I want to troubleshoot my network but I don’t know how does the traceroute command work exactly

Traceroute is a program that shows you the route taken by packets through a network. It traces the route of packets from source to destination. It is commonly used when your network doesn’t work as well and you want to examine where can be the problem. Traceroute sends a UDP packet to the destination taking advantage of ICMP’s messages. ICMP has two types of messages: error-reporting messages and query messages. Query messages are generally used to diagnose network problems (the ping tool uses ICMP’s query messages). The error-reporting messages as the name suggest report errors if any in the IP packet; it uses Destination unreachable and Time exceeded errors message. It works by theses steps:
  • Traceroute creates a UDP packet from the source to destination with a TTL(Time-to-live) = 1
  • The UDP packet reaches the first router where the router decrements the value of TTL by 1, thus making our UDP packet’s TTL = 0 and hence the packet gets dropped.
  • Noticing that the packet got dropped, it sends an ICMP message (Time exceeded) back to the source.
  • Traceroute makes a note of the router’s address and the time taken for the round-trip.
  • It sends two more packets in the same way to get an average value of the round-trip time. Usually, the first round-trip takes longer than the other two due to the delay in ARP finding the physical address, the address stays in the ARP cache during the second and the third time and hence the process speeds up.
  • The steps that have occurred up til now, occur again and again until the destination has been reached. The only change that happens is that the TTL is incremented by 1 when the UDP packet is to be sent to next router/host.
  • Once the destination is reached, Time exceeded ICMP message is NOT sent back this time because the destination has already been reached.
  • But, the UDP packet used by Traceroute specifies the destination port number to be one that is not usually used for UDP. Hence, when the destination computer verifies the headers of the UDP packet, the packet gets dropped due to the improper port being used and an ICMP message (this time – Destination Unreachable) is sent back to the source.
  • When Traceroute encounters this message, it understands that the destination has been reached. Even the destination is reached 3 times to get the average of the round-trip time.