Analysing Traceroute Information

HI,

What azhad told is exactly correct. The sender send three packets at different attempts. It sends the first packet with TTL(Time to Live) value 1. The TTL value is decremented at each forwarding router. If the TTL is zero then the router throw away the packet and sends Time Exeeded Message(TEM) to the sender. The second packet with TTL value 2 and like wise.


Thank you
Prabhu K

sorry about this, but i should have checked dove's analysis of traceroute info. it is indeed incorrect.

i am sorry to say that most of the explanations given here is not correct. here's the explanation to dispell the confusion :
the command tracert is used to determine a valid path between the source and the destination. it can also be used to troubleshoot a link as well. it works on the principle of incremental pinging between all intermidiate hosts. lets take for example between your pc and the pc you wanted to reach, there are 4 other intermidiate network nodes each with a different IP address. what exactly happens is that between each of these nodes, individual pinging takes place. now we all know pinging is a three fold method where ICMP packets are sent thrice and the max, min and average time for response is calculated.
the basic traceroute packet passes through all the intermediate nodes, and the TTL value, instead of being decremented (which happens in normal pinging) is incremented. this is to check the 30 default hops of the traceroute.
between each individual nodes, the immediate node which has received the traceroute packet, checks if it is the destination. if not then it pings the next node which will lead to the destination. it hence does a normal ping three times as per rule on the next immediate node, and sends the results back to the source. that is why against each hop you see three values. this does not signify the TTL of the traceroute itself, it only shows you how much time it took for a ICMP packet to travel between the node which received your traceroute packet, and the next intermediate node which this node is forwarding the traceroute packet to.
everthing else remains the same. the same rule for ping applies when one intermediate node cannot reach the next node. this is because as i said before, traceroute is inherently a multiple ping operation between intermediate nodes. the only thing different here is the TTL for a traceroute is incremented, but the TTL for a ping is decremented. hence you tend to get the same error codes for a ping, when a traceroute operation has failed somewhere between two intermediate nodes.
hope this clears all confusions. for further info check RFC 1574
cheers

traceroute is inherently a multiple ping operation between intermediate nodes. the only thing different here is the TTL for a traceroute is incremented, but the TTL for a ping is decremented. hence you tend to get the same error codes for a ping, when a traceroute operation has failed somewhere between two intermediate nodes.
hope this clears all confusions. for further info check RFC 1574
cheers

Yes, the first host increases TTL with every batch of packets. But the intermediate nodes still decrease the TTL in the packets before forwarding them (even in traceroute), once TTL reaches zero, the intermediate node discards the packet and sends an ICMP time exceeded back to the source. thats were the source knows about this intermediate hop. The next batch of packets will have the TTL increased by one.

More here: en.wikipedia.org/wiki/Trace_route

Please correct me if I'm wrong.

hi patchi,
if you read the rfc carefully you will find out that you are not wrong. what i didn't want to explain to avoid confusion was this fact. between two intermediate nodes, the traceroute function works exactly like a normal ping. i did reiterate the fact that traceroute is a multiple ping function.
cheers