Reading the Result of Traceroute

The output from traceroute shows you each 'hop' between the source host (where you issued the command) and the destination host (the one specified on the commandline). for each hop, it will show the distance (number of hops), the IP address and/or associated hostname (hostname determined using reverse resolution), and the delay / latency between the source host and the specific hop host.

You may see some odd things. For example, you may see more than one host listed at a given distance. Another example is that you may see no hosts listed at a given distance, but hosts listed further on. These are artifacts of the method used to perform the traceroute.

The tool gets this information by sending a series of UDP packets constructed with an artificial 'time to live' (TTL). The TTL of a packet is used to ensure that routing loops don't result in endless traffic. As a packet passes through a router, it will decrement the TTL for that packet. The TTL will eventually reach zero, at which point the packet will be discarded. When this happens, most routers will also send a special packet to the source of the discarded packet indicating that it is impossible to reach the destination, just to help out. This packet is an ICMP (Internet Control Message Protocol) destination unreachable message.

Traceroute starts with a TTL of 1, and sends three UDP packets with this TTL. It then listens for the destination unreachable messages. It will show you where the message came from (the host), how long it took for that host to respond (latency), and what the TTL was when that host indicated that your target couldn't be reached with such a low TTL. It then repeats until it gets a different message indicating that there is nothing listening at that UDP port on the target host.