Traceroute: how it works and how to understand it
Traceroute is the go-to utility for troubleshooting many network related issues. Overview Traceroute launches a probe packet towards DST IP with a TTL of 1 Every router hop decrements the IP TTL of the packet by 1 When TTL equals 0 the packet is dropped, and the router sends an ICMP TTL exceeded packet to the SRC with the original probe packet as payloads The received message is displayed as a “hop” by traceroute The TTL is incremented by 1 and another probe sent This process is repeated until traceroute receives ICMP Dest Unreachable Probe Packets Each OS has a slightly different of implementing traceroute and its probe packets UNIX uses UDP probes UDP DST port 33434 incrementing once per probe Windows (and some others) use ICMP (each request) probes Look for some traceroute implementation that allows you to use TCP, UDP, or ICMP In most cases, three probes are sent per hop This is why you will see three latency results or *’s These three probes are important as in the case of load balancing path and latency might change ...