Lab - Tracing a Route

Objectives
Part 1: Verifying Network Connectivity Using Ping
Part 2: Tracing a Route to a Remote Server Using Traceroute
Part 3: Trace a Route to a Remote Server Using Web-Based Traceroute Tool

Background
Tracing a route will list each routing device that a packet crosses as it traverses the network f rom source to
destination. Route tracing is typically executed at the command line as:
tracert <destination network name or end device address>
(Microsof t Windows systems)
or
traceroute <destination network name or end device address>
(Unix and similar systems)
The traceroute (or tracert) tool is of ten used f or network troubleshooting. By showing a list of routers
traversed, it allows the user to identif y the path taken to reach a particular destination on the network or
across internetworks. Each router represents a point where one network connects to another network and
through which the data packet was f orwarded. The number of routers is known as the number of "hops" the
data traveled f rom source to destination.
The displayed list can help identif y data f low problems when trying to access a service such as a website. It
can also be usef ul when perf orming tasks such as downloading data. If there are multiple websites (mirrors)
available f or the same data f ile, one can trace each mirror to get a good idea of which mirror would be th e
f astest to use.
Two trace routes between the same source and destination conducted some time apart may produce dif f erent
results. This is due to the "meshed" nature of the interconnected networks that comprise the internet and the
Internet Protocols’ ability to select different pathways over which to send packets.
Command-line-based route tracing tools are usually embedded with the operating system of the end device.

Scenario
Using an internet connection, you will use two route tracing utilities to examine the internet pathway to
destination networks. First, you will verif y connectivity to a website. Second, you will use the traceroute utility
on the Linux command line. Third, you will use a web -based traceroute tool (https://gsuite.tools/traceroute).

Required Resources
• CyberOps Workstation VM
• Internet access

Instructions

Step 1: Verifying Network Connectivity Using Ping

a. Start the CyberOps Workstation VM. Log into the VM with the f ollowing credentials:

© 2018 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 4 www.netacad.com
Lab - Tracing a Route

Username: analyst
Password: cyberops
b. Open a terminal window in the VM to ping a remote server, such as www.cisco.com.
[analyst@secOps ~]$ ping -c 4 www.cisco.com
PING e2867.dsca.akamaiedge.net (184.24.123.103) 56(84) bytes of data.
64 bytes from a184-24-123-103.deploy.static.akamaitechnologies.com (184.24.123.103):
icmp_seq=1 ttl=59 time=13.0 ms
64 bytes from a184-24-123-103.deploy.static.akamaitechnologies.com (184.24.123.103):
icmp_seq=2 ttl=59 time=12.5 ms
64 bytes from a184-24-123-103.deploy.static.akamaitechnologies.com (184.24.123.103):
icmp_seq=3 ttl=59 time=14.9 ms
64 bytes from a184-24-123-103.deploy.static.akamaitechnologies.com (184.24.123.103):
icmp_seq=4 ttl=59 time=11.9 ms

--- e2867.dsca.akamaiedge.net ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 11.976/13.143/14.967/1.132 ms

c. The f irst output line displays the Fully Qualif ied Domain Name (FQDN) e2867.dsca.akamaiedge.net. This
is f ollowed by the IP address 184.24.123.103. Cisco hosts the same web content on dif f erent servers
throughout the world (known as mirrors). Theref ore, depending upon where you are geographically, the
FQDN and the IP address will be dif f erent.
Four pings were sent and a reply was received f rom each ping. Because each ping received a response,
there was 0% packet loss. On average, it took 3005 ms (3005 milliseconds) f or the packets to cross the
network. A millisecond is 1/1,000th of a second. Your results will likely be dif ferent.

Step 2: Tracing a Route to a Remote Server Using Traceroute

Now that basic reachability has been verif ied by using the ping tool, it is helpf ul to look more closely at each
network segment that is crossed.
Routes traced can go through many hops and a number of dif ferent Internet Service Providers (ISPs),
depending on the size of your ISP and the location of the source and destination hosts. Each “hop” represents
a router. A router is a specialized type of computer used to direct traf f ic across the internet. Imagine taking an
automobile trip across several countries using many highways. At dif f erent points in the trip you come to a
f ork in the road in which you have the option to select f rom several dif f erent highways. Now f urther imagine
that there is a device at each f ork in the road that directs you to take the correct highway to your f inal
destination. That is what a router does f or packets on a network.
Because computers talk in binary or hexadecimal numbers, rather than words, routers are uniquely identif ied
using IP addresses. The traceroute tool shows you what path through the network a packet of inf ormation
takes to reach its f inal destination. The traceroute tool also gives you an idea of how f ast traf f ic is going on
each segment of the network. Packets are sent to each router in the path, and the return time is measured in
milliseconds.

© 2018 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 4 www.netacad.com
Lab - Tracing a Route

Note: CyberOps Workstation VM network settings may need to be set to bridged adapter if you are not
getting any traceroute results. To check your network settings, go to: Machine > Settings, select Network,
the tab Adapter 1, Attached to: Bridged Adapter.

To do this, the traceroute tool is used.

a. At the terminal prompt, type traceroute www.cisco.com.
[analyst@secOps ~]$ traceroute www.cisco.com
traceroute to www.cisco.com (184.24.123.103), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 6.527 ms 6.783 ms 6.826 ms
2 10.39.176.1 (10.39.176.1) 27.748 ms 27.533 ms 27.480 ms
3 100.127.65.250 (100.127.65.250) 27.864 ms 28.570 ms 28.566 ms
4 70.169.73.196 (70.169.73.196) 29.063 ms 35.025 ms 33.976 ms
5 fed1bbrj01.xe110.0.rd.sd.cox.net (68.1.0.155) 39.101 ms 39.120 ms 39.108 ms
6 a184-24-123-103.deploy.static.akamaitechnologies.com (184.24.123.103) 38.004 ms
13.583 ms 13.612 ms

b. If you would like to save the traceroute output to a text f ile f or later review, use the right carat (>) and the
desired f ilename to save the output in the present directory. In this example, the traceroute output is
saved in the /home/analyst/cisco -traceroute.txt f ile.
[analyst@secOps ~]$ traceroute www.cisco.com > cisco-traceroute.txt
You can now enter the cat cisco-traceroute.txt command to view the output of the trace stored in the
text f ile.
c. Perf orm and save the traceroute results f or one of the f ollowing websites. These are the Regional Internet
Registry (RIR) websites located in dif ferent parts of the world:
Af rica: www.afrinic.net
Australia: www.apnic.net
Europe: www.ripe.net
South America: www.lacnic.net
Note: Some of these routers along the route may not respond to traceroute.

Step 3: Trace a Route to a Remote Server Using Web-Based Traceroute Tool

a. Open a web browser in the VM and search f or a visual traceroute tool that you can use in the web
browser. Try going to the f ollowing website: https://gsuite.tools/traceroute
b. Enter any website you wish. Example: www.cisco.com and press Trace.

© 2018 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 4 www.netacad.com
Lab - Tracing a Route

Note: If you get the error “SEC_ERROR_OCSP_FUTURE_RESPONSE” in Firef ox then the CyberOps
Workstation clock/time is incorrect. To f ix the time enter the f ollowing command to update the clock/time
then ref resh the web browser and enter the visual trace:
[analyst@secOps ~]$ sudo ntpd -qg
Question:

Review the geographical locations of the respond ing hops. What did you observe regarding the path?
Type your answers here.

Reflection Question
How is the traceroute dif f erent when going to www.cisco.com or other websites f rom the terminal (see Part 2)
rather than f rom the online website? (Your results may vary depending upon where you are located
geographically, and which ISP is providing connectivity to your school.)
Type your answers here.

End of document

© 2018 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 4 www.netacad.com