How 'traceroute' works ?
What is 'traceroute' ?
Traceroute is a command that runs tools used for network diagnostics. These tools trace the paths data packets take from their source to their destinations, allowing administrators to better resolve connectivity issues. On a Windows machine, this command is called tracert
; on Linux and Mac, it’s called traceroute
.
How does it work ?
The Linux traceroute command works by manipulating the TTL. The purpose of TTL is to limit how long data will live in an IP network. Each packet of data that is sent out is assigned a TTL value. When a data packet reaches a hop on the way to the destination device, the TTL value is decreased by 1.
When we perform a traceroute to a certain destination, the source sends initially an ICMP Echo Request
with a Time-To-Live (TTL) value 1. This means that when that packet reaches the first hop, the TTL will expire and the router will drop the packet sending back to the source an ICMP Time Exceeded
error message (this will be the first hop in the traceroute). Continuously, the source sends a new ICMP Echo Request with TTL value 2 this time. That packet will reach the second router in the path and then it will be dropped sending back an ICMP Time Exceeded error message (this will be the second hop in the traceroute). The source repeats the same process by sending new ICMP Echo Requests and increasing each time the TTL value by 1. This continues till the final ICMP Echo Request reaches the actual destination, which returns an ICMP Echo Reply
back to the source (this will be the last hop in the traceroute).
Note :Windows uses ICMP packets and Linux uses UDP for trace route.
Source : TelcoNotes
Pic Credits : TelcoNotes