Linux traceroute Utility

12 Jan 2014

How does Linux command traceroute works?

traceroute makes use of IP protocol to print complete route to a particular destination:

“Traceroute utility uses the TTL (Time To Live) field in the IP header to achieve its operation. This field describes how much hops a particular packet will take while traveling on network. This field is usually set to 32 or 64. Each time the packet is held on an intermediate router, it decreases the TTL value by 1. When a router finds the TTL value of 1 in a received packet then that packet is not forwarded but instead discarded.

After discarding the packet, router sends an ICMP error message of “Time exceeded” back to the source from where packet generated. The ICMP packet that is sent back contains the IP address of the router.

So now it can be easily understood that traceroute operates by sending packets with TTL value starting from 1 and then incrementing by one each time. Each time a router receives the packet, it checks the TTL field, if TTL field is 1 then it discards the packet and sends the ICMP error packet containing its IP address and this is what traceroute requires. So traceroute incrementally fetches the IP of all the routers between the source and the destination.”

Now, let’s see some examples:

$ traceroute google.com
traceroute to google.com (74.125.236.132), 30 hops max, 60 byte packets
1  220.224.141.129 (220.224.141.129)  89.174 ms  89.094 ms  89.054 ms
2  115.255.239.65 (115.255.239.65)  109.037 ms  108.994 ms  108.963 ms
3  124.124.251.245 (124.124.251.245)  108.937 ms  121.322 ms  121.300 ms
4  * 115.255.239.45 (115.255.239.45)  113.754 ms  113.692 ms
5  72.14.212.118 (72.14.212.118)  123.585 ms  123.558 ms  123.527 ms
6  72.14.232.202 (72.14.232.202)  123.499 ms  123.475 ms  143.523 ms
7  216.239.48.179 (216.239.48.179)  143.503 ms  95.106 ms  95.026 ms
8  bom03s02-in-f4.1e100.net (74.125.236.132)  94.980 ms  104.989 ms  104.954 ms

From the example above, traceroute not only gives the IP addresses of the intermediate routers but also three round trip times for that particular router as for each router the traceroute commands fires three packets.

The * field in output

There are times when one could encounter an * in the output rather than a value. This depicts that the required field could not be fetched. The reason can be anything from reverse DNS lookup failure to packets not hitting the target router to packets getting lost on their way back. So we see that the reason could be many but for all these type of cases the traceroute utility provides an * in the output:

$ traceroute www.bbc.co.uk
traceroute to www.bbc.co.uk (212.58.244.69), 30 hops max, 60 byte packets
1  192.168.1.1 (192.168.1.1)  0.900 ms  1.866 ms  2.108 ms
2  s53751501.adsl.online.nl (83.117.21.1)  176.235 ms  176.629 ms  176.739 ms
3  194.134.20.98 (194.134.20.98)  29.814 ms  30.157 ms  31.587 ms
4  ae3.cr1-asd6.nl.euro.net (194.134.161.229)  32.887 ms  33.246 ms  33.602 ms
5  * * *
6  rt-amsix.tcams.bbc.co.uk (195.69.144.169)  37.520 ms  26.394 ms  44.926 ms
7  ae-528.prt0.thdow.bbc.co.uk (212.58.239.45)  45.095 ms  45.368 ms  45.780 ms
8  * * *
9  * * *
10  ae0.er01.telhc.bbc.co.uk (132.185.254.109)  45.813 ms  54.124 ms  57.005 ms

REFERENCE