Traceroute Tool¶

The command line tool traceroute a.b.c.d is used to trace the path of a packet from an originating host (where the command is issued) to a target IP address indicated by the argument a.b.c.d. The path is traced by displaying the L3 devices traversed towards the target. The IP address of the router network interface that the packet is forwarded to is identified as a hop on the path to the target.

Round trip time (RTT) that elapsed between sending a packet and receiving a response from each hop is also displayed for each hop.

How does traceroute work?¶

In order to illustrate how traceroute works, let’s take the topology below with its IP address assignments on network interfaces of the routers. The originator is the host that issues the command traceroute 10.0.3.28 at its command line, and the target is the host with the IP address 10.0.3.28.

The topology to be used to illustrate the way traceroute works in a network.¶

Originator host sends an IP packet destined to target IP address with a TTL = 1. As soon as the packet is sent, the originator marks the time, t₁.

The packet is sent with TTL set to 1 to the target IP address 10.0.3.28.¶

Since the router1 decrements the TTL, resulting in TTL = 0, the packet is dropped and the router sends back an ICMP Time Exceeded TTL Expired type code message.

An ICMP TTL expired message is sent back by the router.¶

The originating host marks the time it receives this ICMP error message, t₂. An example output for a traceroute request is displayed here:

root@originator:/# traceroute 10.0.3.28
traceroute to 10.0.3.28 (10.0.3.28),30 hops max,60 byte packets

1  10.0.1.254 (10.0.1.254)  0.055 ms  0.018 ms  0.012 ms
2  10.50.0.2 (10.50.0.2)    0.032 ms  0.019 ms  0.016 ms
3  10.50.1.2 (10.50.1.2)    0.039 ms  0.021 ms  0.021 ms
4  10.0.3.28 (10.0.3.28)    0.059 ms  0.029 ms  0.029 ms

root@originator:/#

The originating host keeps track of the message exchanges with time of send and the time of receipt of ICMP error messages to infer the round trip delay experienced for each hop on the path to the target IP address. For each hop, the originating host sends three packets with the same TTL to average its measurement of the time difference between send and receive. In this case, for the first hop, the difference of the first send is t₂ - t₁.

The originator then sends a second packet, this time setting the TTL value to 2.

The packet with TTL = 2 traverses two routers and TTL is decremented down to zero on the second hop this time.¶

Once the TTL expires, again an ICMP error message is returned from the router that has dropped the packet.

The process is repeated for another two packets for this hop. And, a new packet with a TTL value set to three is sent next in a similar fashion, resulting in a TTL expired ICMP error message reply from the last router in this topology:

The final packet sent with a TTL value of four reaches the target IP address. The target host sends back an ICMP echo reply message to the originating host.

ICMP echo reply message from the target IP address arrives at the originating node.¶

Warning

The packet sent by the originator can be an ICMP echo request. In that case, it is expected that the reply from the target host is an ICMP echo reply. However, different implementations of traceroute also use simple UDP (User Datagram Protocol) packets with various port numbers. When a port number is not expecting a packet at the target host, an ICMP Port Unreachable type code error message will be sent back to the originator host.

At this point, the originator marks that the source IP address of this packet is equal to the target IP address indicated in the traceroute request and stops sending any more packets with controlled TTL fields and displays the round trip time (RTT) values marked from averaging of the time intervals observed between send and receive times for each packet.

Attention

Route misconfigurations as outlined in the section on routers can be detected using the traceroute tool.