Traceroute is a little program that can run in any Internet host. When the user specifies a destination host name, the program sends multiple packets towards that destination. As these packets work their way towards the destinations, they pass through a series of routers. When a router receives one of these packets, it sends a little message back to the source. This message contains the name and address of the router.
More specifically, suppose there are N-1 routers between the soruce and the destination. Then the source will send N packets into the network, with each packet addressed to the ultimate destination. These packets are also marked 1 through N, with the first of the N packets marked 1 and the last of the N packets marked N. When the nth router receives the nth packet marked n, the router destroys the packet and sends a message to the source. And when the destination host receives the Nth packet, the destination destoys it as well, but again returns a message back to the source. The source records the time that elapses from when it sends a packet until when it receives the corresponding return message; it also records the name and address of the router (or the destination host) that returns the message. In this manner, the source can reconstruct the route taken by packets flowing from source to destination, and the source can determine the round-trip delays to all the intervening routers. Traceroute actually repeats the experiment just described three times, so the source actually sends 3*N packets to the destination.
The [RFC 1393] describes traceout in detail. The Internet Encyclopedia as also gives an overview of how traceroute works.
Here is an example of the output of the traceroute program, where the route is being traced from the source host eniac.seas.upenn.edu (at the University of Pennsylvania) to diane.ibp.fr (at the University of Paris VI). The output has six columns: the first column is the n value described above, i.e., the number of the router along the route; the second column is the name of the router; the third column is the address of the router (of the form xxx.xxx.xxx.xxx); the last three columns are the round-trip delays for three experiments. If the source receives less than three messages from any given router, because of packet loss in the network, traceroute places an asterisk just after the router number and reports less than three round-trip times for that router.
1 GW.CIS.UPENN.EDU (130.91.6.254) 3 ms 2 ms 1 ms
2 DEFAULT7-GW.UPENN.EDU (165.123.247.8) 3 ms 1 ms 2 ms
3 192.204.183.1 (192.204.183.1) 3 ms 4 ms 3 ms
4 border2-hssi1-0.WestOrange.mci.net (204.70.66.5) 6 ms 6 ms 6 ms
5 core1-fddi-1.WestOrange.mci.net (204.70.64.33) 7 ms 6 ms 6 ms
6 somerouter.sprintlink.net (206.157.77.106) 16 ms 305 ms 192 ms
7 somerouter.sprintlink.net (206.157.77.106) 20 ms 196 ms 18 ms
8 sl-dc-6-H2/0-T3.sprintlink.net (144.228.10.33) 19 ms 18 ms 24 ms
9 198.67.0.1 (198.67.0.1) 19 ms 24 ms 18 ms
10 gsl-dc-3-Fddi0/0.gsl.net (204.59.144.197) 19 ms 18 ms 20 ms
11 * raspail-ip.eurogate.net (194.206.207.6) 133 ms 94 ms
12 raspail-ip2.eurogate.net (194.206.207.57) 93 ms 95 ms 97 ms
13 194.206.207.17 (194.206.207.17) 200 ms 94 ms 209 ms
14 stamand1.renater.ft.net (192.93.43.185) 105 ms 101 ms 105 ms
15 stlambert.rerif.ft.net (192.93.43.117) 108 ms 102 ms 95 ms
16 danton1.rerif.ft.net (193.48.53.50) 110 ms 97 ms 91 ms
17 u-jussieu-paris.rerif.ft.net (193.48.58.122) 94 ms 96 ms 100 ms
18 r-jusren.reseau.jussieu.fr (192.44.54.126) 100 ms 94 ms 100 ms
19 r-ibp.reseau.jussieu.fr (134.157.254.250) 96 ms 100 ms 94 ms
20 masi.ibp.fr (132.227.60.23) 121 ms 100 ms 97 ms
21 * diane.ibp.fr (132.227.64.48) 105 ms 102 ms
In the above trace there are no routers between the source and the destination. Most of these routers have a name, and all of them have addresses. For example, the name of router 8 is sl-dc-6-H2/0-T3.sprintlink.net and its address is 144.228.10.33. Looking at the data provided for this same router, we see that in the first of the three trials the roundtrip delay between the source and the router 8 was 19 msec. The roundtrip delays for the subsequent two trials were 18 and 24 msec. These roundtrip delays include packet propagation delays, router processing delays, and queueing delays due to congestion in the Internet. Because the congestion is varying with time, the roundtrip delay to a router n can actually be longer than the roundtrip delay to router n+1. Note in the above example that there is a big jump in the round-trip delay when going from router 10 to router 11. This is because the link between routers 10 and 11 is a transatlantic link.
Want to try out traceroute from some other starting points besides Tel-Aviv and Dana Point? Then visit Yahoo's List of sites offering route tracing.
References
[RFC 1393] G. Malkin, "Traceroute Using an IP
Option," RFC
1393, January 1993.
Copyright Keith W. Ross and Jim Kurose 1996-1998