Traceroute is an awesome utility that lets you discover the paths between two nodes, and gives you information about each hop along the way. The way Traceroute works is through a clever manipulation technique of the TTL field at the IP Level.

TTL field in the packet is decremented by one every time it hops a router. When the TTL field reaches zero, the packet is discarded and an ICMP time-exceeded message is sent back to the originating host.

Traceroute uses the TTL field by first setting it to 1 for the first packet, then 2 for second, 3 for the third and so on. By doing this clever little action, Traceroute makes sure that the very first packet sent will be discarded by the first router hop, second and so on. This results in an ICMP time-exceeded message. This continues until the packet finally makes it all the way to its destination.

For each hop, Traceroute will send three identical packets. (kinda like WAN packets). Just like with Ping, the output of a Traceroute command is pretty simple.

On each line, you’ll see the number of the hop and the round trip time for all three packets. You will also see the IP of the device at each hop and a host name if Traceroute can resolve one. On Linux and Mac OS, Traceroute sends UDP packets to very high port numbers. On Windows, the command has a shortened name tracert, and defaults to using ICMOP echo requests.

On all platforms, Traceroute has more options than can be specified using command line flags.

Two more tools that are similar to Traceroute are mtr on Linux and Mac OS and pathping on Windows. These two tools act as long running trace routes. So you can better see how things change over a period of time.

Mtr works in real time and will continually update its output with all the curren aggregate data about Traceroute. You can compare this with pathping, which runs for 50 seconds and then dipslays the final aggregate data all at once.