HOW TRACEROUTE WORKS

Traceroute is one of the essential troubleshooting utility used in Network domain. This diagnostic tool displays the route path and measures packet delay across LAN and WAN network.

Before we discuss further, let’s understand the term TTL – TTL stands for Time To Live. When a packet is sent, its TTL is set, which is the number of layer 3 hops it can pass through before being discarded. Traceroute works by sending packets and progressively increasing their TTL starting value by one.

As a default behaviour of Layer 3 device like Router, when 1^st Router receives the packet, it decrements the TTL value and drops the packet since TTL value becomes zero. The router sends an[p2p type=”slug” value=”internet-control-message-protocol-icmp”] ICMP[/p2p] Time Exceeded message back to the receiving source.

The step by step operation of Traceroute is given below –

1. Traceroute creates a 3 [p2p type=”slug” value=”udp-user-datagram-protocol”]UDP[/p2p] packet from the source to destination with a TTL value of 1. On reaching the 1^st layer 3 hop , the device decrements the TTL value by 1, hence making UDP packet TTL = 0 , thus dropping it as a default behaviour. It will send an ICMP TTL Exceeded (Type 11), back to your traceroute generating device – with a source address of itself. Traceroute makes a note of the router’s address and the time taken for the round-trip. Since 3 packets are sent and discarded ,it helps to get an average value of the round-trip time
2. In Next step, the traceroute machine will send 3 UDP packets with a TTL of 2, therefore the 1^st layer 3 device reduces the TTL by 1 to 1 and passes it on to next layer 3 hop.
3. The next router decrements the TTL value to 0, discarding the packet and sending the same ICMP Time-to-Live Exceeded with its address as the source back to traceroute machine. Now we are aware of first 2 Routers in the path to destination and round trip time across hops.
4. The traceroute process keeps on incrementing TTL value , with each Layer 3 device in way decrementing the TTL and sending it forward till the layer 3 device seeing the TTL value of 0 drops the UDP packet.
5. Finally, when the traceroute UDP packet reaches the destination, the UDP packet needs to connect to the port that it sent as the destination port, since being an uncommon port, it will be rejected with an ICMP Destination Unreachable (Type 3) and Port Unreachable (Code 3) message. This ICMP message is sent back to traceroute generating machine, which understands that this being the last hop, stops the traceroute and provides information on number of hops and trip time taken at each layer 3 hop between source machine and destination. Infact destination is reached 3 times to get the average of the round-trip time.

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)