|  Categories:  Tech  

I'm ashamed to say that I never really understood the inner workings of the traceroute utility. But now that I understand it, I'll use this post to document what I've learned. First, let's touch on Time to Live (TTL). It is a way to see the route a packet of data takes when traversing through a network. If you send an email, that gets wrapped up and traverses the internet and has a TTL. TTLs have a starting number (specific to an operating system) that decrements when going through Layer 3 devices (routers, L3 Switches, Load Balancers) also known as an hop. If it reaches 0 before reaching its destination, you get an error message (using ICMP on Layer 4) letting you know that your destination was unreachable. If you send a packet out and it gets stuck in a loop, the TTL will go down to 0 and not continue trying to send a packet whilst unable to get to its destination. The max value of a TTL is 255 but as mentioned, different operating systems use different TTLs. Ok. That's a lot. But hopefully it makes sense. What Traceroute does, it starts off with a TTL of 1, which in turn allows it to reach the first hop and nothing else because the TTL decrements to 0 right away. Next up the TTL changes to 2 which connects to the first and second hop. It does this all the way to its destination, in effect letting you know the hops a packet takes. Super useful if you want to better understand a network. There is also TCP-Traceroute that allows you to track a packet tied to a specific port. A packet being sent to a web server might take a different route from one being sent to an SMTP server. Hope that was helpful.

Add comment