Introduction
While studying CompTIA Network+, I couldn't fully understand how Traceroute and Tracert work.
I could memorize them as the tool for tracing routes, but I couldn't comprehend how they work and what TTL is.
Once I grasped them through familiar example, everything clicked, so I decided to write it down.
What is Traceroute / Tracert
They are tools for investigating which route data takes to reach its destination.
The difference between Traceroute and Tracert
Traceroute → Command used in Linux・macOS
Tracert → Command used in Windows
They work the same way, but the name differs depending on the OS.
Why are they needed
Problem:
Cannot connect to network or delayed
Cannot identify where the problem is occurring
Solution:
Check each route data pass through
→ Identify the router that delay or lost happens
Familiar example
If a package sent from Tokyo to Osaka never arrives:
Check tracking number:
Warehouse in Tokyo → Center in Nagoya(The good is stopped at this facility)
→ Find that the center in Nagoya has problem
Similarly, with Traceroute:
PC → Router A → Router B(Delay happens)→ Destination
→ Find that Router B has problem
Practical output image
$traceroute google.com
1 192.168.1.1 1ms 1ms 1ms ← Home Router
2 10.0.0.1 5ms 5ms 5ms ← ISP Router
3 172.16.0.1 10ms 10ms 10ms ← Intermediate Router
4 8.8.8.8 20ms 20ms 20ms ← Destination
How to check the output
Number(1・2・3)= Hop count(Passed Router number)
IP Address = The address of the Router
ms = Response time(3 times measuring)
* * * = No response(Timeout)
→ Settings that the Router do not response
→ Or any problem happens
What is TTL
TTL stands for Time To Live
In a nutshell, remaining number that packets can pass routes
Why TTL is needed
Problem:
If packets cannot reach their destinations and keep flowing in network
↓
Traffic congestion happens in network
↓
Harm for other communication
Solution:
Attach a limit to each packet
→ Discard the packet after it passes through a set number of routers
→ Avoid network congestion
How TTL works
Packets generate:
TTL = 128(In case of Windows)
TTL = 64(In case of Linux/mac)
↓
Each time a packet passes through a router, the TTL decreases by one
↓
When TTL reaches 0, the packet is discarded
↓
「Time Exceeded」message is sent to senders
Understanding with diagram
PC(Sent at TTL=3)
↓
Router A Passed
(TTL decreases from 3 to 2 )
↓
Router B Passed
(TTL decreases from 2 to 1 )
↓
Router C
(TTL decreases from 1 to 0 )
→ The packet is discarded
→ Send 「Time Exceeded」message to PC
↓
Don't reach them to the destination
The mechanism Traceroute / Tracert use TTL
This is the core concept of this article
Step 1:TTL = 1
↓
TTL becomes 0 at Router A
↓
Router A sends「Time Exceeded」message
↓
1 hop identified : Router A(192.168.1.1)
Step 2:TTL = 2
↓
Pass Router A (TTL 2→1)
TTL becomes 0 at Router B
↓
Router B sends「Time Exceeded」message
↓
Find 2hop = Router B(10.0.0.1)
Step 3:TTL = 3
↓
Pass Router A・B
TTL becomes 0 at Router C
↓
Router C sends 「Time Exceeded」message
↓
Find 3hop = Router C(172.16.0.1)
Step 4:TTL = 4
↓
Arrive at destination
↓
「Arrived」message is sent
↓
Traceroute complete
Understanding with courier service
Imagine a rule applied to every package:
①The count decreases by one at each relay center
②When the count reaches 0, a status message is sent back
TTL = 1:Goods stop at the warehouse in Tokyo
→ Message「Arrived at warehouse at Tokyo」
TTL = 2:Tokyo → Nagoya
Goods stop at the relay center in Nagoya
→Message「Arrived at the relay center in Nagoya」
TTL = 3:Tokyo → Nagoya → Osaka
Goods stop at the relay center in Osaka
→Message「Arrived at the relay center in Osaka」
TTL = 4:Tokyo → Nagoya → Osaka → Destination
Goods arrive to the destination
→ Message「Delivery completed」
Which layer does Traceroute / Tracert operate on?
Layer 7 Application │
Layer 6 Presentation │
Layer 5 Session │ Not applicable for Traceroute
Layer 4 Transport │
─────────────────────────────
Layer 3 Network ← Traceroute works
─────────────────────────────
Layer 2 Data Link │
Layer 1 Physical │
The reason why Traceroute / Tracert work at Layer 3:
→ Tracking routes with IP address
→ TTL is included in IP header
Summary
Traceroute/Tracert :Tool for investigating the route data pass through
The difference of OS:
Linux/mac → traceroute
Windows → tracert
TTL :The remaining number of routers a packet can pass through
→ Decreases by 1 each time it passes through a router
→ 0 means the packet is discarded and send Time Exceeded message
Traceroute / Tracert use TTL:
Send data with TTL
→ Each router send「Time Exceeded」message, which can verify how many hop counted
→ Can comprehend routes overall
OSI refecence model:Layer 3(Network Layer)
Use case:
→ Not connect to network
→ Lag and delay with communication
→ Identify which router is causing the problem
Conclusion
I used to struggle with memorizing these tools over and over.
Once I understood the mechanism through a familiar example, everything naturally fell into the place.
TTL = Expiration time packets have(Remaining hop count router can pass )
→ Count down by 1 as router pass
→ 0 means responding「Time Exceeded」message
Traceroute / Tracert = Tool for identifying where the issue occurs by increasing TTL number from 1
For further actions, you may consider blocking this person and/or reporting abuse
