Traceroute
Network Troubleshooting Utility
Introduction
Traceroute command is a network troubleshooting utility used to determine the path that a packet takes to reach the destination host. This command works by manipulating the packets time to live (TTL) value.
The Time to Live field in an IP packet is used to avoid routing loops. Every time a packet passes through a router, the router decrements the TTL field. If the TTL reaches zero, the router drops the packet and sends an ICMP Time Exceeded message (Type 11, Code 0) to the original sender.
Working
Traceroute takes advantage of TTL feature in a clever way. Assume a host is four routers away from a server/destination as shown in figure.
The host’s traceroute sends an ICMP echo request packet to the server/destination but with a TTL of 1. The command will start with a TTL value of 1 indicating the packet can only go as far as the next device between the host and the destination. When the packet reaches the router 1; the router 1 decrements the TTL to 0, drops the packet, and sends an ICMP Time Exceeded message to the client. Router 1 is now identified. The host then sends an ICMP echo request with a TTL of 2 to the server. Router 1 decrements the TTL to 1 and passes the packet to router 2. Router 2 decrements the TTL to 0, drops it, and sends an ICMP Time Exceeded message to the client. Router 2 is now identified. Similarly, Router 3 and Router 4 are identified. When Router 4 is identified, the host sends an ICMP echo request with TTL 5. This time echo request is received by the server/destination and in response to echo request the server sends an ICMP echo reply to the source. In this way traceroute results in identification of all the hosts between the source and the destination.
Note that the traceroute command in Windows is tracert.
