Review: VisualRoute
Volume Number: 12
Issue Number: 11
Column Tag: Review
Review: VisualRoute
Java tool for graphically displaying traceroute information
by Chris Kilbourn
DESCRIPTION
VisualRoute 7.1 is a Java application that provides graphical traceroute, real-time latency, and ping data graphed in a tabular and world map format. It also provides limited whois and nslookup features that are available when drilling down on any displayed data. VisualRoute also may be operated via a Java and JavaScript-enabled browser, as it includes its own built-in web server, allowing you to query the application from across the network.
Included in the VisualRoute application is an extensive database of IP address and geographic information that allows it to display traceroutes on the global map. VisualRoute also suggests possible causes for common connectivity issues, which may be helpful when diagnosing network issues.
Users unfamiliar with the command-line use of traceroute, ping, mtr, whois or nslookup will probably get the most mileage out of VisualRoute. It provides a GUI-driven interface for these commands without having to read the man pages. Network and system administrators who need to explain why, "the Internet is down" to users unfamiliar with Internet routing and topology will appreciate the map that you can point to and say, "The problem is there, not here."
FIRST BLUSH
Installation is straightforward from a Stuffit Archive to a standard package installer, except for a minor glitch that I had which required me to upgrade to Stuffit 7.0.3 from the 7.0 version I was running. As far as I could tell, the only files installed are the VisualRoute application itself, two html files and a gif. The system I tested the product on was a 667mhz TiBook with 768MB of RAM running Mac OS X 10.2.6.
Upon first launch of the program asks you to select the language you wish to use. Language choices are English, French, German, Spanish, Italian, Swedish, Portuguese, Czech and Dutch.
VisualRoute starts in Simple Mode, and you are presented with a world map and an Address field where you can type in a host address, (i.e. - www.forest.net,) or an IP address to begin a traceroute. Advanced mode provides a tabular readout of traceroute data along with the world map. I found that while the map was nice eye candy, I tended to work with the tabular information more than the map information. VisualRoute does provide options to display information in ASCII format in a text editor.
One of the first things that struck me when using the application was the lack of keyboard commands for menu items. This likely has to do with the fact that the entire application is written in Java, but it was odd, and was a persistent irritation when driving the program. System-level window controls were still available via key commands.
TRACEROUTE
The core of the application is its traceroute function. Typing in a hostname or an IP address, it begins to collect and display a variety of data about the network between your machine and the destination host.
For those unfamiliar with it, traceroute is a low-level network diagnostic tool that utilizes ICMP (Internet Control Message Protocol) packets. ICMP is used for error control, test packets, packet redirection and other informational messages about network transport of IP. Since ICMP has the potential to provide a variety of information about remote networks by sending off an ICMP packet and waiting for a response, as well as be used in certain network attacks, more and more Internet networks are beginning to filter ICMP packets on the edges of their networks.
Traceroute literally traces the network path, hop by hop, from your computer to a remote host. It provides the IP address of each hop, the node name, and the time in milliseconds from that node to yours. Running a traceroute allows you to discover three critical pieces of information about the network path: how many hops it is from your computer to the destination, if there is congestion at any of the hops, and if there is any packet loss along the way (The terms hop, node, and router may be used interchangeably).
The more hops in a network path, the longer the transfer times will be, in general. Each time a packet has to be processed by a router, it adds a small delay to the transfer. Hop counts from two to roughly sixteen are considered average. Traceroute displays each hop on a numbered line, so calculating hop count is very easy.
Congestion manifests itself in traceroute by a hop that has a high time value, usually considered to be above 250 milliseconds. Hops with time values of above 250 milliseconds generally mean that the router in question is very busy and queueing packets for processing, adding network latency to that hop.
Packet loss in traditional command-line traceroute is displayed with stars (sometimes referred to as 'starring out.') This means that ICMP packets sent to that node are not being returned. When this happens but you can still reach the ultimate destination, it usually means that the router in question is so overburdened that its queue is full, and it is dropping or rejecting new packets for processing. If the traceroute ends before the destination, it usually indicates that the network path has been severed. This could be due to any number of man-made or natural disasters such as power outage, fiber cut, router misconfiguration or the bane of network administrators the world over: telco incompetence.
VisualRoute provides information in its traceroute display in addition to the traditional hop count, IP address, host name and response time. For your viewing and information pleasure, it provides a packet loss percentage, its best guess at the location of a node, the time zone that node resides in, a time graph with current time plotted against minimum and maximum time values, and VisualRoute's best guess as to the network ownership of each hop.
End-user consumer networks, AOL, Earthlink, cable modem providers and DSL providers often filter ICMP traffic. Many corporate firewalls are also programmed to refuse to pass ICMP traffic. Since traceroute and ping require ICMP to flow, if your network provider filters ICMP, VisualRoute will be of little use in providing much traceroute information unless you can run the application from an unfiltered network connection.
USING VISUALROUTE'S TRACEROUTE
Using VisualRoute is simple. You type in a hostname or IP address, hit return, and it automatically begins to map the traceroute on the world map, and build a standard traceroute table with current packet loss and transmission time statistics.
VisualRoute keeps track of previously traced destinations from a handy pop-up menu and allows you to sort the list by name or most recently visited. It also provides the IP addresses of the hosts to the side in a pop-up menu.
One of the things I enjoyed about VisualRoute's traceroute is its analysis and summary information of the destination host. Above the world map, VisualRoute informs you what type of server the host is and what software it is running. This feature can be very helpful when tracking down web compatibility issues between browser and host or to see if your own servers are publishing OS information they should not be.
The application will also provide you with suggested connectivity issues if it encounters a problem during a traceroute. These messages will help you determine issues from ICMP traffic being filtered somewhere along the traceroute path to DNS misconfiguration issues.
Double-clicking on a host from the traceroute pane will launch a floating window with IP address information pulled from ARIN, RIPE or APNIC's, (the registration authorities that delegate IP addresses for the Western Hemisphere, Europe/Africa and Asia, respectively,) IP registry databases.
Any information provided that is located in other registries, (registered host addresses, contact handles, etc.) is hyperlinked to allow you to continue to drill down in registry databases. This is an incredibly useful feature that allows you to follow the trail of authority for an address range or host when trying to track down a network administrator to tell them to patch their servers or when hunting for spammer networks to block.
These floating information windows also provide a button to automatically copy information into a text document, which can then be easily cut and pasted elsewhere.
A nifty feature of VisualRoute is its ability to function as a stand-alone web server to provide traceroute information. This is especially helpful if your network filters ICMP and has a DMZ network between the Internet and your internal network.
All the features of the stand-alone server are available via the web interface. Using VisualRoute in the web server mode is a great way to enable users on your network to perform their own traceroutes.
YOU CAN'T GET THERE FROM HERE
In my opinion, one of VisualRoute's most touted features, its database and map of Internet host addresses, is also a subtle Achilles heel. Let's examine a traceroute to a Mongolian web server as an example:
If a user, client or pointy-haired boss of mine was complaining about access times to this server, I would show them the map and the traceroute output times and tell them that it takes a long time to get packets back and forth from inner Mongolia. The complainer thus pacified, I would then turn to more pressing matters like reading Slashdot.
However, taking a close look at and comparing VisualRoute's map versus a relief map of Mongolia indicates that VisualRoute thinks that this server is in the middle of a high desert. I sincerely doubt that server is where it is mapped. We all know that data center operators fight a constant battle with heat, but placing servers in such a low-humidity environment introduces other issues best left for another article. In short, the server is probably in Hong Kong or maybe Ulan Bator based on round-trip times.
Before someone cries, "Foul!" that the example is extreme, and that VisualRoute should be excused from a detailed mapping of Mongolian hosts, (a debatable point either way), allow me to explain why I chose this example and the ramifications of relying solely on single-sourced data for host location information.
One of the greatest things about the Internet is its resiliency in utilizing distributed services. This distribution of services is built in at the protocol level and is a core feature. Current (and some past,) routing technology has the ability to tunnel, VPN, route or otherwise allow for distribution of IP addresses in non-contiguous blocks on widely geographically separated networks.
When ARIN, RIPE or APNIC assign IP address space to organizations, they place no restrictions on where in the world those IP addresses may be used. Only the requesting organization's mailing address must be located in the region for which IP address space is requested.
A great example is an employee traveling on international business who remotely connects to the corporate network via a dial-in server and is assigned an IP address via DHCP. Performing a traceroute to their laptop may show increased round trip times due to the distances involved, and the IP address being used is traced back to the corporate headquarters address as listed in the IP registry database.
VisualRoute, or any other program for that matter, would map this dial-in laptop user as at the corporate location, even though they could be anywhere in the world. Examining all available IP address and network information, you have no way to discern if that host is at corporate headquarters or somewhere on the road. The only way to be sure would be to call the user and ask them where they are.
As you can see, you cannot rely 100% upon the geographic host information provided in databases and derived from analyzing IP packets. When examining VisualRoute's traceroute maps, you should be aware of this issue, and take location information for hosts that you do not know about with a small to large grain of salt depending on your need for accurate host location information.
VisualRoute does have an extensive geographic database, and it allows you to add or correct network and host information.
WHY CROSS-PLATFORM CAN BE A FOUR LETTER WORD
VisualRoute is a Java application and as with other cross-platform Java applications on the Macintosh, it shows. My two big beefs are that it ignores human user interface guidelines by forcing the user to go to the mouse for just about everything, and by ignoring Macintosh inter-application communications by using helper applications to pass data from VisualRoute to other applications.
Most inexplicable is the complete lack of keyboard commands within the application. I am not a Java programmer, but a quick web search brought up some examples of command-key coding in Java, with the caveat that with the continuing Balkanization of tools and technologies between platforms, implementing command keys can be difficult.
While annoying, I talked myself into believing I was just running a very old Macintosh application that did not have key commands. Mousing around so much really got to be frustrating when drilling down on registry lookups and in navigating the application's features.
VisualRoute has two features that cause it to interact with external applications: jumping to a web page and copying looked up information to a text editor. I can appreciate that being a Java application, it might be easier to create a platform-specific helper application to launch a web browser or a text editor, but I have a hard time excusing the fact that VisualRoute does this every time you go to a web page or paste information to a text editor.
For example:
Do not adjust your magazine, the image is correct. This is, in two words, sloppy coding. It took me almost as long to quit all those helper applications as it did for me to use VisualRoute to track down a spam source.
Here's hoping that a future revision of VisualRoute will fix these two glaring issues.
THE BOTTOM LINE
VisualRoute 7.1 is a Java graphical traceroute utility application that provides real-time, graphed displays of traffic information coupled with a geographic map display of the network path. Its core functionality is equivalent to command-line tools such as traceroute, dig, nslookup, ping and mtr. VisualRoute also provides a web server mode allowing for remote use or for use on a DMZ network that is not blocking ICMP traffic.. Additional features include mail server MX record lookups and the ability to drill down on DNS and IP address registry information for hosts and addresses. While useful for both new and seasoned network administrators performing network diagnostics, the application is hampered by its lack of keyboard commands and its proclivity to launch multiple instances of supporting applications.
Chris Kilbourn
