Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Most smartphones now have touchscreens, research finds
Five Ways Early Adopters Have Been Screwed
Google Nexus One fee cut follows broad FCC inquiry
Cisco, Juniper push new mobility-focused products
Startup links VMware with Amazon to create secure cloud storage
Adobe apologizes for 16-month-old Flash bug
Juniper execs share network vision
Planning for virtualization? Beware of server overload
US National Climate Service to manage world of climate change
Google tries to make Gmail more like Facebook, Twitter
Oracle buys AmberPoint for SOA management
'Rugged Manifesto' promotes secure coding
Father of Linux calls Nexus One smartphone "a winner"
Mass. city becomes testing ground for boosting broadband adoption
/

The inner workings of traceroute

Today's breaking news
Send to a friendFeedback

By Mark Gibbs
Network World, 07/12/99

Over the last three weeks Gearhead has discussed the ping protocol in various incarnations. We also mentioned a product called Ping Plotter (NW, June 28, page 52) that does something called traceroute.

Faithful reader R.M. wrote in asking for an explanation of how traceroute works. No sooner the word than the deed . . .

Sending packets from one machine to another across the Internet involves traversing multiple networks. There may be five, 10, 20 or more hops between routers to get from sender to receiver. And even then, the route taken by individual packets can change from packet to packet.

Discovering what routes packets take is a function of traceroute. Say, for example, your network is running fine and then communications with a regional office bog down. Wonder why?

Being a bit wily, you run a traceroute and discover that your ISP's main router is down and traffic is being sent via a different route. If quality-of-service levels are not being met, you now have evidence.

How does this actually work? Well, at the heart of traceroute is an IP function called time-to-live (TTL). TTL is a control field in the IP packet header that specifies how many router crossings, or hops, a packet is allowed to make before it must be discarded. This exists to prevent packets from endlessly circulating if a routing loop is accidentally formed.

When a router receives a packet, it decrements the TTL value by one, and if the result is greater than zero, the packet is forwarded. Alternatively, if the TTL value is zero, the router is supposed to discard the packet and return an Internet Control Message Protocol (ICMP) message - actually a Type 11 error message - to the originator reporting that the TTL value was exceeded in transit (NW, June 21, page 54).

So let's say that we want to find the routing from Machine A to Machine B. The process starts when we give traceroute the name or IP address of Machine B (if we give a fully qualified domain name, such as www.gibbs.com, then traceroute makes a Domain Name System inquiry to resolve the name into an IP address).

Now that traceroute knows the IP address, it sends an ICMP echo request with a TTL value of 1. The first router that handles the packet decrements the TTL value, gets a zero, and responds with an ICMP error. Traceroute receives the error and examines the header to find the IP address of the responding router. Voila! The first step in the path is known.

By setting the TTL field in the next echo request to 2, the second step is found, and so on until every step from source to destination has been discovered. But, as we said earlier, routing can change from packet to packet. This means that the discovered route may not actually exist.

Because it takes a separate request to determine each step and the routings can change between each step, it requires multiple requests for each step to get any kind of certainty that the reported route is real.

You might also notice that the data on some routers in a traceroute report will not be available - it is typically reported as "Request timed out" or some such. These are usually older routers that don't bother to report that TTL has been exceeded.

You'll find traceroute (or its equivalent) on just about every operating system that supports TCP/IP. Under Windows, the utility is a DOS program called tracert, and you can get the command line options by typing "tracert -?".

Route your comments to gh@gibbs.com.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.