UNIX for Dummies Questions & Answers

I understand the concept of traceroute - can anyone explain the output to me e.g. 39ms 39ms 39ms are these the times for each trip it takes? Assuming each machine is pinged 3 times.

and how does the RTT work? Is this the time it takes from one machine to another because it doesn't look like it's accumulative. Any basic explanation would be lovely thanks.

The traceroute program constructs an ip datagram addressed to the destination that you specify. But it sets the TTL to one and sends it out. The first router in the path to the destination gets this datagram and decrements the TTL. When is sees that the TTL just became zero, it discards the datagram. It also sends ICMP error back to the source. When traceoute gets the ICMP error, it calculates how long this took and displays the result. It repeats this process two more times. So you get three numbers for the first hop.

Next it sets the TTL to 2 and send out three more datagrams, and prints out 3 more results. This is line two of the display.

And so on, until it reaches the destination or it reaches the max hops.

Those numbers that are being displayed are called the RTT's for each hop.

No the numbers are not cumulative. Routers, especially in a WAN environment have variable loads. What you want to do is look for anything unusual. To know what "unusual" is, you need to run traceroute a lot when stuff is working ok.

This utility is intended for use in network testing, meas-
urement and management. It should be used primarily for
manual fault isolation. Because of the load it could impose
on the network, it is unwise to use traceroute during
normal operations or from automated scripts.
raju

Perderabo - is the RTT the time it takes for my machine to send the IP datagram and retrieve an ICMP packet back?

If so, can I increase the number of packets sent so I can calculate a median value for RTT to each server in the traceroute?

If I take the mean then the stats might be way off the mark because I have seen some RTT's that are very extreme.

raju - can you explain a bit more about the network loading issues when using traceroute in an automated script?

Why is the network loaded?
Are the ICMP packets a problem?
Does traceroute have much effect on the network?
What other issues does traceroute product?

NB: I am looking to use traceroute in a script as part of a trail test on a network.

The traceroute program knows when it sent the test datagram and it knows when it gets the ICMP error. And yes, the RTT is the difference between the two. But traceroute is not the kernel. Traceroute can't tell when the error arrived at the local host. It has to wait to run just like any other program in a timesharing system.

No you can't increase the number of packets, it is stuck at three.

As you have noted, the standard deviation is so high that taking the mean would be silly. Acquiring enough data to produce a useful mean is not possible. If you try, you will drive network performance way down.

For the most part, I agree with raju. Only I do think that you should run netstat several times a day so you have baseline. So I do think some running of traceroute (manually) during normal operations is appropriate. But for the most part, traceroute is intended to diagnose network malfunctions.

Thanks Perderabo, didn't consider the kernel in all this. I think I'll have a deeper search of Traceroute on the man pages, I obviously don't know enough about it.

I don't think the network perfomance will be much of an issue as the traceroute will not be designed to flood the network just a snap shot to collate and contribute to a baseline and highlight any areas where latency might be occurring.

NB: i did find out that the packets aren't fixed and can be increased ( i have to do that in my script ) using the -q flag