- Traceroute Command
- Windows
- Linux
- Cisco IOS
- Troubleshooting
- Destination Unreachable
- Source Unreachable
- Conclusion
Traceroute, like the ping command can be used to isolate problems in our network. The ping command is a bit limited sometimes. For example, take a look at the following topology:
When we send a ping from H1 [192.168.1.1] to S1 [192.168.3.1] and this ping doesn’t work, what does it mean? We’ll know something is not working but we don’t know whether the problem is in between H1-R1, R1-R2, R2-R3 or R3-S1.
If you know the IP addresses of all routers in the path then you could ping all of these routers one by one. What if you have no idea how many routers are in between? Or if you don’t know their IP addresses?
The traceroute command will help us with that. Here’s a quick example:
Above I used the tracert [traceroute] command on a Windows computer to trace the path from my computer to facebook.com. You can see all the IP addresses and hostnames of the routers in between my computer and the server that responds to www.facebook.com. The response times that you see is the round trip time from my computer to the router. For each router, traceroute sends three probes.
So, how does traceroute work?
Traceroute uses the TTL [Time to Live] field in the IP packet header. Normally, TTL is used to prevent packets from being forwarded forever when there is a routing loop. Whenever an IP packet is forwarded by a router, the TTL is decreased by one. When the TTL is zero, the IP packet will be discarded.
How do we use this for traceroute? Let’s look at an example. Let’s say that from H1 [192.168.1.1] we send a trace to S1 [192.168.3.1]. The first IP packet that H1 sends, will have a TTL of 1:
When R1 receives the IP packet, it will want to forward it to R2 but it has to decrease the TTL from one to zero, as a result, the IP packet will be dropped and R1 will respond to H1 with a TTL exceeded message. H1 will now send a second packet with a TTL of 2:
R1 will decrease the TTL from two to one, forwards it and now R2 has to drop it. R2 will respond with a TTL exceeded message. H1 will now send another IP packet with a TTL of 3:
R1 will decrease the TTL from three to two, R2 decrease it from two to one and R3 will have to drop it. R3 sends the TTL exceeded message to R1. The last IP packet that H1 will send will have a TTL of four:
Each router will decrease the TTL by one, our server on the other end will receive an IP packet with a TTL of one and replies with an ICMP reply to H1. We now know that the destination is reachable and we have learned all routers in our path.
Each IP packet that we send is called a probe. Traceroute can be used with ICMP, UDP and TCP, depending on your operating system.
Traceroute Command
Let’s see this in action. I will use the following topology for this demonstration:
Above we have two host computers. H1 is a Windows computer [192.168.1.1] and H2 a Linux computer [192.168.1.2] running Ubuntu. The routers have been configured with EIGRP so that we have full connectivity.
Windows
Let’s start with a windows trace:
C:\Users\vmware>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops 1 1 ms 1 ms