tracert/traceroute commands

tracert/traceroute command

　The tracert/traceroute command is a command for displaying the route traced to the destination as a list. Test the network layer hop-by-hop.

Windows and Linux work with different mechanisms.

First, the sender

• On Windows, ICMP Echo Request packet
• On Linux, UDP packet

send a packet of

　A device (router) on the route to the destination returns a response with ICMP Type 11 (Time Exceeded). When the destination is reached, the destination device responds with an Echo Reply.

For Windows, run the tracert command from the command prompt. The usage is as follows.

●For Windows

For example, an example of executing tracert to “www.yahoo.co.jp” is shown below.

　Trace results display up to 30 route information. Each router crossed counts as 1 hop, so 30 hops are displayed. If you see an asterisk “*”, it indicates that the packet was unreachable.

*Some routers and destination terminals filter ICMP packets to increase security. In that case, “*” is also displayed.

Options for the tracert command

How tracert / traceroute works

Here, I will explain the operation and mechanism of tracert / traceroute

Windows and Linux operate with slightly different mechanisms.

1. Send a packet with a TTL value set by the source.

Sets the TTL value.

Initially, set TTL=1.

From the next, TTL=2, then TTL=3, then … and so on, increasing the TTL value one by one.

• On Windows, ICMP Echo Request packet
• On Linux, UDP packet

UDP packets use port numbers around 33434-33499.

send a packet of

2. A device in the middle of the route sets the TTL value to “-1”.

A device (router) on the route sets the TTL value to “-1” and forwards it to the next router if it is not TTL=0.

3. A device on the route returns a response with ICMP Type 11 (time exceeded).

　A device on the route returns a response with ICMP Type 11 (Time Exceeded) when TTL=0, and returns to step 1 if the destination has not yet been reached. The TTL value is incremented by “1” each time you return to step 1.

4. A reply is returned to the sender with an echo reply (Echo Reply) of ICMP Type 0 or “Port Unreachable” of Type 3 (destination unreachable).

This explanation is illustrated in the figure below.

(1) First, set TTL=1 and send the IP packet to the target terminal.

　The first router receives the packet and sets the TTL value to “-1”. Then, the TTL value becomes “0”, so the ICMP Type 11 error Time Exceeded is returned.

② Next, set TTL=2 and send the IP packet to the target terminal.

　The first router receives the packet, sets the TTL value to “-1”, and forwards it to the next router. The second router will set the TTL value to “-1”. Then, the TTL value becomes “0”, so the ICMP Type 11 error Time Exceeded is returned.

③ Next, set TTL=3 and send the IP packet to the target terminal.

　The first router receives the packet, sets the TTL value to “-1”, and forwards it to the next router. The second router sets the TTL value to “-1” and forwards it to the next router. A third router will set the TTL value to “-1”. Then, the TTL value becomes “0”, so the ICMP Type 11 error Time Exceeded is returned.

④Finally, set TTL=4 and send the IP packet to the target terminal.

　The first router receives the packet, sets the TTL value to “-1”, and forwards it to the next router. The second router sets the TTL value to “-1” and forwards it to the next router.

　The third router sets the TTL value to “-1” and forwards it to the next router. In this way, if the destination terminal is reached, the destination terminal responds with an ICMP Type 0 echo reply (Echo Reply) or Type 3 (destination unreachable) “Port Unreachable” according to the received packet. Return to sender.

*Some routers and destination terminals filter ICMP packets to increase security. In that case no response is returned.