How Traceroute Works
In Daily routine many times linux admins need to troubleshoot for network problems, we used many tools for same, traceroute is one of them.
In this post we will try to understand out How Traceroute Works and demonstrate its working. It used to find route of network packet follows to reach its destination and if it get blocked then where it get blocked.
Sometimes when we face some connectivity issues while connecting any destination, we need to know which hop (router or switch) blocking this connectivity. So for this we use traceroute, this is really helps many times while working for network issues.
So, now we know Why we use traceroute command in various type of Operating system. Now we need to know how it works and actually what concepts behinds its working.
What is TTL
So traceroute command use network packets header values called TTL or hop Limit, which used to prevent network infinite loops which basically create because of some incorrect configuration within router which could forward network packets between few routers again and again. Now we need to know how TTL value work to prevent network loops.
How TTL Works
By-default TTL value is 64, it is 8 bit values.So It could range upto 256, example in IPv4 ICMP network packet header’s 0 to 7 bit is reserved for TTL values. While connecting any destination, every packet need to follow some route to reach its destination, in that route it cross some hops (routers and switches).Every time it passes any hop it reduces it TTL value by one. once TTL value reaches to 0, router discard that packet and last router will also sent back message (TIME_EXCEEDED)for same.
If we decrease TTL value while connecting destination below actual hops count, it will show TTL exceeded message from router that has TTL value 0 and will not able to ping destination like below. Here in below output 18.104.22.168 is same hop which will encounter at 5th position in traceroute output.
# ping -c 1 -t 5 gmail.com PING gmail.com (22.214.171.124) 56(84) bytes of data. From 126.96.36.199 icmp_seq=1 Time to live exceeded
In above example, we just decrease default TTL value to 5 instead of 64, So TTL value reaches to 0 while passing 5th hop and it sent back ICMP message back to source that TTL value exceeded before reach to destination, which need to pass 7 hops to connect it. Describe below
Like in below example. From my location(Source), gmail.com(destination) has ttl value count of 57 means 64-57=7 Hop. So while connecting gmail.com, its passes around 7 hops.
# ping gmail.com PING gmail.com (188.8.131.52) 56(84) bytes of data. 64 bytes from del03s09-in-f5.1e100.net (184.108.40.206): icmp_seq=1 ttl=57 time=11.8 ms
To make it more clear, we can see traceroute output for same destination.
# traceroute gmail.com traceroute to gmail.com (220.127.116.11), 30 hops max, 60 byte packets 1 192.168.0.1 (192.168.0.1) 1.626 ms 2.378 ms 2.368 ms 2 172.26.220.1 (172.26.220.1) 10.001 ms 10.449 ms 10.628 ms 3 18.104.22.168 (22.214.171.124) 11.697 ms 11.100 ms 13.624 ms 4 126.96.36.199 (188.8.131.52) 18.474 ms 23.616 ms 25.110 ms 5 184.108.40.206 (220.127.116.11) 22.387 ms 18.104.22.168 (22.214.171.124) 22.656 ms 126.96.36.199 (188.8.131.52) 24.362 ms 6 184.108.40.206 (220.127.116.11) 28.346 ms 78.269 ms 77.716 ms 7 del03s09-in-f5.1e100.net (18.104.22.168) 68.360 ms 60.785 ms 61.112 ms
So now we could quit clear how TTL works. Now we need to know how Traceroute use TTL value.
How Traceroute use TTL value
when we use traceroute command to check route path. Traceroute use ICMP to connect destination with TTL value 1 and keep on increasing it by one till it reaches to destination. This way it get continuous message from all hop in between and it show it on screen.
I hope, now it is clear how traceroute command works and How TTL play an important role in networking.
Example of Traceroute
To find out route followed by network packets, we should traceroute command in below way. It’s quit simple way to run it and find all in between hops that packets needs to cross to reach destination.
root@jarvis:~# traceroute geekpills.com traceroute to geekpills.com (22.214.171.124), 30 hops max, 60 byte packets 1 192.168.0.1 (192.168.0.1) 1.450 ms 2.269 ms 2.270 ms 2 172.26.220.1 (172.26.220.1) 7.518 ms 8.300 ms 11.446 ms 3 126.96.36.199 (188.8.131.52) 12.766 ms 13.074 ms 12.200 ms 4 184.108.40.206.static-delhi.vsnl.net.in (220.127.116.11) 16.232 ms 17.130 ms 17.927 ms 5 172.23.183.121 (172.23.183.121) 43.818 ms 172.23.183.134 (172.23.183.134) 40.606 ms 40.747 ms 6 ix-ae-0-4.tcore1.MLV-Mumbai.as6453.net (18.104.22.168) 33.337 ms 46.897 ms 54.543 ms 7 if-ae-9-5.tcore1.WYN-Marseille.as6453.net (22.214.171.124) 236.952 ms if-ae-5-2.tcore1.WYN-Marseille.as6453.net (126.96.36.199) 235.707 ms if-ae-9-5.tcore1.WYN-Marseille.as6453.net (188.8.131.52) 235.126 ms 8 if-ae-2-2.tcore2.WYN-Marseille.as6453.net (184.108.40.206) 224.363 ms 223.614 ms 226.201 ms 9 if-ae-9-2.tcore2.L78-London.as6453.net (220.127.116.11) 222.769 ms 219.331 ms 218.674 ms 10 if-ae-26-2.tcore2.LDN-London.as6453.net (18.104.22.168) 225.440 ms if-ae-15-2.tcore2.LDN-London.as6453.net (22.214.171.124) 235.572 ms 228.239 ms 11 if-ae-32-2.tcore2.NTO-New-York.as6453.net (126.96.36.199) 224.015 ms 227.195 ms 242.844 ms 12 if-ae-12-2.tcore1.N75-New-York.as6453.net (188.8.131.52) 247.466 ms 247.436 ms 247.444 ms 13 184.108.40.206 (220.127.116.11) 242.731 ms 242.436 ms 18.104.22.168 (22.214.171.124) 247.110 ms 14 126.96.36.199 (188.8.131.52) 255.319 ms * * 15 * * * 16 184.108.40.206 (220.127.116.11) 242.643 ms !X 250.049 ms !X 243.121 ms !X
So, now as in above mentioned output it shows series of hops which packets followed to reach destination. Every line has IP address of hops come across and ping timings of three pings used for same destination. Some of fields were replaced with * that usually which were blocked for icmp (Somtime traceroute or icmp is blocked within network) or where required fields can’t fetched because of any other reasons.