Back 
In this article, we explain the main concepts of Traceroute and how it can be used to measure network latency and packet loss. We also address the main limitations of such a tool that makes it unfit for accurate measurements.
What do you use Traceroute for?
Traceroute is a very useful tool for network monitoring and problems diagnostics. With traceroute you can:
- discover the network path between a source and a destination
- measure the network latency to reach each hop on the path
- measure the packet loss at each hop
It is extremely useful to measure the network quality (congestions, …). It can also detect any network path variation that may occur through BGP peering/routing configuration changes.
How does Traceroute work?
The main principle of traceroute is shown hereunder:
The whole traceroute principle is based on the TTL (Time To Live) field of the IP packet header. This field is mainly used to avoid loops in networks, where packets could be routed indefinitely in a loop under certain circumstances. When a host sends a packet on a network, its initial TTL value is between generally 32 and 255, depending on the operating system used. Each time the packet hits a router and must be routed, the TTL value decreases by 1. When a packet with a TTL value of 1 hits a router, this latter cannot route the packet anymore (it would mean a TTL=0). So it drops the packet (to avoid potential looping problem). It also informs the source about this by sending a specific ICMP error message back to the source (ICMP error message “TTL Exceeded In Transit”).
So traceroute relies on the fact that routers will send this ICMP error message back to the source in case of a TTL value reaching 1. When performing a traceroute, this is what happens:
- The source sends a first IP packet with a TTL header field value of 1.
- The packet hits the first router in the network path. The router drops the packet due to this TTL value and sends an ICMP error message back to the source.
- The source has discovered the first router! So let’s go to the next one. For this, it sends a packet with a TTL value of 2.
- The packet hits the first router, is routed normally, and the TTL values is decreased by 1 (new TTL value = 1).
- The packet hits the second router in the path. The router drops it due to the TTL value of 1. Again an ICMP error message is sent back to the source, which discovers the second router in the path.
- … and so on up until the packet reaches the final destination.
- The type of message this final destination will send to the source depends on the specific traceroute implementation used (see next topic).
Different traceroute flavors
With traceroute, the IP packets are not sent as is. They are typically transported in a upper transport layer protocol like UDP, or directly in ICMP packets.
Traceroute in Windows
The standard Windows implementation of traceroute uses ICMP as protocol to send IP packets.
Let’s see how it works in practice:
These pictures show a Windows traceroute to google.com.
One line corresponds to a discovered router. By default, a Windows traceroute sends three packets per hop. You can see this through the 3 network latency values provided per line.
In this example, the packet has reached the destination after 7 consecutive hops. The last line (8) corresponds to the final destination itself.
Let’s now see in details what happened by using Wireshark. We analyze the fifth discovered router.