Traceroute - Tracing Route
"traceroute" (or tracert in Windows) is a Networking tool used to determine the "route" taken by packets across an IP network.
How Traceroute Works
Before knowing how traceroute works let's understand what is "TTL'.
TTL
Time-to-live (abbreviated TTL) is a limit on the period of time (or number of iterations/transmissions) in computer network, that a unit of data (e.g. a packet) can experience before it should be discarded.
The time to live value can be thought of as an upper bound on the time that an IP datagram can exist in an internet system.
The TTL field is set by the sender of the datagram, and reduced by every host on the route to its destination. If the TTL field reaches zero before the datagram arrives at its destination, then the datagram is discarded and an ICMP error datagram (Time Exceeded) is sent back to the sender.
The purpose of the TTL field is to avoid a situation in which an undeliverable datagram keeps circulating on an internet system, and such a system eventually becoming swamped by such immortal datagrams.
In IPv4, time to live (TTL) is an 8-bit field in the IP header.
TraceRoute
Traceroute works by increasing the "time-to-live" value of each successive batch of packets sent.
1. As shown in figure below the first three packets sent have a time-to-live (TTL) value of one (implying that they are not forwarded by the next router and make only a single hop).
2. The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an "ICMP time exceeded" packet to the sender.
3. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination. The three timestamp values returned for each host along the path are the delay (latency) values for each packet in the batch.
4. If a packet does not return within the expected timeout window, a star (asterisk) is traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is at one hop, the second host at two hops, etc. IP does not guarantee that all the packets take the same route. Also note that if the host at hop number N does not reply, the hop will be skipped in the output.
5. On Linux, the traceroute utility by default uses UDP datagrams with destination ports number from 33434 to 33534.
+--------+ +--------+ | SENDER | | TARGET | +--------+ +--------+ | ^| [============( Router )=====( Router )=====( Router )==|====] ^ ^ ^ | | TTL=1 | TTL=2 | TTL=3 | TTL=4 Traceroute | | | | shows these -----+--------------+--------------+------------/
Sample Traceroute Session
At the end it shows at the gateway "64.129.234.132: returning ICMP message "Destination net unreachable" Probably, either the router has a configuration problem, or the 64.129.234.132 network does not exist, reflecting a bad IP address.
tracert 205.57.75.75 traceroute to 205.57.75.75 (205.57.75.75), 30 hops max, 40 byte packets 1 192.168.6.6 (192.168.6.6) 0.511 ms 0.498 ms 0.511 ms 2 203.76.128.204 (203.76.128.204) 5.168 ms 5.385 ms 7.538 ms 3 10.130.2.181 (10.130.2.181) 6.816 ms 7.043 ms 7.253 ms 4 203.90.114.89 (203.90.114.89) 174.514 ms 174.743 ms 174.963 ms 5 mumbbr.hclinfinet.com (203.90.78.137) 41.823 ms 42.140 ms 42.384 ms 6 mumint.hclinfinet.com (203.90.78.139) 45.320 ms 44.404 ms 44.574 ms 7 125.21.187.105 (125.21.187.105) 37.485 ms 33.500 ms 33.483 ms 8 203.101.100.73 (203.101.100.73) 34.472 ms 203.101.100.78 (203.101.100.78) 44.238 ms 44.821 ms 9 125.21.168.169 (125.21.168.169) 81.200 ms 90.114 ms 90.698 ms 10 203.101.95.30 (203.101.95.30) 90.902 ms 88.439 ms 88.420 ms 11 so-6-0-0-zcr2.lnt.cw.net (166.63.222.169) 221.542 ms 221.529 ms 220.834 ms 12 ae0-zcr1.lnt.cw.net (166.63.222.41) 218.313 ms 218.521 ms 216.900 ms 13 so-3-0-0-bcr1.lnd.cw.net (166.63.163.221) 234.371 ms 236.298 ms 235.996 ms 14 xe-0-3-0.xcr1.lnd.cw.net (195.2.25.1) 258.137 ms xe-5-0-0-xcr1.lnd.cw.net (195.2.25.121) 240.164 ms xe-0-3-0.xcr1.lnd.cw.net (195.2.25.1) 258.139 ms 15 ge-11-0-0.xcr1.nyk.cw.net (195.2.25.18) 327.318 ms ge-11-1-0.xcr1.nyk.cw.net (195.2.25.22) 294.545 ms ge-11-0-0.xcr1.nyk.cw.net (195.2.25.18) 300.028 ms 16 NYCL-PEER-03.twtelecom.net (198.32.118.36) 343.879 ms 338.914 ms 339.103 ms 18 64.129.234.132 reports: Destination net unreachable.