginning like to find what are the hops uh in between uh we travel to reach the destination ip we'll use the trace route and the mainly we use for troubleshooting purpose like when you initiate a ping for a destination ip which is not directly connected and if the ping is not working we can initiate a trace route to that particular destination and we can see where exactly uh the ping drops where for example when i initiate a ping from router 0 the ping is failing and when i initiate a trace route from uh the source there is 10.1.1.1 and sorry 10. 10.1.1 and destination 201.2 and the trace route drops um let's say uh the traceroute drops at a tender tender 2.2 like in the in the tracer do you see 10.2 and 10.10.2.2 and after that the trace route is completely stopped you don't see anything then you can suspect some problem between router 2 and router 3 because if the ip reachability is there between these two routers there can be another entry for 2020 2.2 so in the tray suit if you see only 10.10.1.2 under 10.10.2.2 it means the router uh one and router three uh the ip reachability uh uh till router one and two it is there and after that between router 2 and 3 there might be some problem maybe this connection is completely down or can be due to some routing issues it can be anything basically we are not able to reach till router 3 because 2022.2 entry is not uh available uh i'm just saying like uh in the routing in the traceroute you you see only this uh 1010 to 1.2 and the 1010 2.2 and after that you see only like a stars uh you know you don't see any entry coming apart so that basically uh signifies that the router able to reach only first two hops and after that there is no ip reachability it could be because of many reasons actually and the second question is like how trace it works that i explained before showing the demo in the packet tracer and mainly the candidate will be tested with what is the ttl value used in the trace route so uh this question when a trace route initiated from the source the first uh icmp packet goes with dtl value one and after that the second time when you get a reply detail and title spared the second time you uh send the icmp packet with the tdl2 so basically the source router from where you're initiating the trace route the detail value is set by the traceroute process depends upon the reply it getting right so the detail value is not a constant one basically uh that is keep changing um starting from one two three depending upon the number of hops in the path but uh when you asked about uh the td value of a icmp packet it generally uh showed it shows only 255 that is uh you can say when the ttl time exceeded uh icmp packet there is a reply package coming from the heat hop the detail value is 255 and gets reduced on the heat shop in the path back to the source that is something expected the default value and so that is the difference when the question is asked about the detail value the source router where you initiating the trace route that can change the detail value but the packets that are coming back to you either ttl icmp details paired message or icmp for trying triple undisabled message whatever the default value the icmp protocol uses it uses the same value and will the source and destination ip changes in the traceable process the actual source and destination basically remains same but this icmp ttl spared messages and icmp port and digital messages you can see um the source where the tpl is getting spared that particular router source uh the interface ip address will be your source in the replay packets so basically you can see that a particular each hop that particular hub sets its own ip address as a source ip address to inform the source router that the detail is spared like that so the ip you can say it is changing on the reply packets so that the source knows to reach uh the destination uh you know we have to go through these hops basically so basically from the source router perspective uh when the trace route is initiated the source ip destination ip remains the same only when the ttl spared messages you know you're getting from each hop the icmp protocol sets the source ip of the interface which is sending the reply so how the source knows the destination ip is reached like i showed in the packet tracer when the source router receives port unreachable message it knows only when the destination uh ip is sending that reply right it's it says basically we reach the end destination so the device which is going to send a reply uh basically that packet which you initiate from the trace route whatever the destination type you set we have reached the destination ip and that destination ip we are sending a udp packet with a port number three four three four and that destination ip address the device not listening on that particular port number so only that particular destination ip can send a reply back the port icmp port unreachable message not any other device in the path right so so that's why uh the source knows that whenever it receives that port unreachable message is received the source knows that the particular destination ip we have reached and that particular destination ip not listening on any uh port hence it is sending a port and reachable message so basically the source router knows how we reach the destination by looking at that icmp port unreachable message so what protocol used in the trace route that is looking at packet razer you can easily say that icmp is the protocol the traceroute uses and it uses it by changing its ctl value from the source router so you can simply say icmp is the protocol basically used by the trace route um in order to find each hop in the path by changing its detail value from the default real values so these are some of the possible questions that can be asked related to trace route but once you know how the trace route works completely uh step by step and at each point uh what will be the source ip destination ip uh when the packet is initiated from uh the source router and when the icmp ttl spare message comes back uh to the source what will be the source ip and destination ap um you should be able to know the person taking interview can stop you at each of this point and can question what will be the source ip what is the destination ip and what will be the ttl value at this particular uh uh point when router 2 sends icmp uh time accelerated message back to router 1 you know so like that the person can ask the questions just to make sure you know the candidate understands the complete uh tc uh trace route process and like i said when the trace route is not fully getting completed from source to destination and looking at the uh trace like in the entry uh how you can determine up to which point uh the packet has reached and where exactly uh you know um the drop is happening uh like one example i told like if you see only these two entry 10 10 1.2 and 10 10 2.2 and after that you are not seeing 2022.2 uh it say it basically proves the route packet is able to reach till router 2 and after that right now in the diagram i show only one link but in the real time there can be multiple links to reach the destination so router 2 basically not able to forward the packet to the destination that will be useful when you actually troubleshooting the ip reachability issues you can log into router 2 and then do all the troubleshooting why it's not able to forward the packet till 202.1.2 the actual destination so it's basically a very powerful tool for troubleshooting so definitely this question can be asked in the interview like how the trace route works and when you explain the process you should be able to you know explain each and every step how the source determines um each hop to reach the destination thanks for watching the video and don't forget to subscribe to my channel and hit the bell button so that next time when i upload another um interview questions you will get an alert

Info

Channel: SivakumarNetLabs

Views: 159

Rating: 5 out of 5

Keywords: how traceroute works, how trace route works, how trace-route works, traceroute interview questions, traceroute network interview questions, why do we need traceroute, what is the ttl value used in traceroute, Tac engineer interview questions, cisco interview questions, juniper interview questions, jtac interview questions, arista interview questions, nokia tac interview questions, versa networks interview questions, juniper networks interview questions

Id: jj6hJckkaYQ

Channel Id: undefined

Length: 32min 7sec (1927 seconds)

Published: Mon Sep 13 2021