How traceroute works

Posted on by user

traceroute is a network diagnostic tool used to track the path that an IP packet takes to reach a destination. It provides information about each point (or “hop”) along the route, including the time taken to reach each hop. Here’s how traceroute works, step by step:

  1. Purpose of Traceroute: The primary goal of traceroute is to record the route (the specific gateway computers at each hop) through the Internet between your computer and a specified destination computer. It also calculates and displays the time taken to travel from your computer to each hop along the route.
  2. Packet with TTL (Time-To-Live): traceroute sends out a series of packets to the destination. These packets are unique because they have a small TTL (Time-To-Live) value. The TTL value is crucial; it’s set to ensure that the packet doesn’t circulate indefinitely in the case of routing loops.
  3. Incrementing TTL Values: The first set of packets sent by traceroute has a TTL value of 1. The TTL value is incremented by 1 for each subsequent set of packets sent out. So, the first set of packets will expire (and be discarded) after the first hop, the second set after the second hop, and so on.
  4. ICMP Time Exceeded Messages: When a packet reaches a router and its TTL has been decremented to zero, the router discards the packet and sends back an ICMP (Internet Control Message Protocol) “Time Exceeded” message to the source of the packet (your computer).
  5. Recording Each Hop: traceroute uses these ICMP messages to record the address of each hop along the route to the destination. When your computer receives the ICMP message, it notes the address of the hop and the time taken for the round trip.
  6. Repeating the Process: This process is repeated, increasing the TTL value each time, until the packets actually reach the destination. When the destination is reached, it will send back an ICMP “Echo Reply” message (assuming the destination is configured to reply), indicating that the destination has been reached.
  7. Measuring Round-Trip Time: traceroute measures the round-trip time from your computer to each hop along the route. To improve accuracy, it typically sends multiple packets per hop and calculates the average time.
  8. Completion: The process ends when the packets reach the destination or when the maximum number of hops (-m option in traceroute command) is reached, which is usually set to prevent the process from running indefinitely in case of routing loops or unreachable destinations.
  9. Output: The output of traceroute displays the list of hops along the route, including the IP address (and usually the hostname, if it can be resolved) of each hop and the time taken to reach each hop.

It’s important to note that traceroute shows the path that packets took at the time of the test. Due to the dynamic nature of routing on the internet, the path can change over time or even from one test to another. Also, some routers or firewalls are configured not to send ICMP Time Exceeded messages, which results in asterisks (*) in the traceroute output, indicating lost packets or unresponsive hops.