How Traceroute Tracks Your Data's Journey Across the Network

whispering routes or asterisks along the way

The name Traceroute is a bit of a misnomer! While it traces the route, it doesn't actually trace the path in the physical sense but tracks how data moves through various routers over the network.

$ traceroute www.microsoft.com

Tracing route to e13678.dscb.akamaiedge.net [23.216.93.114]
over a maximum of 30 hops:

 1     1 ms     1 ms    <1 ms  <devicename>.mshome.net [172.26.96.1]
 2    11 ms    13 ms     6 ms  192.168.191.20
 3    20 ms    11 ms    18 ms  192.168.1.1
 4    44 ms    41 ms    35 ms  10.228.0.1
 5    32 ms    31 ms    46 ms  10.41.0.49
 6    36 ms    39 ms    30 ms  10.41.0.221
 7    35 ms    36 ms    39 ms  10.41.0.225
 8    54 ms    45 ms    50 ms  204.111.0.147
 9    50 ms    52 ms    47 ms  ae-39.a02.atlnga05.us.bb.gin.ntt.net [128.241.219.117]
10    53 ms    51 ms    61 ms  ae-5.r24.atlnga05.us.bb.gin.ntt.net [129.250.4.192]
11    64 ms    45 ms    44 ms  ae-0.a03.atlnga05.us.bb.gin.ntt.net [129.250.2.20]
12    49 ms    67 ms    46 ms  ae-0.akamai-onnet.atlnga05.us.bb.gin.ntt.net [128.241.1.122]
13    67 ms   287 ms     *     ae20.r03.border101.atl02.fab.netarch.akamai.com [23.203.144.21]
14     *        *        *     Request timed out.
15     *        *        *     Request timed out.
16     *        *        *     Request timed out.
17   204 ms    58 ms    51 ms  a23-216-93-114.deploy.static.akamaitechnologies.com [23.216.93.114]

Trace complete.

For Windows: `tracert www.example.com`

• By default, the upper limit is 30 hops, but a different value can be specified when the command is run.

How It Works

1. The user runs the traceroute (or tracert) command with a target host.

2. Traceroute sends a IP packet with a TTL (Time to Live) of 1, which gets decreased by the first router. The router then sends a “TTL exceeded message” back.

   However, some routers don't return time Exceeded messages for packets with expired TTL values and are invisible to the traceroute command. In this case, a row of asterisks (*) is displayed for that hop.

3. The TTL is increased by 1 for each subsequent hop, allowing the packet to travel further along the path.

4. This process repeats, with each hop sending back the TTL exceeded message, until the destination is reached or the hop limit (default 30) is hit.

5. The result shows all hops, along with the round-trip time (RTT) to each hop.

OSI Layers involved

Traceroute primarily operates at Layer 3 (Network Layer) of the OSI model, where IP packets are used to route data across different networks. The TTL value, which is key to Traceroute, is part of the IP header.

However, Layer 4 (Transport Layer) may also be involved depending on whether ICMP (used in some implementations of Traceroute) or UDP packets are used to trace the route.

You can use any sort of packet to implement it - ICMP, TCP SYN, etc. All it takes is the IP packet expiring.

By default Windows tracert uses ICMP and both Mac OS X and Linux traceroute use UDP.