Traceroute is a very cool command, it shows you the path the packet will take to the destination and all the hops in the path.
Although, it gives you these useful details, personally I don’t rely much on it, it can be considered as a very good tool for troubleshooting but going back to my CCNP TSHOOT exam and to some real life experiences, the traceroute command can trick you sometimes. So, the main tool remain the famous “PING”.
But this article is about Traceroute, so I will describe below the Traceroute process:
Imagine these guys connected to one another, let’s just simply assume that there is one path to R4 from R1 as below:
R1 – R2 – R3 – R4
R1 does the traceroute to R4:
R1#debug ip icmp
ICMP packet debugging is on
Type escape sequence to abort.
Tracing the route to 188.8.131.52
1 10.1.2.2 44 msec 24 msec 28 msec
2 184.108.40.206 32 msec 56 msec 92 msec
3 220.127.116.11 72 msec 92 msec 76 msec
*Jun 16 11:56:59.323: ICMP: time exceeded rcvd from 10.1.2.2
*Jun 16 11:56:59.351: ICMP: time exceeded rcvd from 10.1.2.2
*Jun 16 11:56:59.383: ICMP: time exceeded rcvd from 10.1.2.2
*Jun 16 11:56:59.419: ICMP: time exceeded rcvd from 18.104.22.168
*Jun 16 11:56:59.479: ICMP: time exceeded rcvd from 22.214.171.124
*Jun 16 11:56:59.575: ICMP: time exceeded rcvd from 126.96.36.199
*Jun 16 11:56:59.651: ICMP: dst (10.1.2.1) port unreachable rcv from 188.8.131.52
*Jun 16 11:56:59.747: ICMP: dst (10.1.2.1) port unreachable rcv from 184.108.40.206
*Jun 16 11:56:59.831: ICMP: dst (10.1.2.1) port unreachable rcv from 220.127.116.11
So, what’s happening here:
R1 sends 3 User Datagram Protocol messages with a TTL of 1 to R4’s IP 18.104.22.168 and with a fake destination port.
When R2 gets these UDP packets, it decrements the TTL, drops the packets, and sends back to R1 straight away an ICMP Type 11 – Code 0, which means Time Exceeded Message (TEM). In other words R2 is telling to R1, you know what, your UDP packets died, they were too old.
R1 gets the responses and send again 3 UDP packets with a TTL of 2 this time.
R3 responses are the same as R2’s, it sends back to R1 a Time Exceeded Message.
R1 receives the responses from R3 and sends again 3 UDP packets, now with a TTL of 3.
R4 receives the packets, and sends back to R1 and ICMP Type 3 – Code 3, which means Destination Unreachable – Port Unreachable.