traceroute is a computer network tool for measuring the route path and transit times of packets across an Internet Protocol (IP) network.
The traceroute tool is available on practically all Unix-like operating systems. Variants with similar functionality are also available, such as tracepath on modern Linux installations and tracert on Microsoft Windows operating systems. Windows NT-based operating systems also provide PathPing, which provides similar functionality. For Internet Protocol Version 6 (IPv6) the tool sometimes has the name traceroute6.
Traceroute sends a sequence of Internet Control Message Protocol (ICMP) packets addressed to a destination host. Tracing the intermediate routers traversed involves control of the time-to-live (TTL) Internet Protocol parameter. Routers decrement this parameter and discard a packet when the TTL value has reached zero, returning an ICMP error message (ICMP Time Exceeded) to the sender.
Traceroute works by increasing the TTL value of each successive batch of packets sent. The first three packets sent have a time-to-live (TTL) value of one, expecting that they are not forwarded by the first router. The next three packets have a TTL value of 2, so that the second router will send the error reply. This continues until the destination host receives the packets and returns an ICMP Echo Reply message.
The traceroute utility uses the returning ICMP messages to produce a list of hosts that the packets have traversed in transit to the destination. The three timestamp values returned for each host along the path are the delay (aka latency) values, typically measured in milliseconds for each packet in the batch.
Hop 192.168.1.2 Depth 1
Probe status: unsuccessful
Return code: Label-switched at stack-depth 1
Sender timestamp: 2008-04-17 09:35:27 EDT 400.88 msec
Receiver timestamp: 2008-04-17 09:35:27 EDT 427.87 msec
Response time: 26.99 msec
Multipath type: IP
Address Range 1: 127.0.0.64 ~ 127.0.0.127
Label 1 Value 299792 Protocol RSVP-TE
If a packet does not return within the expected timeout window, an asterisk character is printed. Traceroute may not list the real hosts. It indicates that the first host is at one hop, the second host at two hops, etc. The Internet Protocol does not guarantee that all the packets take the same route. Also note that if the host at hop number N does not reply, the hop will be skipped in the output.
On modern Unix-like operating systems, the traceroute utility by default uses User Datagram Protocol (UDP) datagrams with destination port numbers from 33434 to 33534. The traceroute utility usually has an option to specify use of ICMP echo request (type 8) instead, as used by the Windows tracert utility. If a network has a firewall and operates both Unix-like and MS Windows systems, both protocols must be enabled inbound through the firewall.
There are also traceroute implementations that use TCP packets, such as tcptraceroute or layer four traceroute. PathPing is a utility introduced with Windows NT that combines ping and traceroute functionality. mtr (my traceroute) is an enhanced version of ICMP traceroute which is available for Unix-like and Windows systems. All implementations of traceroute rely on ICMP (type 11) packets being sent to the originator.
The implementations of traceroute shipped with Linux, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, and Mac OS X include an option to use ICMP Echo packets (-I) or any arbitrary protocol (-P) such as UDP, TCP, ICMP, or GRE.
Traceroute is often used for network troubleshooting. By showing a list of routers traversed, it allows the user to identify the path taken to reach a particular destination on the network. This can help identify routing problems or firewalls that may be blocking ICMP traffic, or high port UDP in UNIX ping, to a site. Traceroute is also used by penetration testers to gather information about network infrastructure and IP ranges around a given host. It can also be used when downloading data, and if there are multiple mirrors available for the same piece of data, one can trace each mirror to get a good idea of which mirror would be the fastest to use.
 Security concerns
Supplying such detailed information about the pathways taken was considered acceptable and convenient in the early days of the Internet, but later was considered questionable for privacy and security reasons. Traceroute information has been frequently used by hackers as a way to acquire sensitive information about a company's network architecture. By using the traceroute command, a hacker can quickly map out intermediate routers for known destinations on a company's network architecture.
For these reasons, while traceroute was widely unrestricted during the early days of the Internet, today many networks block traceroute requests , or de-prioritize the ICMP time exceeded message that is required to determine round trip time. However, filtering traffic except at network end-points is a controversial practice.
The traceroute manual page states that the original traceroute program was written by Van Jacobson in 1987 from a suggestion by Steve Deering, with particularly cogent suggestions or fixes from C. Philip Wood, Tim Seaver and Ken Adelman. Also, the inventor of the ping program, Mike Muuss, states on his website, that traceroute was written using kernel ICMP support, that he had earlier coded, to enable raw ICMP sockets when he first wrote the ping program.
 See also
 External links
This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.
Full article ▸