How does Linux command
traceroute makes use of IP protocol to print complete route to a particular
“Traceroute utility uses the TTL (Time To Live) field in the IP header to achieve its operation. This field describes how much hops a particular packet will take while traveling on network. This field is usually set to 32 or 64. Each time the packet is held on an intermediate router, it decreases the TTL value by 1. When a router finds the TTL value of 1 in a received packet then that packet is not forwarded but instead discarded.
After discarding the packet, router sends an ICMP error message of “Time exceeded” back to the source from where packet generated. The ICMP packet that is sent back contains the IP address of the router.
So now it can be easily understood that traceroute operates by sending packets with TTL value starting from 1 and then incrementing by one each time. Each time a router receives the packet, it checks the TTL field, if TTL field is 1 then it discards the packet and sends the ICMP error packet containing its IP address and this is what traceroute requires. So traceroute incrementally fetches the IP of all the routers between the source and the destination.”
Now, let’s see some examples:
From the example above,
traceroute not only gives the IP addresses of the intermediate
routers but also three round trip times for that particular router as for each router the
traceroute commands fires three packets.
The * field in output
There are times when one could encounter an * in the output rather than a value. This depicts that the required field could not be fetched. The reason can be anything from reverse DNS lookup failure to packets not hitting the target router to packets getting lost on their way back. So we see that the reason could be many but for all these type of cases the traceroute utility provides an * in the output: