I have realized that some simple routing problems started to be not solved easily and not clearly understood by my technical friends in our company. Because of that, I decided to explain what traceroute means in order to help them.The reason I chose to add “Indeed” in my headline is that traceroute protocol is a gun of network guy.It is indeed your gun.It is the gun that provides to find path of your network.
Firstly, you should be familiar with 20 byte of IP header.Now we will focus only one byte of it.It is TTL. Time to live.Why is TTL important? Because TTL prevents of sending the packet on internet infinitely. During forwarding of packets, each router decreases TTL value 1 hop by hop.Consider you send a packet to any destination and next router forwards it to next router and TTL value is finally becoming 0.That is “time to live exceeded” response to sender if that router is not destination itself on sent packet.Thereby, TTL is touchstone of traceroute.
How does traceroute use TTL?The critical point of understanding traceroute is to be able to receive a response “time to live exceeded” message from on each hop.If a sender receives this message, it will start to learn the path.But keep in mind that only last true hop, that is destination IP, will send another message to show itself is a destination and makes traceroute complete. When you take traceroute to destination IP, first hop creates its TTL header 1 and send first hop’s gateway. This packet is a simple icmp request that is Type 8 of icmp which means echo request.Since the gateway is not destination IP, it will decreases the TTL -1.Then as you will see clearly, TTL will be zero. Then the gateway sends “time to live exceeded” message to sender. This message is Type 11 of icmp.That’s mean first hop is learned.Now turn is on to learn second hop of path until the destination. Now sender will creates its TTL as 2 and sends the packet towards destination. As you know, first hop which is gateway will decrease TTL -1 and forward to next hop. Now TTL is not 0 as previous. Now it is 1. Second hop receives the packet. It decreases TTL -1 and since this hop is not destination it will try to forward packet. But now TTL is 0.Hence, second hop sends “time to live exceeded” message to sender. This process proceeds until to last hop, which is destination. How does sender understand it reaches the destination? Simply it will give another message to sender other than “time to live exceeded” message. This is simply icmp reply of echo request which is sent. This is Type 0 of icmp.
Up to now, we understand to observing path of IP. However, to use this knowledge is not clear as it is thought on during routing problems at first.Engineer should know where routing protocol is not correct and fix it. The critical question is that when there is missing route on path , can you know which the router that the packet remains on it and why? If you understand above process, you should. The only thing that you keep in your mind is that ” can the sender be able to receive TTL exceeded message that we mention above from the routers or not”. The router that can send any message to sender is known and if next router cannot send any message because of routing error, you see the last router IP that is known on your traceroute output. Here, engineer decides that if route problem is sourced by the last known router or next router. Engineer checks the route table of last known router. Assume that the route is corect towards wanted destination on this router. This means echo request (Type 8) packet can be forwarded from this router towards correct router. However, problem still continues you should check routing table of next router. When you check it you will see that the route of source/sender is not correct and that means sender cannot receive TTL exceeded message because of this routing error. When you fix it,traceroute will continue.
To summarize, the secret of understanding routing protocols error is that if sender can or cannot receive time to live exceeded message from routers which are on path.As long as sender can be able to receive this message, there is no routing error. If not, you should check route tables of last router that you see on traceroute output and next router after it.
Note: This is windows algorithms and tracert command is used.Linux has different last message from destination because of sending UDP and certain ports.It is port unreachable message.