《Cisco技术网》-你会使用ping&trace吗?

Understanding the Ping and Traceroute Commands

yUmi#
sh start
!
Written by yUmis(牛奶咖喱) a.k.a. 红头发
Description 欢迎转po,请保留作者信息
Homepage http://www.show-tym.com
QQ 13030130
Jun.27th.2004
!

什么是ping?
ping是Packet Internet Groper的缩写,这个命令是最常见的用于检测网络设备可访问性的方法.它使用Internet Control Message Protocol(ICMP)的echo信息可以来决定:
1.远程设备是否可用
2.与远程主机通信的来回旅程(round-trip)的延迟(delay)
3.包(packet)的丢失情况

ping是如何工作的?
首先,ping发送echo request packet到某个地址,然后等待应答(reply),当echo request到达目标地址以后,在一个有效的时间内(timeout之前)返回echo reply packet给源地址.这样即说明能够ping通
(Cisco的router的timeout值默认为2秒)

下面是一个在启用了debug ip packet detail命令之后使用ping命令的输出内容的例子.(注意该debug命令将占用router大量的CPU资源甚至可能导致网络负载过大直至崩溃,记得在使用完毕以后no debug all)
Router1#debug ip packet detail
IP packet debugging is on (detailed)

Router1#ping 12.0.0.2
Type escape sequence to abort.
Sending 5, 100 byte ICMP Echos to 12.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

Router1#
Jan 20 15:54:47.487: IP: s=12.0.0.1 (local), d=12.0.0.2 (Serial0), len 100,
sending
Jan 20 15:54:47.491: ICMP type=8, code=0
这是12.0.0.1发送到10.0.0.2的ICMP包,type=8说明是echo(详见后面的类型示意图)
Jan 20 15:54:47.523: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 100,
rcvd 3
Jan 20 15:54:47.527: ICMP type=0, code=0
来自10.0.0.2的应答,type=0说明是echo reply(详见后面的类型示意图)

ICMP type & code示意图如下:

此主题相关图片如下：

一些返回的符号的含义如下:
1.叹号(!)代表成功收到响应
2.句号(.)代表在等待应答的时候超时间
3.U代表目标不可达(destination unreachable)或接收到错误的PDU
4.Q代表source quench,说明目标地址过于繁忙
5.M代表不能分片(fragment)
6.问号(?)代表未知的包的类型
7.符号&代表包的生存期(lifetime)超出

为什么我不能ping通?
来看一个例子.如下图:

此主题相关图片如下：

先看下4个router的配置,如下:
Router1#
!
!
interface Serial0
ip address 12.0.0.1 255.255.255.0
no fair-queue
clockrate 64000
!
!
Router2#
!
!
interface Serial0
ip address 23.0.0.2 255.255.255.0
no fair-queue
clockrate 64000
!
interface Serial1
ip address 12.0.0.2 255.255.255.0
!
!
Router3#
!
!
interface Serial0
ip address 34.0.0.3 255.255.255.0
no fair-queue
!
interface Serial1
ip address 23.0.0.3 255.255.255.0
!
!
Router4#
!
!
interface Serial0
ip address 34.0.0.4 255.255.255.0
no fair-queue
clockrate 64000
!
!

我们来试试在Router1上ping Router4:
Router1#ping 34.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
5个句号说明了结果失败

接下来启用debug ip packet detail实时监测,看下到底发生了什么:
Router1#debug ip packet

IP packet debugging is on

再来ping Router4:
Router1#ping 34.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds:
Jan 20 16:00:25.603: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.
Jan 20 16:00:27.599: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.
Jan 20 16:00:29.599: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.
Jan 20 16:00:31.599: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.
Jan 20 16:00:33.599: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.
Success rate is 0 percent (0/5)
可以看到输出包含unroutable,说明包无法被路由,那是因为我们没启用任何路由协议

在Router1上配置一条路由:
Router1#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 0.0.0.0 0.0.0.0 Serial0

再次启用debug ip packet detail以后,ping Router4:
Router1#ping 34.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
Jan 20 16:05:30.659: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100,
sending
Jan 20 16:05:30.663: ICMP type=8, code=0
Jan 20 16:05:30.691: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 56,
rcvd 3
Jan 20 16:05:30.695: ICMP type=3, code=1
Jan 20 16:05:30.699: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100,
sending
Jan 20 16:05:30.703: ICMP type=8, code=0
Jan 20 16:05:32.699: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100,
sending
Jan 20 16:05:32.703: ICMP type=8, code=0
Jan 20 16:05:32.731: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 56,
rcvd 3
Jan 20 16:05:32.735: ICMP type=3, code=1
Jan 20 16:05:32.739: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100,
sending
Jan 20 16:05:32.743: ICMP type=8, code=0

Router2上出了什么问题?
Router2#debug ip packet detail
IP packet debugging is on (detailed)

Router2#
Jan 20 16:10:41.907: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutable
Jan 20 16:10:41.911: ICMP type=8, code=0
Jan 20 16:10:41.915: IP: s=12.0.0.2 (local), d=12.0.0.1 (Serial1), len 56, sending
Jan 20 16:10:41.919: ICMP type=3, code=1
Jan 20 16:10:41.947: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutable
Jan 20 16:10:41.951: ICMP type=8, code=0
Jan 20 16:10:43.943: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutable
Jan 20 16:10:43.947: ICMP type=8, code=0
Jan 20 16:10:43.951: IP: s=12.0.0.2 (local), d=12.0.0.1 (Serial1), len 56, sending
Jan 20 16:10:43.955: ICMP type=3, code=1
Jan 20 16:10:43.983: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutable
Jan 20 16:10:43.987: ICMP type=8, code=0
Jan 20 16:10:45.979: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutable
Jan 20 16:10:45.983: ICMP type=8, code=0
Jan 20 16:10:45.987: IP: s=12.0.0.2 (local), d=12.0.0.1 (Serial1), len 56, sending
Jan 20 16:10:45.991: ICMP type=3, code=1
Router1把包正确的发给了Router2,但是笨蛋Router2却不知道如何访问Router4(34.0.0.4),它回送unreachable ICMP信息给Router1

well,在Router2和3上启用RIP吧:
Router2#router rip
Router2#network 12.0.0.0
Router2#network 23.0.0.0

Router3#router rip
Router3#network 23.0.0.0
Router3#network 34.0.0.0

这下再来看能不能ping通:
Router1#debug ip packet
IP packet debugging is on

Router1#ping 34.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds:
Jan 20 16:16:13.367: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.
Jan 20 16:16:15.363: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.
Jan 20 16:16:17.363: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.
Jan 20 16:16:19.363: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.
Jan 20 16:16:21.363: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.
Success rate is 0 percent (0/5)
shit!还是不行,没有得到任何应答,看下Router4上到底发生了什么:
Router4#debug ip packet
IP packet debugging is on

Router4#
Jan 20 16:18:45.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100,
rcvd 3
Jan 20 16:18:45.911: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutable
Jan 20 16:18:47.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100,
rcvd 3
Jan 20 16:18:47.907: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutable
Jan 20 16:18:49.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100,
rcvd 3
Jan 20 16:18:49.907: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutable
Jan 20 16:18:51.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100,
rcvd 3
Jan 20 16:18:51.907: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutable
Jan 20 16:18:53.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100,
rcvd 3
Jan 20 16:18:53.907: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutable
原来是这样,Router4收到了来自Router1的包,但是这个笨蛋却不知道如何应答.好吧,我给你加条静态路由:
Router4(config)#ip route 0.0.0.0 0.0.0.0 Serial0

应该没问题了吧?let me try:
Router1#ping 34.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms
Bingo!终于成功了嘎嘎

上面这个例子里,ping不成功,是由于4个傻瓜不知道如何路由packet.下面再来看一个例子:

此主题相关图片如下：

Router1#ping 34.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
damn!又不成功!之前配置了路由协议了,应该不会是4个傻瓜找不到路的原因.那么,我们来1步步的排错吧:
Router1#ping 12.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
ping Router2成功了,是不是Router3的问题呢??看看就知道了:
Router3#show ip interface brief
Serial0   34.0.0.3   YES   manual   up                   up
Serial1   23.0.0.3   YES   manual   administratively down   down
faint,原来接口被shut了,难怪,so…fix it like this:
Router3#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router3(config)#interface s1
Router3(config-if)#no shut
Router3(config-if)#
Jan 20 16:20:53.900: %LINK-3-UPDOWN: Interface Serial1, changed state to up
Jan 20 16:20:53.910: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1,
changed state to up

应该没问题了吧?let me try:
Router1#ping 34.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms
Mission Complete!搞定!

来点好玩的东东:用access list!规定只允许telnet流量通过S0口进入Router4:

此主题相关图片如下：

Router4(config)# access-list 100 permit tcp any any eq telnet
Router4(config)#interface s0
Router4(config-if)#ip access-group 100 in

Router1#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 100 permit ip host 12.0.0.1 host 34.0.0.4
Router1(config)#access-list 100 permit ip host 34.0.0.4 host 12.0.0.1
Router1(config)#end
Router1#debug ip packet 100

IP packet debugging is on
Router1#debug ip icmp

ICMP packet debugging is on

看看这下会发生什么:
Router1#ping 34.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

Jan 20 16:34:49.207: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending
Jan 20 16:34:49.287: IP: s=34.0.0.4 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3
Jan 20 16:34:49.291: ICMP: dst (12.0.0.1) administratively prohibited unreachable rcv
from 34.0.0.4
Jan 20 16:34:49.295: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending
Jan 20 16:34:51.295: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending
Jan 20 16:34:51.367: IP: s=34.0.0.4 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3
Jan 20 16:34:51.371: ICMP: dst (12.0.0.1) administratively prohibited unreachable rcv
from 34.0.0.4
Jan 20 16:34:51.379: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending
由于在Router4上设置的ACL没有permit语句,结尾默认隐含deny all,所以会出现administratively prohibited unreachable.解决方法是在Router4是ACL设置的最后加上:
Router4(config)#access-list 100 permit icmp any any

来看个Ethernet的例子吧:

此主题相关图片如下：

Router4#ping 100.0.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.0.0.5, timeout is 2 seconds:

Jan 20 17:04:05.167: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
sending
Jan 20 17:04:05.171: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
encapsulation failed.
Jan 20 17:04:07.167: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
sending
Jan 20 17:04:07.171: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
encapsulation failed.
Jan 20 17:04:09.175: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
sending
Jan 20 17:04:09.183: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
encapsulation failed.
Jan 20 17:04:11.175: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
sending
Jan 20 17:04:11.179: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
encapsulation failed.
Jan 20 17:04:13.175: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
sending
Jan 20 17:04:13.179: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100,
encapsulation failed.
Success rate is 0 percent (0/5)
Router4#
^%*%(^,又出问题了,ping无法正常工作(输出内容中的encapsulation failed).这个意味着路由器知道往哪(where)发送packet,但是却不知道如何(how)发送它.在这种情况下,你就要知道ARP是如何工作的
ARP是把MAC地址映射到IP地址上去(层2到层3),使用show arp命令查看映射情况,如下:
Router4#show arp
Protocol    Address    Age (min)    Hardware Addr    Type    Interface
Internet    100.0.0.4     -          0000.0c5d.7a0d    ARPA   Ethernet0
Internet    100.0.0.1    10          0060.5cf4.a955    ARPA   Ethernet0

我们来用debug arp命令看下,encapsulation failed是怎么出来的:
Router4#debug arp

ARP packet debugging is on

Router4#ping 100.0.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.0.0.5, timeout is 2 seconds:

Jan 20 17:19:43.843: IP ARP: creating incomplete entry for IP address: 100.0.0.5
interface Ethernet0
Jan 20 17:19:43.847: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,
dst 100.0.0.5 0000.0000.0000 Ethernet0.
Jan 20 17:19:45.843: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,
dst 100.0.0.5 0000.0000.0000 Ethernet0.
Jan 20 17:19:47.843: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,
dst 100.0.0.5 0000.0000.0000 Ethernet0.
Jan 20 17:19:49.843: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,
dst 100.0.0.5 0000.0000.0000 Ethernet0.
Jan 20 17:19:51.843: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,
dst 100.0.0.5 0000.0000.0000 Ethernet0.
Success rate is 0 percent (0/5)
看到了什么?Router4广播packet到广播地址FFFF.FFFF.FFFF.这里的0000.0000.0000说明Router4正在查找目标地址(100.0.0.5)的MAC地址.而在这个例子中它不知道MAC地址是什么,就拿0000.0000.0000来填充进广播帧作为占位符,从e0口发送出去,询问和100.0.0.5对应的MAC地址.如果没有得到应答,MAC地址将标记为incomplete,如下:
Router4#show arp
Protocol        Address      Age (min)    Hardware Addr     Type   Interface
Internet        100.0.0.4       -         0000.0c5d.7a0d     ARPA   Ethernet0
Internet        100.0.0.5       0         Incomplete        ARPA
Internet        100.0.0.1       2         0060.5cf4.a955    ARPA    Ethernet0
超过一定时间以后,这条incomplete的条目将会从ARP表中被移除.所以只要相应的MAC地址不存在于ARP表中,就会出现encapsulation failed的错误提示造成ping失败

延迟也是一大因素,2秒内没有收到应答的话即失败:
Router1#ping 12.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
某些网络性能较低的情况下,2秒的超时时间是不够的,可以用扩展ping来修改它:
Router1#ping
Protocol [ip]:
Target IP address: 12.0.0.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]: 30
Extended commands [n]:
Sweep range of sizes [n]:

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 30 seconds:
!!!!!
Success rate is 100 percent (5/5), round−trip min/avg/max = 1458/2390/6066 ms
我们把超时时间改为30秒,成功

再来看一个例子,如下图:

此主题相关图片如下：

假设在上面的环境里,从LAN可以ping通过Router1,且Router1可以ping通Router2,但是从LAN上无法ping通Router2
老办法,启用debug以后,在Router1上ping Router2:
Router1#debug ip packet

IP packet debugging is on
Router1#ping 12.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round.trip min/avg/max = 4/7/9 ms
Router1#
Jan 20 16:35:54.227: IP: s=12.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending
Jan 20 16:35:54.259: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 100, rcvd 3
成功,但是上面我们是把Router1的S0(12.0.0.1)作为源地址.那我们现在在Router1上使用扩展ping,但是把源地址更改为连接LAN的e0口(20.0.0.1):
Router1#ping
Protocol [ip]:
Target IP address: 12.0.0.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 20.0.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds:
Jan 20 16:40:18.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending.
Jan 20 16:40:20.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending.
Jan 20 16:40:22.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending.
Jan 20 16:40:24.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending
Jan 20 16:40:26.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending.
Success rate is 0 percent (0/5)
结果可以看到,出去5个包,但是没有收到任何应答包.如何解决?只需要加一条20.0.0.0到Router2的路由即可
这个例子也可以看出,源设备应该转折点如何处理发出去的包,而目标设备同样也应该如何应答这些请求包

介绍完了ping,再来介绍下另外一个有用的命令:traceroute.traceroute是干什么的?
它是用来发现packet在网络上行走的路径.设备发出一系列的UDP数据报(datagram)给远程设备的一个无效的端口地址.3个UDP信息被发出去,每一个都把它们的TTL字段的值设置为1.TTL为1的信息到达某个路由器以后,随即超时,路由器并响应源设备一个ICMP的超时信息(TEM).接下来另外3个UDP信息被发出去,这次更改TTL值为2,即经过2个路由器以后,响应源设备TEM信息.依次类推,直到这些UDP报文到达了目标设备,由于是发往目标设备的一个无效的端口地址,目标设备响应ICMP port unreachable信息给源设备,暗示目标端口不可达,但是这个信号却能告诉你,traceroute完成

一个例子,如下图:

此主题相关图片如下：

Router1#traceroute 34.0.0.4
Type escape sequence to abort.

Tracing the route to 34.0.0.4
1 12.0.0.2 4 msec 4 msec 4 msec
2 23.0.0.3 20 msec 16 msec 16 msec
3 34.0.0.4 16 msec * 16 msec
Jan 20 16:42:48.611: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sending
Jan 20 16:42:48.615: UDP src=39911, dst=33434
Jan 20 16:42:48.635: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3
Jan 20 16:42:48.639: ICMP type=11, code=0
ICMP type=11, code=0,对照之前的图,可以看出说明TTL超时.当然这是第一系列的,TTL为1的报文.直到TTL值更改为3:
Jan 20 16:42:48.839: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sending
Jan 20 16:42:48.843: UDP src=34327, dst=33440
Jan 20 16:42:48.887: IP: s=34.0.0.4 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3
Jan 20 16:42:48.891: ICMP type=3, code=3
ICMP type=3, code=3说明端口不可达.traceroute完成

traceroute中出现的一些字母/字符的含义:
1.nn msec:来回旅程时间(单位msec),nn为特定数目的探针
2.*:超时
3.A:代表administratively prohibited,人为禁止,比如ACL的设置
4.Q:源抑制(Source Quench),目标设备繁忙
5.I:用户中断测试
6.U:端口不可达
7.H:主机不可达
8.N:网络的可达
9.P:协议不可达
10.T:超时
11.?:未知packet类型

通过使用ping和traceroute,我们可以获得来回旅程时间(round-trip time,RTT),这个是发出请求到收到应答的一个时间值

关于性能问题,如下图:

此主题相关图片如下：

Router1#ping 12.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Router1#ping 12.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms
为什么第二次的RTT明显比第一次的RTT高?这个说明Router2繁忙

最后一个问题,关于debug命令
debug命令在排错的时候很有用,但是注意该命令极耗资源.有2条办法可以减少debug对路由器带来的影响,其中一种是使用ACL来减少你所想监视的特定流量,如下:
Router4#debug ip packet ?
<1-199> Access list
<1300-2699> Access list (expanded range)
detail Print more debugging detail

Router4#config t
Router4(config)#access-list 150 permit ip host 12.0.0.1 host 34.0.0.4
Router4(config)#^Z

Router4#debug ip packet 150
IP packet debugging is on for access list 150

Router4#show debug
Generic IP:
IP packet debugging is on for access list 150
Router4#show access-list
Extended IP access list 150
permit ip host 12.0.0.1 host 34.0.0.4 (5 matches)
设置完成以后,Router4只会显示符合ACL 150的debug信息

另外一个方法是缓存这些debug信息,并在debug关闭以后,用show log命令显示debug信息,如下:
Router4#configt
Router4(config)#no logging console
Router4(config)#logging buffered 5000
Router4(config)#^Z

Router4#debug ip packet

IP packet debugging is on

Router4#ping 12.0.0.1
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/37 ms

Router4#undebug all

All possible debugging has been turned off

Router4#show log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: disabled
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 61 messages logged
Trap logging: level informational, 59 message lines logged

Log Buffer (5000 bytes):

Jan 20 16:55:46.587: IP: s=34.0.0.4 (local), d=12.0.0.1 (Serial0), len 100, sending
Jan 20 16:55:46.679: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3

Fin