Author: JT Smith
traceroute www.cumbria.gov.uk
On my machine, that command produces this:
traceroute to 146.101.4.185 (146.101.4.185), 30 hops max, 40 byte packets 1 gigagate1 (128.112.128.114) 0.477 ms 0.264 ms 0.344 ms 2 vgate1 (128.112.12.22) 0.327 ms 0.293 ms 0.346 ms 3 209.92.72.201 (209.92.72.201) 1.781 ms 1.338 ms 1.065 ms 4 165.113.8.66 (165.113.8.66) 2.332 ms 3.402 ms 2.716 ms 5 4.78.164.9 (4.78.164.9) 2.828 ms 2.158 ms 2.606 ms 6 ge-6-0-0.mp2.Philadelphia1.Level3.net (64.159.0.153) 3.768 ms 2.759 ms 2. 795 ms 7 ae-0-0.bbr1.NewYork1.Level3.net (64.159.1.41) 4.844 ms 5.329 ms 5.422 ms 8 as-0-0.bbr2.London1.Level3.net (4.68.128.105) 70.587 ms 70.420 ms 73.267 ms 9 ge-9-0.ipcolo1.London1.Level3.net (212.187.131.147) 73.751 ms ge-11-0.ipcol o1.London1.Level3.net (212.187.131.39) 70.005 ms 73.885 ms 10 195.50.117.194 (195.50.117.194) 81.389 ms 76.899 ms 77.248 ms 11 154.32.3.117 (154.32.3.117) 78.963 ms 78.603 ms 75.690 ms 12 154.32.3.22 (154.32.3.22) 76.572 ms 76.438 ms 78.522 ms 13 lhc-mfr-1.cr-mfr-1.dmz.uk.psi.net (154.32.101.2) 76.750 ms 76.689 ms 78.9 72 ms 14 core1.lond1-ge1.dc.uk.psi.net (146.101.0.2) 79.243 ms 77.040 ms 77.714 ms 15 neigh2.lond1-ge1-1.dc.uk.psi.net (146.101.0.26) 77.626 ms 78.572 ms 78.06 9 ms
The output looks confusing at first, but if you break it down, it’s really simple.
It shows each hop between the start and end points of the connection, the name of the host at the
end of each hop, its IP address, and the time taken to get to that point and return.
Actually, there are 3 times (in milliseconds) shown for each hop, because 3 sets of data
(or probes) are sent to each hop.
In the example above, you can see that there is a large delay between hops 7 and 8.
It took about 5 ms to do the trip to the seventh hop, but 70 ms to the eighth. The reason?
The names give it away: hop 7 is in New York while 8 is in London. The data
takes 64 ms to get across the Atlantic Ocean and back again.
Knowing how packets move around the Internet makes it easier to understand how
traceroute works, so let’s take a look. The Internet runs a communications protocol called TCP (Transmission Control Protocol), which splits
data into small packets prior to sending. At the far end,
TCP reassembles the data back into its original form.
Along the way, special-purpose computers called routers decide which way each packet should go to continue on its journey. Each packet contains a header — which contains information about its source and destination — as well as data. Each router uses an internal table to tell it where to send the packet next, based on the destination address in the packet header.
The packet header contains a field called TTL (Time-to-Live). This field tells the router how many hops the packet is allowed to make. Each router that handles the packet reduces the TTL by 1. If the TTL becomes 0 prior to reaching its intended destination, the router will discard the packet and notify the originating host that it has done so by sending it a TIME_EXCEEDED message. This prevents packets from causing infinite loops.
Traceroute works by sending IP packets as probes along the way to the final host. It sends out the first probe with a TTL of 1. The first router in the path sets the TTL to zero, then returns a TIME_EXCEEDED message. Then traceroute sends a packet with a TTL of 2. The first router decreases the TTL to 1, and passes it on. The second router sets the TTL to 0, then returns the TIME_EXCEEDED message. If no response is received from a router, traceroute displays an asterisk.
Traceroute continues increasing the the TTL and sending out packets until either the destination host is reached, or the maximum number of hops is exceeded. The default maximum is 30. If the host is reached, traceroute attempts to access an unused port. This results in a PORT_UNREACHABLE message being sent back to the originator. That’s how traceroute builds a complete picture of the path between the start host and the final destination.
Of course, traceroute is tweakable. Here are a few of the command line arguments you can use to alter its operation.
- -f x Set intitial TTL to value of x
- -d Enable debugging
- -i Specify an alternate network interface
- -l Display TTL for returned packet
- -m x Set the maximum TTL
- -n Print the IP address of each router rather than its name
- -p x Use port number x on the destination host rather than the default (33434)
- -w x Set the time in seconds to wait for a response from each router
That’s enough to get you started, but there are plenty of other options to experiment with. For example, the -m option may be of use if there are an excessive number of hops or if you already know the number. And -w may be of use if you think that a problem is being caused by a particularly slow router.
In summary, traceroute is a simple but effective network tool, and well worth the time and effort to learn. As always, peruse the man pages in addition to what you’ve learned here.
