ping and traceroute(tracert)

1、ping程序简介

这个程序是Mike Muuss编写的。目的是测试另外一台机子是否可达。运用的协议就是ICMP。运用的是ICMP的回显应答和请求回显两个类型。以前呢,能ping通说明能够进行比如ftp,telnet等操作,不能ping通就不能做这样的操作。但是发展到现在,这个关系已经不成立了。很多防火墙都可以屏蔽掉ping。

ICMP请求和回显报文格式:(图片是网上下载的一个)


可以看清楚其中的内容,ICMP报文格式太多了。所以针对的来说说。这个就是ping程序使用的ICMP报文。

注意其中几点:

第一、一般实现来说,ICMP报文中的标识符设置成发送进程的ID,这样即使一台机运行多个ping程序也不会混乱(unix就是这么做的。)。

第二、客户发送的选项数据,必须回显。这个我想我们ping一个IP地址,返回的内容很多,比如:

ping and traceroute(tracert)_第1张图片


回显的内容有字节,时间,ttl等。

这个有什么用。计算时间就是一个例子:

ping计算时间是根据ICMP报文中存放的发送请求的时间来计算往返时间的。也就是说并不是我们会自己记录一个时间。当应答返回,用当前时间减去ICMP报文中的时间值,就是往返时间。


对于ping,我们看到的是一个顺序的输出,req为1的在req为2的前面。但是实际上也可能出现相同的分组序号,还有N+1的序号在N之前的。这都可能出现,尤其是在广域网中进行ping。

ping提供了一个-R选项,提供记录路由功能。记录路由功能就是将途经的路由器地址加入到IP数据包中。最多只能放9个IP地址。因为首部长度60byte,IP头部20byte,减去3byte的路由记录功能的选项(也就是一些控制字段,比如类型,长度,指针)。剩下37bytes,只能放9个IP地址了。

注意这个路由记录功能只是记录出口IP地址。比如一个路由有2个IP地址链接两个不同的网络,记录只是记录出口的IP地址。出。

最新的win8系统不支持-R选项。

ping是不经过TCP/UDP的。


2、traceroute\tracert

原理:

当路由器接受到一个IP数据包的时候,如果TLL为0或1就不转发该数据包,并给信息源发送一个ICMP超时信息。这个ICMP信息的IP报文的信源地址是该路由器的IP地址(这是traceroute的关键)。


traceroute的做法是:

发送一个TTL为1的IP数据包给目的主机,处理这个数据包的第一个路由器将TTL减去1,丢弃数据包,并发送ICMP超时。这样就得到第一个路由器的IP地址了(这个在ICMP数据中有)。然后traceroute继续发送TTL为2的数据包给目的地址,这样就可以得到第二个路由IP,一直继续。那么怎么判断数据包到了目的地呢??

Traceroute程序发送IP数据包是包含UDP数据,但是udp选择一个不可能的值作为udp端口,使任何一个应用都不可能使用该端口。那么到达目的地的时候,主机将产生一个端口不可达的ICMP错误。这样就可以通过判断返回的ICMP错误类型知道是否已经达到目的地了。


注意了,这个traceroute计算时间的跟ping不一样。traceroute是保存了数据包发送的时间,当收到一个icmp数据包的时候,得到系统当前时间,减去之前保存的时间就是RTT时间。

ping是在回显中存储了时间。所以ping更加能够准确。

为什么traceroute没有跟ping一样呢,因为ICMP只返回出错的IP数据包的前8个字节,这8个字节就是udp的头部。因此没有返回traceroute存储的时间。


ICMP这个协议是IP的附属协议,因为它是用来控制差错的,所以非常有用。这个协议也是非常复杂的。


附录:

下面来一个ping的源代码。在linux 下运行(我是没有运行成功)

/*
 *            P I N G . C
 *
 * Using the InterNet Control Message Protocol (ICMP) "ECHO" facility,
 * measure round-trip-delays and packet loss across network paths.
 *
 * Author -
 *    Mike Muuss
 *    U. S. Army Ballistic Research Laboratory
 *    December, 1983
 * Modified at Uc Berkeley
 *
 * Changed argument to inet_ntoa() to be struct in_addr instead of u_long
 * DFM BRL 1992
 *
 * Status -
 *    Public Domain.  Distribution Unlimited.
 *
 * Bugs -
 *    More statistics could always be gathered.
 *    This program has to run SUID to ROOT to access the ICMP socket.
 */

#include <stdio.h>
#include <errno.h>
#include <sys/time.h>

#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/file.h>

#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netdb.h>

#define    MAXWAIT        10    /* max time to wait for response, sec. */
#define    MAXPACKET    4096    /* max packet size */
#define VERBOSE        1    /* verbose flag */
#define QUIET        2    /* quiet flag */
#define FLOOD        4    /* floodping flag */
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN    64
#endif

u_char    packet[MAXPACKET];
int    i, pingflags, options;
extern    int errno;

int s;            /* Socket file descriptor */
struct hostent *hp;    /* Pointer to host info */
struct timezone tz;    /* leftover */

struct sockaddr whereto;/* Who to ping */
int datalen;        /* How much data */

char usage[] =
"Usage:  ping [-dfqrv] host [packetsize [count [preload]]]\n";

char *hostname;
char hnamebuf[MAXHOSTNAMELEN];

int npackets;
int preload = 0;        /* number of packets to "preload" */
int ntransmitted = 0;        /* sequence # for outbound packets = #sent */
int ident;

int nreceived = 0;        /* # of packets we got back */
int timing = 0;
int tmin = 999999999;
int tmax = 0;
int tsum = 0;            /* sum of all times, for doing average */
int finish(), catcher();
char *inet_ntoa();

/*
 *             M A I N
 */
main(argc, argv)
char *argv[];
{
    struct sockaddr_in from;
    char **av = argv;
    struct sockaddr_in *to = (struct sockaddr_in *) &whereto;
    int on = 1;
    struct protoent *proto;

    argc--, av++;
    while (argc > 0 && *av[0] == '-') {
        while (*++av[0]) switch (*av[0]) {
            case 'd':
                options |= SO_DEBUG;
                break;
            case 'r':
                options |= SO_DONTROUTE;
                break;
            case 'v':
                pingflags |= VERBOSE;
                break;
            case 'q':
                pingflags |= QUIET;
                break;
            case 'f':
                pingflags |= FLOOD;
                break;
        }
        argc--, av++;
    }
    if(argc < 1 || argc > 4)  {
        printf(usage);
        exit(1);
    }

    bzero((char *)&whereto, sizeof(struct sockaddr) );
    to->sin_family = AF_INET;
    to->sin_addr.s_addr = inet_addr(av[0]);
    if(to->sin_addr.s_addr != (unsigned)-1) {
        strcpy(hnamebuf, av[0]);
        hostname = hnamebuf;
    } else {
        hp = gethostbyname(av[0]);
        if (hp) {
            to->sin_family = hp->h_addrtype;
            bcopy(hp->h_addr, (caddr_t)&to->sin_addr, hp->h_length);
            hostname = hp->h_name;
        } else {
            printf("%s: unknown host %s\n", argv[0], av[0]);
            exit(1);
        }
    }

    if( argc >= 2 )
        datalen = atoi( av[1] );
    else
        datalen = 64-8;
    if (datalen > MAXPACKET) {
        fprintf(stderr, "ping: packet size too large\n");
        exit(1);
    }
    if (datalen >= sizeof(struct timeval))    /* can we time 'em? */
        timing = 1;

    if (argc >= 3)
        npackets = atoi(av[2]);

    if (argc == 4)
        preload = atoi(av[3]);

    ident = getpid() & 0xFFFF;

    if ((proto = getprotobyname("icmp")) == NULL) {
        fprintf(stderr, "icmp: unknown protocol\n");
        exit(10);
    }

    if ((s = socket(AF_INET, SOCK_RAW, proto->p_proto)) < 0) {
        perror("ping: socket");
        exit(5);
    }
    if (options & SO_DEBUG) {
        if(pingflags & VERBOSE)
            printf("...debug on.\n");
        setsockopt(s, SOL_SOCKET, SO_DEBUG, &on, sizeof(on));
    }
    if (options & SO_DONTROUTE) {
        if(pingflags & VERBOSE)
            printf("...no routing.\n");
        setsockopt(s, SOL_SOCKET, SO_DONTROUTE, &on, sizeof(on));
    }

    if(to->sin_family == AF_INET) {
        printf("PING %s (%s): %d data bytes\n", hostname,
          inet_ntoa(to->sin_addr), datalen);    /* DFM */
    } else {
        printf("PING %s: %d data bytes\n", hostname, datalen );
    }
    setlinebuf( stdout );

    signal( SIGINT, finish );
    signal(SIGALRM, catcher);

    /* fire off them quickies */
    for(i=0; i < preload; i++)
        pinger();

    if(!(pingflags & FLOOD))
        catcher();    /* start things going */

    for (;;) {
        int len = sizeof (packet);
        int fromlen = sizeof (from);
        int cc;
        struct timeval timeout;
        int fdmask = 1 << s;

        timeout.tv_sec = 0;
        timeout.tv_usec = 10000;

        if(pingflags & FLOOD) {
            pinger();
            if( select(32, &fdmask, 0, 0, &timeout) == 0)
                continue;
        }
        if ( (cc=recvfrom(s, packet, len, 0, &from, &fromlen)) < 0) {
            if( errno == EINTR )
                continue;
            perror("ping: recvfrom");
            continue;
        }
        pr_pack( packet, cc, &from );
        if (npackets && nreceived >= npackets)
            finish();
    }
    /*NOTREACHED*/
}

/*
 *             C A T C H E R
 * 
 * This routine causes another PING to be transmitted, and then
 * schedules another SIGALRM for 1 second from now.
 * 
 * Bug -
 *     Our sense of time will slowly skew (ie, packets will not be launched
 *     exactly at 1-second intervals).  This does not affect the quality
 *    of the delay and loss statistics.
 */
catcher()
{
    int waittime;

    pinger();
    if (npackets == 0 || ntransmitted < npackets)
        alarm(1);
    else {
        if (nreceived) {
            waittime = 2 * tmax / 1000;
            if (waittime == 0)
                waittime = 1;
        } else
            waittime = MAXWAIT;
        signal(SIGALRM, finish);
        alarm(waittime);
    }
}

/*
 *             P I N G E R
 * 
 * Compose and transmit an ICMP ECHO REQUEST packet.  The IP packet
 * will be added on by the kernel.  The ID field is our UNIX process ID,
 * and the sequence number is an ascending integer.  The first 8 bytes
 * of the data portion are used to hold a UNIX "timeval" struct in VAX
 * byte-order, to compute the round-trip time.
 */
pinger()
{
    static u_char outpack[MAXPACKET];
    register struct icmp *icp = (struct icmp *) outpack;
    int i, cc;
    register struct timeval *tp = (struct timeval *) &outpack[8];
    register u_char *datap = &outpack[8+sizeof(struct timeval)];

    icp->icmp_type = ICMP_ECHO;
    icp->icmp_code = 0;
    icp->icmp_cksum = 0;
    icp->icmp_seq = ntransmitted++;
    icp->icmp_id = ident;        /* ID */

    cc = datalen+8;            /* skips ICMP portion */

    if (timing)
        gettimeofday( tp, &tz );

    for( i=8; i<datalen; i++)    /* skip 8 for time */
        *datap++ = i;

    /* Compute ICMP checksum here */
    icp->icmp_cksum = in_cksum( icp, cc );

    /* cc = sendto(s, msg, len, flags, to, tolen) */
    i = sendto( s, outpack, cc, 0, &whereto, sizeof(struct sockaddr) );

    if( i < 0 || i != cc )  {
        if( i<0 )  perror("sendto");
        printf("ping: wrote %s %d chars, ret=%d\n",
            hostname, cc, i );
        fflush(stdout);
    }
    if(pingflags == FLOOD) {
        putchar('.');
        fflush(stdout);
    }
}

/*
 *             P R _ T Y P E
 *
 * Convert an ICMP "type" field to a printable string.
 */
char *
pr_type( t )
register int t;
{
    static char *ttab[] = {
        "Echo Reply",
        "ICMP 1",
        "ICMP 2",
        "Dest Unreachable",
        "Source Quench",
        "Redirect",
        "ICMP 6",
        "ICMP 7",
        "Echo",
        "ICMP 9",
        "ICMP 10",
        "Time Exceeded",
        "Parameter Problem",
        "Timestamp",
        "Timestamp Reply",
        "Info Request",
        "Info Reply"
    };

    if( t < 0 || t > 16 )
        return("OUT-OF-RANGE");

    return(ttab[t]);
}

/*
 *            P R _ P A C K
 *
 * Print out the packet, if it came from us.  This logic is necessary
 * because ALL readers of the ICMP socket get a copy of ALL ICMP packets
 * which arrive ('tis only fair).  This permits multiple copies of this
 * program to be run without having intermingled output (or statistics!).
 */
pr_pack( buf, cc, from )
char *buf;
int cc;
struct sockaddr_in *from;
{
    struct ip *ip;
    register struct icmp *icp;
    register long *lp = (long *) packet;
    register int i;
    struct timeval tv;
    struct timeval *tp;
    int hlen, triptime;

    from->sin_addr.s_addr = ntohl( from->sin_addr.s_addr );
    gettimeofday( &tv, &tz );

    ip = (struct ip *) buf;
    hlen = ip->ip_hl << 2;
    if (cc < hlen + ICMP_MINLEN) {
        if (pingflags & VERBOSE)
            printf("packet too short (%d bytes) from %s\n", cc,
                inet_ntoa(ntohl(from->sin_addr))); /* DFM */
        return;
    }
    cc -= hlen;
    icp = (struct icmp *)(buf + hlen);
    if( (!(pingflags & QUIET)) && icp->icmp_type != ICMP_ECHOREPLY )  {
        printf("%d bytes from %s: icmp_type=%d (%s) icmp_code=%d\n",
          cc, inet_ntoa(ntohl(from->sin_addr)),
          icp->icmp_type, pr_type(icp->icmp_type), icp->icmp_code);/*DFM*/
        if (pingflags & VERBOSE) {
            for( i=0; i<12; i++)
                printf("x%2.2x: x%8.8x\n", i*sizeof(long),
                  *lp++);
        }
        return;
    }
    if( icp->icmp_id != ident )
        return;            /* 'Twas not our ECHO */

    if (timing) {
        tp = (struct timeval *)&icp->icmp_data[0];
        tvsub( &tv, tp );
        triptime = tv.tv_sec*1000+(tv.tv_usec/1000);
        tsum += triptime;
        if( triptime < tmin )
            tmin = triptime;
        if( triptime > tmax )
            tmax = triptime;
    }

    if(!(pingflags & QUIET)) {
        if(pingflags != FLOOD) {
            printf("%d bytes from %s: icmp_seq=%d", cc,
              inet_ntoa(from->sin_addr),
              icp->icmp_seq );    /* DFM */
            if (timing) 
                printf(" time=%d ms\n", triptime );
            else
                putchar('\n');
        } else {
            putchar('\b');
            fflush(stdout);
        }
    }
    nreceived++;
}


/*
 *            I N _ C K S U M
 *
 * Checksum routine for Internet Protocol family headers (C Version)
 *
 */
in_cksum(addr, len)
u_short *addr;
int len;
{
    register int nleft = len;
    register u_short *w = addr;
    register u_short answer;
    register int sum = 0;

    /*
     *  Our algorithm is simple, using a 32 bit accumulator (sum),
     *  we add sequential 16 bit words to it, and at the end, fold
     *  back all the carry bits from the top 16 bits into the lower
     *  16 bits.
     */
    while( nleft > 1 )  {
        sum += *w++;
        nleft -= 2;
    }

    /* mop up an odd byte, if necessary */
    if( nleft == 1 ) {
        u_short    u = 0;

        *(u_char *)(&u) = *(u_char *)w ;
        sum += u;
    }

    /*
     * add back carry outs from top 16 bits to low 16 bits
     */
    sum = (sum >> 16) + (sum & 0xffff);    /* add hi 16 to low 16 */
    sum += (sum >> 16);            /* add carry */
    answer = ~sum;                /* truncate to 16 bits */
    return (answer);
}

/*
 *             T V S U B
 * 
 * Subtract 2 timeval structs:  out = out - in.
 * 
 * Out is assumed to be >= in.
 */
tvsub( out, in )
register struct timeval *out, *in;
{
    if( (out->tv_usec -= in->tv_usec) < 0 )   {
        out->tv_sec--;
        out->tv_usec += 1000000;
    }
    out->tv_sec -= in->tv_sec;
}

/*
 *            F I N I S H
 *
 * Print out statistics, and give up.
 * Heavily buffered STDIO is used here, so that all the statistics
 * will be written with 1 sys-write call.  This is nice when more
 * than one copy of the program is running on a terminal;  it prevents
 * the statistics output from becomming intermingled.
 */
finish()
{
    putchar('\n');
    fflush(stdout);
    printf("\n----%s PING Statistics----\n", hostname );
    printf("%d packets transmitted, ", ntransmitted );
    printf("%d packets received, ", nreceived );
    if (ntransmitted)
        if( nreceived > ntransmitted)
            printf("-- somebody's printing up packets!");
        else
            printf("%d%% packet loss", 
              (int) (((ntransmitted-nreceived)*100) /
              ntransmitted));
    printf("\n");
    if (nreceived && timing)
        printf("round-trip (ms)  min/avg/max = %d/%d/%d\n",
        tmin,
        tsum / nreceived,
        tmax );
    fflush(stdout);
    exit(0);
}
//E*O*F ping.c//

给一个可以在windows下运行成功的ping,这个ping是别人写的,时间计算等跟官方的不一样,但是也能够运行得到结果。仅供参考。


// ping.cpp : 定义控制台应用程序的入口点。
//
/*
改程序ping自己和ping一些内网不存在IP,不会经过wireshark
*/
#include <tchar.h>
#include <winsock2.h>
#pragma comment(lib,"ws2_32")
#include <stdio.h>
#include <string.h>
#include "Ws2tcpip.h"
typedef struct icmp_hdr
{
 unsigned char   icmp_type;  // 类型
 unsigned char   icmp_code;  // 代码
 unsigned short  icmp_checksum; // 校验和
 //下面内容对于不同类型和代码有不同的内容
 unsigned short  icmp_id;  // 标识符
 unsigned short  icmp_sequence; // 序列号
 //下面是选项数据
 unsigned long   icmp_timestamp; // 时间戳
} ICMP_HDR, *PICMP_HDR;

typedef struct _IPHeader  // 20字节的IP头
{
 UCHAR     iphVerLen;      // 版本号和头长度(各占4位)
 UCHAR     ipTOS;          // 服务类型 
 USHORT    ipLength;       // 封包总长度,即整个IP报的长度
 USHORT    ipID;           // 封包标识,惟一标识发送的每一个数据报
 USHORT    ipFlags;        // 标志
 UCHAR     ipTTL;          // 生存时间,就是TTL
 UCHAR     ipProtocol;     // 协议,可能是TCP、UDP、ICMP等
 USHORT    ipChecksum;     // 校验和
 ULONG     ipSource;       // 源IP地址
 ULONG     ipDestination;  // 目标IP地址
} IPHeader, *PIPHeader;

USHORT checksum(USHORT* buff, int size)
{
 unsigned long cksum = 0;
 while(size>1)
 {
  cksum += *buff++;
  size -= sizeof(USHORT);
 }
 // 是奇数
 if(size)
 {
  cksum += *(UCHAR*)buff;
 }
 // 将32位的chsum高16位和低16位相加,然后取反
 cksum = (cksum >> 16) + (cksum & 0xffff);
 cksum += (cksum >> 16);  
 return (USHORT)(~cksum);
}

 

int main(int argc, char* argv[])
{
 // Validate the parameters
 if (argc != 2) {
  printf("usage: %s ipv4 address\n", argv[0]);
  printf("  to return the host\n");
  printf("       %s 127.0.0.1\n", argv[0]);
  return 1;
 }

 WSADATA wsaData;
 WORD sockVersion = MAKEWORD(2, 2);
 //加载winsock库
 if(WSAStartup(sockVersion, &wsaData) != 0)
  return 0;
 //建立原始套接字
 SOCKET sRaw = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
 //超时时间
 int OutTime=100;
 //设置超时
 setsockopt(sRaw, IPPROTO_IP, IP_TTL, (char*)&OutTime, sizeof(OutTime));

 SOCKADDR_IN dest;
 dest.sin_family = AF_INET;
 dest.sin_port = htons(0);
 
 //填写ping主机地址
 char *host_name = argv[1];

 // If the user input is an alpha name for the host, use gethostbyname()
 // If not, get host by addr (assume IPv4)
 printf("ping %s...\n", host_name);
 if (isalpha(host_name[0])) 
 {        /* host address is a name */
  struct hostent *remoteHost = gethostbyname(host_name);//可以ping域名
  dest.sin_addr.S_un.S_addr = *(u_long *) remoteHost->h_addr_list[0];
 } 
 else 
  dest.sin_addr.S_un.S_addr = inet_addr(argv[1]);


 char buff[sizeof(ICMP_HDR)];
 ICMP_HDR* pIcmp = (ICMP_HDR*)buff;
 
 char recvBuf[1024];

 SOCKADDR_IN from;
 int nLen = sizeof(from);
 while(TRUE)
 {
  static int nCount = 0;
  int nRet;
  if(nCount++ == 4)
   break;
  //类型8
  pIcmp->icmp_type = 8;
  //代码0
  pIcmp->icmp_code = 0;
  //标识符为本进程id
  pIcmp->icmp_id = (USHORT)GetCurrentProcessId();
  //检验和先填充为0
  pIcmp->icmp_checksum = 0;
  //时间戳为系统运行时间
  pIcmp->icmp_timestamp = GetTickCount();
  //计算检验和
  pIcmp->icmp_checksum = checksum((USHORT*)buff, sizeof(ICMP_HDR) );
  
  //发送ICMP回显请求数据报
  nRet = sendto(sRaw, buff, sizeof(ICMP_HDR) , 0, (SOCKADDR *)&dest, sizeof(dest));
  //发送错误,提示并退出程序
  if(nRet == SOCKET_ERROR)
  {
   printf(" sendto failed %d\n",WSAGetLastError());
   return 0;
  }

  nRet = recvfrom(sRaw, recvBuf, 1024, 0, (sockaddr*)&from, &nLen);
  if(nRet == SOCKET_ERROR)
  {
   if(WSAGetLastError() == WSAETIMEDOUT)
   {
    printf(" timed out\n");
    continue;
   }

   printf(" recvfrom failed \n");
   return 0;
  }

  //得到当前系统运行时间
  int nTick = GetTickCount();
  //得到IP首部
  IPHeader *Iphdr=(IPHeader*)recvBuf;
  //判断是其后是否是ICMP报文
  if(Iphdr->ipProtocol!=0x01)
  {
   printf("this is not a icmp packet\n");
   return 0;
  }
  //定位到ICMP报文首部
  ICMP_HDR* pRecvIcmp = (ICMP_HDR*)(recvBuf + sizeof(IPHeader));
  //判断收到的报文是否和我们发送的报文相对应
  if(pRecvIcmp->icmp_id != GetCurrentProcessId())
  {
   printf("this is another icmp packet\n");
   return 0;
  }
  //输出ping主机的ip
  printf("Reply from %s: ",inet_ntoa(from.sin_addr));
  //输出收到的字节数
  printf("bytes=%d ",nRet);
  //输出从发送数据报到收到数据报所经历的时间
  printf("time=%dms\n",nTick - pRecvIcmp->icmp_timestamp);
  //Sleep(100);
 }
 return 0;
}



参考书籍:《TCP/IP详解卷1》


你可能感兴趣的:(ping,traceroute,tracert)