What is Traceroute?

Along with the Ping command, traceroute is a command that is often used to verify end-to-end communication with ICMP. Traceroute is a command used to verify the communication path to a specified IP address, i.e., what routers are to be traversed to get to the specified IP address.

Figure: Traceroute overview
Figure: Traceroute overview

How traceroute works (Cisco)

Traceroute works by using ICMP time exceeded messages to find out the IP address of the router on the communication path.

When executing traceroute with the destination IP address, the IP packet is first sent with TTL=1. Then the first router sets TTL=0 and discards the IP packet. The discarded router sends an ICMP time exceeded message. This gives the IP address of the first router on the route to the destination.

 Figure: Traceroute part1
Figure: Traceroute part1

Next, sending an IP packet to the destination with TTL=2 will result in an ICMP time exceeded message from the second router on the route. Thus, by increasing the TTL value and sending IP packets to the destination IP address, the IP address of the router on the route will be known.

Figure: Traceroute part2
Figure: Traceroute part2
Figure: Traceroute part3
Figure: Traceroute part3

The Cisco implementation uses UDP datagrams for traceroute. The route to the destination IP address can be verified by gradually increasing the TTL in the IP header with the destination port number as 33434. When the router on the intermediate route discards the packet when the TTL reaches 0, it sends an ICMP time exceeded message to the device that performed the traceroute.

At the destination of the final traceroute, the packet is discarded because it is not using UDP port 33434. It then sends the ICMP unreachable message Port Unreachable to the source device.

Figure: Traceroute part4

Windows sends ICMP echo request messages instead of UDP datagrams for traceroute. The final destination for the traceroute will return an ICMP echo response message.

Tracert command(Windows)

On Windows OS, you can execute traceroute by typing the following command at the command prompt.

Windows tracert command

C:\tracert <IP address or hostname>

The following is an example of the results of executing traceroute to Google’s web servers.

 Figure: tracert example (windows)
Figure: tracert example (windows)
C:\Users\gene>tracert www.google.co.jp

Tracing route to www.google.co.jp [216.58.220.131]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2     1 ms    <1 ms    <1 ms  172.31.1.1
  3     5 ms     3 ms     3 ms  ike-bbrt10.transix.jp [14.0.9.153]
  4     5 ms     5 ms     4 ms  72.14.214.173
  5     5 ms     4 ms     3 ms  142.251.233.137
  6     6 ms     4 ms     4 ms  108.170.237.93
  7     4 ms     3 ms     3 ms  nrt20s17-in-f3.1e100.net [216.58.220.131]

Trace complete.

Traceroute sends three packets each by default.

The IP address of Google's web server is current at the time of writing; IP addresses are subject to change.

traceroute command (Cisco)

Traceroute for Cisco devices uses the following commands

traceroute Cisco IOS

#traceroute <ip-address|hostname>

A sample Cisco traceroute command is shown below.

R6#traceroute 181.1.0.1

Type escape sequence to abort.
Tracing the route to 181.1.0.1

  1 160.1.26.2 32 msec 36 msec 32 msec
  2 160.1.12.1 36 msec 32 msec *

The following table shows the results and meaning of the traceroute command.

Displayed ResultMeaning
nn msec Round trip time in msec for each host on the route
* Probe Time out
A Administratively prohibited by access lists, etc.
Q Source quench message received because destination is busy
U Port Unreachable
H Host Unreachable
N Network Unreachable
P Protocol Unreachable
? Unknow error
Table Displayed results of traceroute command (Cisco)

The extended traceroute command allows you to flexibly specify the parameters of the packet when performing a traceroute; executing the traceroute command without specifying an IP address or host name is an extended traceroute.

The following is an example of executing the extended traceroute command.

R2#traceroute
Protocol [ip]:
Target IP address: 10.3.3.3
Source address:
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.3.3.3

  1 192.168.23.3 20 msec *  16 msec

The following table summarizes the parameters specified in the extended traceroute command.

ParametersMeaning
Protocol [ip] Layer 3 Protocol
Target IP address Destination IP address
Source address Source IP address or interface
Numeric display [n] Display IP address only
Timeout in seconds [3] Timeout seconds
Probe count [3] Number of probe packets sent by Traceroute
Minimum Time to Live [1] Minimum TTL
Maximum Time to Live [30] Maximum TTL
Port Number [33434] UDP Port number of probe packet
Loose,Strict, Record, Timestamp, Verbose [none] IP Header options
Table Parameters of the extended traceroute command

Values in [] are default values

As shown in this table, the extended traceroute command allows you to specify the source IP address, interface, and TTL value.