🪴 Nishanth Gobi

Search

SearchSearch

Traceroute

May 15, 2024, 3 min read

  • traceroute provides a map of how data on the internet travels from a source to destination
  • It lists all the different devices (particularly routers) the data packets pass through
  • Using traceroute, 
    traceroute google.com
  • traceroute does this by sending ICMP packets

Info

  • tracert is a traceroute alternative for Windows
  • You can use traceroute6 for IPv6 networks

How traceroute works?

  1. User invokes the traceroute command for a target host. If the host is specified in the form of a domain name, traceroute will attempt to resolve it
  2. traceroute sends a data packet towards the target with the TTL value (of the IP packet header) set to “1”. The first router in the path will decrement the value by 1, which should trigger a TTL exceeded message that gets sent back to the host on which the traceroute program is running
  3. With details of the first hop in hand, traceroute will increase the TTL value to “2”. That first router in the path will still decrement the value by 1, but because the TTL will no longer drop to zero right out of the gate the packet can live on for one more hop. Once the TTL value does hit zero (in this case, at the second router in the path), another TTL exceeded message should be generated and passed back to traceroute
  4. The process repeats itself, with traceroute increasing the TTL by 1 each time, until the destination is reached or an upper limit of hops is hit ( default 30)

Understanding traceroute output

  • Each line of the traceroute output represents “one hop”
  • Each line has three measurements of time indicating the round-trip time (RTT) for three ICMP packets
  • Asterisk (*) indicates that the program didn’t receive a responses from the router at that hop. Reasons,
    • ICMP traffic is also considered low-priority; a busy router may process standard data packets rather than reply to your ICMP request.
    • There could actually be a connection problem
traceroute to google.com (142.250.192.78), 64 hops max, 52 byte packets
 1  192.168.1.1 (192.168.1.1)  11.753 ms  3.287 ms  2.704 ms
 2  static-93.30.143.114-tataidc.co.in (114.143.30.93)  95.892 ms  70.753 ms  39.845 ms
 3  10.117.136.94 (10.117.136.94)  7.059 ms  7.152 ms  22.957 ms
 4  10.124.253.105 (10.124.253.105)  15.663 ms  8.288 ms  12.258 ms
 5  10.118.143.21 (10.118.143.21)  9.837 ms  10.691 ms  8.660 ms
 6  72.14.210.20 (72.14.210.20)  8.033 ms  12.769 ms  27.304 ms
 7  * * *
 8  192.178.86.238 (192.178.86.238)  22.846 ms
    216.239.47.148 (216.239.47.148)  16.420 ms
    142.251.69.42 (142.251.69.42)  8.128 ms
 9  108.170.226.131 (108.170.226.131)  18.233 ms
    142.250.226.134 (142.250.226.134)  14.185 ms  118.910 ms
10  bom12s16-in-f14.1e100.net (142.250.192.78)  104.187 ms  10.772 ms
    108.170.248.177 (108.170.248.177)  9.811 ms
  • Hop 1 - indicates the IP of my local router (home network)
  • Hop 2 - indicates the IP of my ISP (in my case Tata Communications)
  • Hop 3, 4, 5 - Internal IPs within Tata communication network
  • Hop 6 - IP of one of Google’s server
  • Hop 7 - Asterisk(*) indicates that there weren’t any response to ICMP pings
  • Hop 8, 9 - IP of some of Google’s servers
  • Hop 10 - Google server with Destination IP

Refs

  1. https://www.varonis.com/blog/what-is-traceroute
  2. https://www.fortinet.com/resources/cyberglossary/traceroutes#:~:text=What%20does%20Traceroute%20Do%3F,to%20effectively%20transfer%20the%20data.

Graph View