In Daily routine many times linux admins need to troubleshoot for network problems, we used many tools for same, traceroute is one of them.

In this post we will try to understand out How Traceroute Works and demonstrate its working. It used to find route of network packet follows to reach its destination and if it get blocked then where it get blocked.

Traceroute significance

Sometimes when we face some connectivity issues while connecting any destination, we need to know which hop (router or switch) blocking this connectivity. So for this we use traceroute, this is really helps many times while working for network issues.

So, now we know Why we use traceroute command in various type of Operating system. Now we need to know how it works and actually what concepts behinds its working.

What is TTL

So traceroute command use network packets header values called TTL or hop Limit, which used to prevent network infinite loops which basically create because of some incorrect configuration within router which could forward network packets between few routers again and again. Now we need to know how TTL value work to prevent network loops.

How TTL Works

By-default TTL value is 64, it is 8 bit values.So It could range upto 256, example in IPv4 ICMP network packet header’s 0 to 7 bit is reserved for TTL values. While connecting any destination, every packet need to follow some route to reach its destination, in that route it cross some hops (routers and switches).Every time it passes any hop it reduces it TTL value by one. once TTL value reaches to 0, router discard that packet and last router will also sent back message (TIME_EXCEEDED)for same.

If we decrease TTL value while connecting destination below actual hops count, it will show TTL exceeded message from router that has TTL value 0 and will not able to ping destination like below. Here in below output 108.170.251.113 is same hop which will encounter at 5th position in traceroute output.

# ping -c 1 -t 5 gmail.com
PING gmail.com (172.217.160.229) 56(84) bytes of data.
From 108.170.251.113 icmp_seq=1 Time to live exceeded

In above example, we just decrease default TTL value to 5 instead of 64, So TTL value reaches to 0 while passing 5th hop and it sent back ICMP message back to source that TTL value exceeded before reach to destination, which need to pass 7 hops to connect it. Describe below

Like in below example. From my location(Source), gmail.com(destination) has ttl value count of 57 means 64-57=7 Hop. So while connecting gmail.com, its passes around 7 hops.

# ping  gmail.com
PING gmail.com (172.217.160.229) 56(84) bytes of data.
64 bytes from del03s09-in-f5.1e100.net (172.217.160.229): icmp_seq=1 ttl=57 time=11.8 ms

To make it more clear, we can see traceroute output for same destination.

# traceroute gmail.com
traceroute to gmail.com (172.217.160.229), 30 hops max, 60 byte packets
1  192.168.0.1 (192.168.0.1)  1.626 ms  2.378 ms  2.368 ms
2  172.26.220.1 (172.26.220.1)  10.001 ms  10.449 ms  10.628 ms
3  103.65.30.49 (103.65.30.49)  11.697 ms  11.100 ms  13.624 ms
4  103.65.28.54 (103.65.28.54)  18.474 ms  23.616 ms  25.110 ms
5  108.170.251.113 (108.170.251.113)  22.387 ms 108.170.251.97 (108.170.251.97)  22.656 ms 108.170.251.113 (108.170.251.113)  24.362 ms
6  64.233.174.17 (64.233.174.17)  28.346 ms  78.269 ms  77.716 ms
7  del03s09-in-f5.1e100.net (172.217.160.229)  68.360 ms  60.785 ms  61.112 ms

So now we could quit clear how TTL works. Now we need to know how Traceroute use TTL value.

How Traceroute use TTL value

when we use traceroute command to check route path. Traceroute use ICMP to connect destination with TTL value 1 and keep on increasing it by one till it reaches to destination. This way it get continuous message from all hop in between and it show it on screen.

I hope, now it is clear how traceroute command works and How TTL play an important role in networking.

Example of Traceroute

To find out route followed by network packets, we should traceroute command in below way. It’s quit simple way to run it and find all in between hops that packets needs to cross to reach destination.

root@jarvis:~# traceroute geekpills.com
traceroute to geekpills.com (104.236.50.185), 30 hops max, 60 byte packets
1  192.168.0.1 (192.168.0.1)  1.450 ms  2.269 ms  2.270 ms
2  172.26.220.1 (172.26.220.1)  7.518 ms  8.300 ms  11.446 ms
3  103.65.30.49 (103.65.30.49)  12.766 ms  13.074 ms  12.200 ms
4  14.143.30.53.static-delhi.vsnl.net.in (14.143.30.53)  16.232 ms  17.130 ms  17.927 ms
5  172.23.183.121 (172.23.183.121)  43.818 ms 172.23.183.134 (172.23.183.134)  40.606 ms  40.747 ms
6  ix-ae-0-4.tcore1.MLV-Mumbai.as6453.net (180.87.38.5)  33.337 ms  46.897 ms  54.543 ms
7  if-ae-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.17)  236.952 ms if-ae-5-2.tcore1.WYN-Marseille.as6453.net (180.87.38.126)  235.707 ms if-ae-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.17)  235.126 ms
8  if-ae-2-2.tcore2.WYN-Marseille.as6453.net (80.231.217.2)  224.363 ms  223.614 ms  226.201 ms
9  if-ae-9-2.tcore2.L78-London.as6453.net (80.231.200.14)  222.769 ms  219.331 ms  218.674 ms
10  if-ae-26-2.tcore2.LDN-London.as6453.net (80.231.62.57)  225.440 ms if-ae-15-2.tcore2.LDN-London.as6453.net (80.231.131.118)  235.572 ms  228.239 ms
11  if-ae-32-2.tcore2.NTO-New-York.as6453.net (63.243.216.22)  224.015 ms  227.195 ms  242.844 ms
12  if-ae-12-2.tcore1.N75-New-York.as6453.net (66.110.96.5)  247.466 ms  247.436 ms  247.444 ms
13  66.110.96.26 (66.110.96.26)  242.731 ms  242.436 ms 66.110.96.22 (66.110.96.22)  247.110 ms
14  138.197.244.35 (138.197.244.35)  255.319 ms * *
15  * * *
16  104.236.50.185 (104.236.50.185)  242.643 ms !X  250.049 ms !X  243.121 ms !X

So, now as in above mentioned output it shows series of hops which packets followed to reach destination. Every line has IP address of hops come across and ping timings of three pings used for same destination. Some of fields were replaced with * that usually which were blocked for icmp (Somtime traceroute or icmp is blocked within network) or where required fields can’t fetched because of any other reasons.