The Traceroute ApplicationThe “traceroute” program, like the “ping” program, is a diagnostic tool that to test an internet path. Instead of just checking the connectivity to the destination, it also provides information on each of the Intermediate Systems (i.e. IP routera) that are found along the IP Path from the source to the destination.
Traceroute does this by sending a sequence of packets to the chosen target IP destination address. These can be ICMP echo request messages.
Setting the IP TTL Field
The sender explicitly sets the Time To Live (TTL) (or IPv6 hop count) in each test packet that it sends.
All IP packets contain a TTL value that determines the number of router hops that a packet may be routed. This is decremented by most routers (although routers might be configured to reduce the value by more than 1) It is used to prevent routing loops, and ensures topologies with loops do not result in packets that circulate indefinitely. The tool relies on the design of an IP router to not forward a packet when the TTL is zero.
Example operation of Traceroute
The traceroute tool starts by sending an ICMP Echo request message with an IP destination address of the chosen destination. Consider a path between device A and device D, interconnetced by routers - devices B and C.
In this example the tool is run at device A. This sets the TTL value set to 1.
The first router along the path (device B) receives the first packet with the ICMP Echo request message and then decrements the TTL and then discards the packet because the TTL value is zero. Before the router drops the packet, the router constructs an ICMP error message (with an ICMP message type of “TTL exceeded”).
The routers ICMP error message is returned in an IP packet. This packet has the IP source address of the router that received the traceroute packet and has IP desitionation address set to that of the dropped packet IP source address. This IP packet is therefore sent to the computer that generated the traceroute packet).
Receipt of this message by the traceroute client allows the source to identify which system is one hop away along the path to the destination (device B in the figure below). The tool can also measure the time taken to receive a reply, and can lookup the DNS name of any IP address it discovers. This completes the first part of the test.
The sender then repeats a test with the same TTL and destination address for two more times (three in total).
Each time an ICMP message is generated and the tool reports the router that receivit sened the packet with a TTL of zero. If all packets travel along the same path (i.e. set of routers that forwarded packets along the path) each ICMP error message will be received from the same router. Where two or more alternate paths are being used to reach the same router, the results may vary for each of the 3 tests.
Traceoute being used across a path ABCD, and showing the results for each hop when a UDP datagram is used to probe with increasing IPv4 TTL.
If the router that responded was not the intended final IP destination address, the sender then repeats the test by sending a set of three identical messages using a TTL value that is one larger than used for the last set of three attempts.
This time, it sends a packet with the TTL set to two, the first router on the path forwards the packet (and as it forwards this, it decrements the TTL value in the IP header). The next router along the same path then reduces the TTL value by one and this then become zero at that router. This generates an ICMP error message with the second router's own source address, and send the ICMP euro message back towards the original source of the packet. In this way, the source then learns the identity of the second router further along the IP path to the destination.
The tool repeats this test, each time with a TTL one larger, until the source receives a response from the intended destination - in this case device D (or the maximum TTL value is reached). A traceroute can be performed using other types of "traceroute packet" - for example carrying a UDP datagram as shown in the figure above.
Routers can be configured to discard ICMP messages, so these routers never send back to the source. Such routers also hide the “topology” of the network.
Some routers only process ICMP Messages, providing that they do not impose a significant load on the routers, such routers might rate-limited packets and do not always respond to ICMP echo request messages. Other routers may not have a route to the original source - perhaps due to asymmetric paths through the network.
Example traceroute using IPv4
An example traceroute towards the target IPv4 destination address of 212.58.224.13:
>traceroute bbc.co.uk traceroute to bbc.co.uk (212.58.224.131), 64 hops max, 40 byte packets
1 10.10.10.1 (10.10.10.1) 51.940 ms 18.491 ms 1.260 ms
2 lo0-plusnet.ptn-ag2.plus.net (195.166.128.53) 49.263 ms 55.061 ms 53.525 ms
3 ge1-0-0-204.ptn-gw2.plus.net (84.92.3.106) 139.647 ms 52.525 ms 127.196 ms
4 gi1-1-22.ptn-gw5.plus.net (212.159.4.6) 76.505 ms 57.524 ms 52.404 ms
5 rt0.thdo.bbc.co.uk (212.58.239.25) 89.200 ms 49.666 ms 144.629 ms
6 212.58.238.133 (212.58.238.133) 48.786 ms 68.650 ms 51.599 ms
Some on-path routers do not or can not send an ICMP message
Some routers only process ICMP Messages, providing that they do not impose a significant load on the routers, such routers might rate-limited packets and do not always respond to ICMP echo request messages. Other routers may not have a route to the original source - perhaps due to asymmetric paths through the network.
When “traceroute” encounters any router that does not respond, it prints a “*” character. Each star represents a failed probe that was discarded along the path.
IPv6
The process for IPv6 is similar, except the IPv6 Hop Count field is used in place of the IPv4 TTL, and that IPv6 DNS records are used in place of IPv4 ones. Traceroute tools can also be used with other types of packets (e.g. UDP, TCP) by Internet researchers to probe the paths taken through the Internet.