- Published at
Traceroute is awesome
Traceroute is a tool that lets you track the path an IP packet takes. Let's understand how it works and why it is awesome.
I recently discovered an amazing tool called traceroute. This tool lets you trace the path an IP packet takes to reach its destination. It is primarily used for diagnostic purposes but can also be used as a cool way to learn about networks.
So, first let’s quickly understand what IP packets are and why they are used. In simple terms, an IP packet is a unit of data that contains a source IP, a destination IP, and the data it wants to transmit. The source IP address is where the packet was sent from, and the destination IP address is where the packet is heading. Everything else represents the data that is being transferred, as far as the network layer is concerned.
Representation of an IP packet
When looking at a packet, it might seem like it is heading directly from the source to the destination, but that’s often not the case. Because there is usually no direct route, the packet gets re-routed across several devices, usually routers. This process of being routed from one device to another is called a hop. This means when I send a piece of data from my machine to, for example, google.com, the IP packet containing that data passes through several hops before reaching its destination. The route that the packet takes is what traceroute shows us, allowing us to see exactly which devices it passed through. Isn’t that awesome?
Journey of an IP Packet
To see this information, in your machine you need to have traceroute installed. If you have it installed you can simply run the traceroute command to get the results. For example:
traceroute meanberry.com
Traceroute command results (meanberry.com)
On each line, the IP address represents the address of each device that the request went through (a hop). Besides that, it also shows the time it took for the request to reach that device and get back (round trip). The first line is my gateway IP address or router. This is because every request for addresses outside my subnet has to pass through the router. On lines 4, 5 and 6, we can see a hostname wlink.com.np. This is the ISP that I currently use. This shows us that each request is being routed through your ISP. Obviously, everyone knows your data passes through the provider you are using, but is so much cooler seeing it in action.
But how is this possible? You might know that the IP protocol is stateless, which means neither the senders nor the receivers store any information about the devices a packet has passed through. So, how can information about each hop be known?
Each IP packet has a TTL (Time to Live) header that limits how many hops it can take. If the TTL is set to 100, the packet can pass through up to 100 devices before being dropped. The sender sets the TTL, and each device it passes through decreases it by one. When the TTL reaches 0, the packet is dropped, and the device sends an ICMP message back to the sender, showing where the packet was dropped. This feature is key to how traceroutes work.
When we run a traceroute on an IP address, it sends multiple IP packets, each with an increasing TTL value. It starts with a TTL of 1. When the gateway receives the packet with a TTL of 1, it decreases the value, finds it to be 0, and sends an ICMP message back to the sender indicating the packet was dropped. This allows us to trace the first hop (the gateway). For each subsequent request, the TTL is increased by 1, causing the next device to send an ICMP message back to the sender. This process is repeated until we trace every hop up to the destination server.
So, now you understand how traceroutes work and why they are used. Knowing how traceroutes work also help you understand how IP packets are transferred through the wire.