The network administrators use the tranceroute command very frequently to discover the path between two network nodes. Where the tranceroute command is running is the source node and destination node is specified in the command.
traceroute
Destination can be IP address or domain name e.g. www.google.com. After successful run, the command lists down all intermediate nodes, router or computer, that comes between the source and the destination.
How traceroute works?
Before starting how traceroute works, we’ll discuss about a concept called TTL or Time To Live. This basically a field in the IP packet that specifies the hop limit. That means the maximum number of hops, intermediate network nodes, a network packet can traverse. Though the name is Time to Live, it is not related time but related to number of hops.
Now we’ll see how traceroute figures out all nodes between two network nodes with the help of this TTL field.
- The source node (PC or router) sends out User Datagram Protocol (UDP) datagrams to an invalid port address to the destination, each with a Time-To-Live (TTL) field value set to 1. The TTL value of 1 causes the datagram to “timeout” as soon as it hits the first router in the path; this router then responds with an ICMP Time Exceeded Message (TEM) indicating that the datagram has expired.
- Another UDP messages are sent, each with the TTL value set to one more than the previous value, which causes the next router to return ICMP TEMs.
- The steps continues until the packets actually reach the destination. Since these datagrams are trying to access an invalid port at the destination host, ICMP Port Unreachable Messages are returned, indicating an unreachable port; this event signals the traceroute program that it is finished.
In every step, traceroute records the source of each ICMP Time Exceeded Message to provide a path to the destination.