What are the significant differences between tracepath and traceroute?
Solution 1:
How do traceroute and tracepath perform a similar function, differently?
Both programs essentially do one thing: send and receive certain IP packets.
A program can use the normal sockets API to do this, or it can manipulate the raw packets from the interface. The sockets API does not require root privileges, because it is fairly secure. There are mechanisms builtin to prevent one program from accessing IP packets that another program made.
Tracepath uses the sockets API for all it's functionality. Traceroute manipulates raw packets for some of its functionality.
What does traceroute do, which requires root privileges, that tracepath doesn't?
It manipulates raw packets.
To manipulate raw packets, you need root privileges because by doing this, you bypass the security mechanisms of the sockets API. You gain access to communications of all other processes and users using that interface. Just think about what a virus could do if it could manipulate raw packets.
Are there scenarios where one should prefer tracepath over traceroute, or vice-versa?
One advanced command available in Traceroute is the ability to run a
network trace using IPv4 or IPv6 protocol. It is also possible to
choose between ICMP, TCP or UDP data formats for a probe. Traceroute
can choose specific source routings for the probe and choose what port
to send from. It can set limits on the minimum and maximum TTL to
accept from an outbound probe. IN addition, Traceroute can show the
wait time for response pings as well as set how many packets are send
in each probe and how many probes to send. Some of these commands may
not be supported by networking hardware along the path, which could
terminate the probe before it reaches its target destination.
One advanced command available in Traceroute is the ability to run a network trace using IPv4 or IPv6 protocol. It is also possible to choose between ICMP, TCP or UDP data formats for a probe. Traceroute can choose specific source routings for the probe and choose what port to send from. It can set limits on the minimum and maximum TTL to accept from an outbound probe. IN addition, Traceroute can show the wait time for response pings as well as set how many packets are send in each probe and how many probes to send. Some of these commands may not be supported by networking hardware along the path, which could terminate the probe before it reaches its target destination.
sources: 1 2 3
Solution 2:
You can use traceroute
for advanced network tracing , you can choose between IPv4 and Ipv6 protocols , you can also choose between ICMP, TCP or UDP data formats for a probe.
So traceroute
has more advanced options than tracepath
which uses UDP packets for tracing.
Now about superuser privileges :
you can use traceroute
with both a normal user and a superuser that depends on the option you want to use , here is an example :
Here we are using UDP packets which doesn't need superuser privileges
Here we are using ICMP echo packets which need privileges .
By ICMP packets you can make DDOS attack.
To learn about ICMP options Traceroute Man Page
To view traceroute
options type in terminal man traceroute
ICMP need super user privileges , to ensure just administrators can use some of its options , because it can be used to make ping of death and collecting information about a specific network , the privilege here will give the super user the ability to change options using ICMP packets.
That you can see it , when you try to ping so websites like www.microsoft.com
, your ping will fail even its online, and that because Microsoft routers block ICMP_requests .
So linux protect the system from unprivileged user , so they can not use this commands for attacking .