How Traceroute Works
The traceroute is one of the most powerful tools to use when troubleshooting routing issues. But how does a traceroute actually work?
When we perform a traceroute to a certain destination, the source sends initially an ICMP Echo Request with a Time-To-Live (TTL) value 1. This means that when that packet reaches the first hop, the TTL will expire and the router will drop the packet sending back to the source an ICMP Time Exceeded error message (this will be the first hop in the traceroute). Continuously, the source sends a new ICMP Echo Request with TTL value 2 this time. That packet will reach the second router in the path and then it will be dropped sending back an ICMP Time Exceeded error message (this will be the second hop in the traceroute). The source repeats the same process by sending new ICMP Echo Requests and increasing each time the TTL value by 1. This continues till the final ICMP Echo Request reaches the actual destination, which returns an ICMP Echo Reply back to the source (this will be the last hop in the traceroute). The picture below represents a traceroute process where A is the source and D is the destination router:
For each new TTL value, the source will send an ICMP Echo Request three times, so for each hop we will get three results. The results show the IP address of each hop (or domain name if available) and also the Round Trip Time (RTT). When a hop is unreachable, the traceroute shows a star symbol (*) instead. The picture below shows how a traceroute output looks like in a Cisco router:
A traceroute can be used in order to troubleshoot different kind of network issues, such as delay, asymmetric routing, IP filtering, etc. In a later post, I will explain more in detail how to troubleshoot these different types of fault with the help of traceroute.