Introduction to Traceroute

Traceroute is a network diagnostic tool found on most operating systems, which is used for determining which path a packet has taken. The traceroute command can be used to draw up a map of the routers found between a source machine and a target machine. The traceroute command is different on each operating system.

  • In UNIX/Linux, systems, the traceroute command is:
    traceroute name.of.the.machine
  • In Windows systems, the traceroute command is:
    tracert name.of.the.machine

Output of a traceroute

A traceroute's output describes the names and IP addresses of the chain of routers, each preceded by a sequential number and minimum, average, and maximum response time.

Tracing a route to []
over a maximum of 30 hops:
1 33 ms 32 ms 33 ms []
2 33 ms 33 ms 33 ms []
3 33 ms 33 ms 33 ms []
4 33 ms 33 ms 33 ms []
5 32 ms 34 ms 34 ms []
6 34 ms 32 ms 33 ms []
7 35 ms 35 ms 35 ms []
8 36 ms 36 ms 35 ms []
9 36 ms 36 ms 36 ms []
10 34 ms 34 ms 35 ms []
11 36 ms 35 ms 37 ms
12 36 ms 36 ms 36 ms []

Route traced.

How a traceroute works

Traceroute works thanks to the TTL field in IP packets. Each IP packet has a time to live field (TTL) which is reduced each time it goes through a router When this field reaches zero, the router determines that the packet has been going around in circles, terminates this packet and sends an ICMP notification to the sender.

For this reason, traceroute sends packets to an unprivileged UDP port which is believed to be unused (port 33434 by default) with a TTL set to 1. The first router encountered will delete the packet and send an ICMP packet which includes the IP address of the router as well as the loop delay. Traceroute then increases the TTL field by 1 at a time, so as to obtain a reply from each router on the pathway, until it gets the reply "ICMP port unreachable" from the target machine.

