Traceroute is a program that shows you route taken by packets through a network. Yes, it traces the route of packets from source to destination, and the name of the program is traceroute, how befitting :P

Anyways, what Traceroute does is, it sends a UDP packet to the destination taking advantage of ICMP’s messages. So let’s take a brief look at what ICMP and it’s messages are.

ICMP (Internet Control Message Protocol) is a companion to the IP protocol. It compensates the IP protocol in error reporting since IP protocol doesn’t have an error reporting method in place. ICMP only reports errors and expects higher layers of the OSI architecture model to handle and correct the errors.

ICMP has two types of messages – error reporting messages and query messages. Query messages are generally used to diagnose network problems (the ping tool uses ICMP’s query messages). The error-reporting messages as the name suggests report errors if any in the IP packet. There are five types of error-reporting messages:

• Destination Unreachable
• Time exceeded
• Source Quench
• Parameter Problem
• Redirection

Traceroute uses the first two error-reporting messages – Destination Unreachable and Time exceeded.

Now that the introductions are done, let’s dive into the juicy parts, starting with an image of the process’ overview.

• Traceroute creates a UDP packet from the source to destination with a TTL(Time-to-live) = 1
• The UDP packet reaches the first router where the router decrements the value of TTL by 1, thus making our UDP packet’s TTL = 0 and hence the packet gets dropped.
• Noticing that the packet got dropped, it sends an ICMP message (Time exceeded) back to the source.
• Traceroute makes a note of the router’s address and the time taken for the round-trip.
• It sends two more packets in the same way to get an average value of the round-trip time. Usually, the first round-trip takes longer than the other two due to the delay in ARP finding the physical address, the address stays in the ARP cache during the second and the third time and hence the process speeds up.
• The steps that have occurred uptil now, occur again and again until the destination has been reached. The only change that happens is that the TTL is incremented by 1 when the UDP packet is to be sent to next router/host.
• Once the destination is reached, Time exceeded ICMP message is NOT sent back this time because the destination has already been reached.
• But, the UDP packet used by Traceroute specifies the destination port number to be one that is not usually used for UDP. Hence, when the destination computer verifies the headers of the UDP packet, the packet gets dropped due to improper port being used and an ICMP message (this time – Destination Unreachable) is sent back to the source.
• When Traceroute encounters this message, it understands that the destination has been reached. Even the destination is reached 3 times to get the average of the round-trip time.

And here’s an example output of traceroute from my machine to Askubuntu.

nits@excalibur:~$ traceroute askubuntu.com
traceroute to askubuntu.com (64.34.119.12), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 4.018 ms 4.005 ms 3.985 ms
2 117.202.176.1 (117.202.176.1) 20.969 ms 23.115 ms 24.324 ms
3 218.248.161.134 (218.248.161.134) 26.055 ms 27.593 ms 29.484 ms
4 218.248.255.70 (218.248.255.70) 30.899 ms 32.103 ms 35.807 ms
5 59.163.206.189.static.chennai.vsnl.net.in (59.163.206.189) 36.016 ms 36.736 ms 38.758 ms
6 172.25.81.217 (172.25.81.217) 68.516 ms 49.198 ms 50.119 ms
7 ix-0-100.tcore1.MLV-Mumbai.as6453.net (180.87.38.5) 51.578 ms 49.716 ms 53.576 ms
8 * if-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.17) 285.154 ms 286.011 ms
9 if-2-2.tcore2.WYN-Marseille.as6453.net (80.231.217.2) 295.478 ms 294.761 ms 299.084 ms
10 if-9-2.tcore2.L78-London.as6453.net (80.231.200.14) 289.543 ms 288.819 ms 292.430 ms
11 if-20-2.tcore2.NYY-NewYork.as6453.net (216.6.99.13) 287.631 ms 286.957 ms 269.304 ms
12 if-9-0-0-19.mcore4.NYY-NewYork.as6453.net (209.58.60.149) 281.298 ms if-15-0-0-20.mcore4.NYY-NewYork.as6453.net (209.58.60.133) 289.465 ms if-9-0-0-19.mcore4.NYY-NewYork.as6453.net (209.58.60.149) 277.011 ms
13 ix-5-0-1.mcore4.NYY-NewYork.as6453.net (66.110.8.58) 252.200 ms 253.669 ms 258.534 ms
14 oc48-po3-0.nyc-75bre-dis-1.peer1.net (216.187.115.134) 259.641 ms 258.973 ms 260.996 ms
15 64.34.60.18 (64.34.60.18) 260.509 ms 259.533 ms 256.597 ms
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

The stars in the output mean that they are filtered, most likely by a firewall. After the 15th hop all further hops until the destination is reached are filtered, hence, traceroute was unable to find the route.