Performance Testing, LoadRunner Tips&Tricks

This site is moving to a bigger space @ LoadRunner TnT

Understanding Network: How traceroute works?

The program was written by Van Jacobson and others. It is based on a clever use of the Time-To-Live (TTL) field in the IP packet’s header. The TTL field is used to limit the life of a packet. When a router fails or is mis-configured, a routing loop or circular path may result. The TTL field prevents packets from remaining on a network indefinitely should such a routing loop occurs. A packet’s TTL field is decremented each time the packet crosses a router on its way through a network. When its value reaches 0, the packet is discarded rather forwarded. When discarded, the ICMP TIME_EXCEEDED message is sent back to the packet’s source to inform the source that the packet was discarded. By manipulating the TTL field original packet, the program traceroute uses information from these ICMP messages to discover paths through a network.

Traceroute sends a series of UDP packets with the destination address of the device you want a path to. * By default, traceroute sends sets of three packets to discover each hop. Traceroute sets the TTL field in the first three packets to a value of 1 so that they are discarded by the first router on the path. When the ICMP TIME_EXCEEDED messages are returned by that router, traceroute records the source IP address of these ICMP messages. This is the IP address of the first hop on the route to the destination.

Next, three packets are sent with their TTL field set to 2. These will be discarded by the second router on the path. The ICMP messages returned by this router reveal the IP address of the second router on the path. The program proceeds in this manner until a set of packets finally has a TTL value large enough so that the packets reach their destination.

Typically, when the probe packets finally have an adequate TTL and reach their destination, they will be discarded and an ICMP PORT_UNREACHABLE message will be returned. This happens when traceroute sends all its probe packets with what should be invalid port numbers, i.e., port numbers that aren’t usually used. To do this, traceroute starts with a very large port number, typically 33434, and increments this value with each subsequent packet. Thus, each of the three packets in a will have three different unlikely port numbers. The receipt of ICMP PORT_UNREACHABLE messages is the signal that the end of the path has reached.

Should a packet be lost, an asterisk is printed in the place of the missing time. In some cases, all three times may be replaced with asterisks. This can happen for several reasons. First, the router at this hop may not return ICMP TIME_EXCEEDED messages. Second, some older routers may incorrectly forward packets even though the TTL is 0. Third possibility is that ICMP messages may be given low priority and may not be returned in a timely fashion. Finally, beyond some point of the path, ICMP packets may be blocked.


-n: disable name resolution.

-v: enable verbose option which will log source and packet sizes of the probes will be reported for each packet.

-m: define maximum number of hops where default is 30 hops before halting.

-p: traceroute usually receives a PORT_UNREACHABLE message when it reaches its final destination because it uses a series of unusually large port numbers as the destination ports. Should the number actually match a port that has a running service, the PORT_UNREACHABLE message will not be returned. This is rarely a problem since three packets are sent with different port numbers, but, if it is, the option lets you specify a different starting port so these ports can be avoided.

-q: traceroute sends three probe packets for each TTL value with a timeout of three seconds for replies. This can be changed using –q option.

-w: define the default timeout value for the probe packets.

The above was extracted from the book, "Network Troubleshooting Tools" by Joseph D. Sloan.

Related Topics

Content Page - General

Labels: , , , , ,

Bookmark this article now! AddThis Social Bookmark Button

technorati reddit digg

0 Responses to “Understanding Network: How traceroute works?”

Post a Comment

Powered by Google

Enter your email address:

Delivered by FeedBurner

Add to Technorati Favorites


Powered by Blogger

make money online blogger templates

Powered by FeedBurner

Blog Directory

Top Blogs

Software Blogs -  Blog Catalog Blog Directory

© 2007 Performance Testing, LoadRunner Tips&Tricks | Blogger Templates by GeckoandFly.
No part of the content or the blog may be reproduced without prior written permission.
Learn how to make money online | First Aid and Health Information at Medical Health