Home / ubuntu / Questions / 114264
Accepted
Iszi
Asked: 2012-03-20 06:23:51 +0800 CST

What are the significant differences between tracepath and traceroute?

  • 772

I recently read a bit of an article on HowToGeek that has me scratching my head a little. I've got fairly little experience with Linux though, so forgive me if this is entry-level:

"The tracepath command is similar to traceroute, but it doesn’t require root privileges."

http://www.howtogeek.com/108511/how-to-work-with-the-network-from-the-linux-terminal-11-commands-you-need-to-know/

How do traceroute and tracepath perform a similar function, differently?

What does traceroute do, which requires root privileges, that tracepath doesn't?

Are there scenarios where one should prefer tracepath over traceroute, or vice-versa?

networking traceroute

4 Answers

  1. Best Answer

    How do traceroute and tracepath perform a similar function, differently?

    Both programs essentially do one thing: send and receive certain IP packets.

    A program can use the normal sockets API to do this, or it can manipulate the raw packets from the interface. The sockets API does not require root privileges, because it is fairly secure. There are mechanisms builtin to prevent one program from accessing IP packets that another program made.

    Tracepath uses the sockets API for all it's functionality. Traceroute manipulates raw packets for some of its functionality.

    What does traceroute do, which requires root privileges, that tracepath doesn't?

    It manipulates raw packets.

    To manipulate raw packets, you need root privileges because by doing this, you bypass the security mechanisms of the sockets API. You gain access to communications of all other processes and users using that interface. Just think about what a virus could do if it could manipulate raw packets.

    Are there scenarios where one should prefer tracepath over traceroute, or vice-versa?

    One advanced command available in Traceroute is the ability to run a network trace using IPv4 or IPv6 protocol. It is also possible to choose between ICMP, TCP or UDP data formats for a probe. Traceroute can choose specific source routings for the probe and choose what port to send from. It can set limits on the minimum and maximum TTL to accept from an outbound probe. IN addition, Traceroute can show the wait time for response pings as well as set how many packets are send in each probe and how many probes to send. Some of these commands may not be supported by networking hardware along the path, which could terminate the probe before it reaches its target destination.

    sources: 1 2 3

    • 75

  2. You can use traceroute for advanced network tracing , you can choose between IPv4 and Ipv6 protocols , you can also choose between ICMP, TCP or UDP data formats for a probe.

    So traceroute has more advanced options than tracepath which uses UDP packets for tracing.

    Now about superuser privileges :

    you can use traceroute with both a normal user and a superuser that depends on the option you want to use , here is an example :

    enter image description here

    Here we are using UDP packets which doesn't need superuser privileges

    enter image description here

    Here we are using ICMP echo packets which need privileges .

    By ICMP packets you can make DDOS attack.

    To learn about ICMP options Traceroute Man Page

    To view traceroute options type in terminal man traceroute

    ICMP need super user privileges , to ensure just administrators can use some of its options , because it can be used to make ping of death and collecting information about a specific network , the privilege here will give the super user the ability to change options using ICMP packets.

    That you can see it , when you try to ping so websites like www.microsoft.com , your ping will fail even its online, and that because Microsoft routers block ICMP_requests .

    So linux protect the system from unprivileged user , so they can not use this commands for attacking .

    • 15

  3. i think you have to read this http://www.ehow.com/list_7526520_differences-between-traceroute-tracepath.html

    From the above link:

    TracePath

    Tracepath traces a path to a designated network address, reporting on the "time to live" or TTL lag and maximum transmission units (MTU) along the way. This command can be run by any user other with access to the command line prompt.

    Traceroute Basics

    Traceroute is essentially the same as Tracepath except that by default, it will only give the TTL value. If you want additional data, you must request those variables on the command line. Also, traceroute requires superuser access to run the command on a Linux box, and some advanced data requests may not be supported by all of the routers along the path. In a Windows environment, any user with access to the command line can run Traceroute.

    • 4

  4. ping and traceroute use the ICMP protocol. Like UDP and TCP this is accessible through the normal sockets API. Only UDP and TCP port numbers less than 1024 are protected from use, other than by root. ICMP is freely available to all users.

    If you really want to see how ping and traceroute work you can download an example C code implementation for them from CodeProject.

    In short, they simple open an ICMP socket, and traceroute alters the increments the TTL using setsockopt until the target is reached.

    Source : Link

    • 2