Figure 1: Format of the ICMP "time exceeded" error message.
With TRACEROUTE a user can discover the path in the Internet along which IP packets travel from a source host to a destination host. Although the Internet is a datagram-based network, hence IP packets send by a source host to a destination host may traval along different paths, most of the time the IP packets traval along one and the same path.
The TRACEROUTE program/application uses ICMP messages and the TTL (Time-To-Live) field in the IP datagram header to determine the path between source and destination host. Also, in TRACEROUTE a working UDP unit is needed at the destination host.
The value contained in the TTL-field of an IP datagram is processed during handling of the IP datagram by a router in either of the following two ways:
Since most routers hold an IP datagram for less than one second the TTL-field effectively count the number of routers that it passes, passing a router is often called a 'hop' and therefore the TTL-field is sometimes called a 'hop-counter'.
The TTL-field enforces that each IP datagram always exists for a finite period of time in the network. In this period of time, it must either have reached the destination or it is discarded (i.e. the IP datagram is thrown away) by the network. When a router discards an IP datagram (due to the TTL-field being 0), the router returns an ICMP "time exceeded" message back to the source host.
The TRACEROUTE program is based on this 'feature'. Consecutive IP datagrams are send with increasing values for the TTL-field from 1 upto the value needed to reach the destination host.
The data field of the IP datagrams send by the TRACEROUTE program contains UDP datagrams. UDP is a transport protocol discussed in Part 9 of this course. With an UDP transport protocol comes a so called 'port numbers' as to identify the application that uses the transport protocol. The trick applied in TRACEROUTE is to use a port number that is highly likely to be unused by any application at the destination host, usually this number is greater than 30,000. When a packet arrives at the destination host with an unused port number, the UDP entity will generate an ICMP "port unreachable" error message. Because we can discriminate between ICMP "time exceeded" error messages and "port unreachable" error messages at the source host, we know when to halt TRACEROUT.
The format of the ICMP "time exceeded" error message is given below:
Figure 1: Format of the ICMP "time exceeded" error message.
A small example demonstrating each phase in the operation of TRACEROUTE is given in the next figure.
Figure 2: Example of the steps in TRACEROUTE.
Many TRACEROUTE implementations exist, usually they go along with a program that offers more functionality such as PING. In their basic operation all TRACERUTE programs are similar, the main differences are in the user interface that these programs offer: some TRACEROUTE programs offer a text based interface showing a list of all routers along the path from source to destination host; others provide a graphical interface for showing this path. In this last category we can distinguish between logical and geography based graphical interface. These last category of TRACEROUTE programs use a (private) database that contains a list of Internet routers and their geographic coordinates. Through this database it is possible to show the path on a geographical map.
For those who are interested in further readings on TRACEROUTE we refer to: