Traceroute

You may use the ping command to diagnose a network problem if you know the source and destination. However, when you don't know how many routers or hops are in between, ?Or if you don’t know their IP addresses? traceroute is the way to go.

For each router, traceroute sends three probes. Each IP packet that we send is called a?probe.

Traceroute can be used with ICMP, UDP and TCP, depending on your operating system.

Windows uses ICMP and Linux uses UDP for traceroute..

So, how does traceroute work?

Traceroute uses the TTL (Time to Live) field in the IP packet header. Normally, TTL is used to prevent packets from being forwarded forever when there is a routing loop. Whenever an IP packet is forwarded by a router, the?TTL is decreased by one. When the?TTL is zero, the IP packet will be discarded.

How do we use this for traceroute? Let’s look at an example. Let’s say that from H1 (192.168.1.1) we send a trace to S1 (192.168.3.1). The first IP packet that H1 sends, will have a TTL of 1:

When R1 receives the IP packet, it will want to forward it to R2 but it has to decrease the TTL from one to zero, as a result, the IP packet will be dropped and R1 will respond to H1 with a?TTL exceeded?message. H1 will now send a second packet with a TTL of 2:

R1 will decrease the TTL from two to one, forwards it and now R2 has to drop it. R2 will respond with a TTL exceeded message. H1 will now send another IP packet with a TTL of 3:

R1 will decrease the TTL from three to two, R2 decrease it from two to one and R3 will have to drop it. R3 sends the TTL exceeded message to R1. The last IP packet that H1 will send will have a TTL of four:

Each router will decrease the TTL by one, our server on the other end will receive an IP packet with a TTL of one and replies with an ICMP reply to H1. We now know that the destination is reachable and we have learned all routers in our path.