Wednesday, 7 June 2017

Trace route application of ICMP


If you have missed out my earlier post on ICMP, you can check it out here. In my previous post, I have explained in-depth about ICMP.
Now coming to traceroute application of ICMP. This is one the most interesting application of ICMP. You can have hands on experience with this. Before I begin explaining how it works first let's see what is it?

What is traceroute?

I know the answer to this question is very simple but believe me, this thing is important and has a lot of applications. So just for the sake of completion, I will answer what is traceroute.
Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. 
There is one another alternative to traceroute, it's called as record route. But unfortunately, this command is not for all. It can be used by network administrator only. You might get the doubt that when both the commands do the same thing then why record route is not allowed for the general public. It's because traceroute is not reliable as compared to record route which gives accurate results. Traceroute is a way of cheating the routers and the destination for getting the information. You will understand this more clearly once you understand how traceroute works?

Now let's find out how to use traceroute command. The usage of traceroute depends on your operating system. Different operating systems have different commands to trace the route.

If you are using a Linux-based system, it's simply traceroute. If you are using windows it's tracert. The following snapshot is from Ubuntu, which shows the traced route of When you type the command: traceroute this is what is showed in Ubuntu.
The command gives the IP addresses of all the hops/routers which it crossed to reach Google server. It also shows the respective time taken to reach these routers and
There is a lot of information given by this traceroute command, but for the time being, I want you to remember the last 3 words of the first line i.e 60-byte packets. You might get the doubt that why is it packets instead of a packet. I will explain it clearly and in-depth. In fact, that line forms the basis of our tutorial. 
Now let's come to the most interesting part of our tutorial, which is how it is done?
Whenever a user gives the traceroute command, the machine initially creates an IP packet. The IP packet contains two very important things inside it. First, the UDP packet with dummy port number and second, an ICMP packet. You will come to know why is it so?
The TTL for the first IP packet is kept as 1. It means that this packet can travel at most 1 hop before it is discarded. So now when this packet crosses 1 hop (i.e the source itself), it reaches router R1 and it's discarded. The router sends back an IP packet embedded with an ICMP packet. The ICMP contains the information like who discarded the packet? why it was discarded? when it was discarded and so on. When this packet reaches the source S, it will give away all this information to S. So now source has the IP address of router R1 which was on the way of the packet.

Now source creates one more IP packet with the same content but with TTL = 2. TTL = 2 means this packet can cross at most 2 hops (including source). Whichever router finds that its TTL = 0, that router will discard it and send back ICMP packet to the source. In this case router R2 discards the packet and sends back an IP packet with an ICMP packet inside it. Now source gets the IP address of the second router.
Similar things happen with router R3 and R4 and source find out there IP address also. The problem is how do we make the destination send an ICMP to us. Remember, if a packet reaches the destination with TTL >= 0 it is accepted by the destination. This is tricky right? 

This is where our UDP packet comes into the picture. I told you we will send a UDP packet inside IP packet with dummy port number ( a port number which is invalid). That dummy port number will help us here. Now when the source sends an IP packet with TTL = 4. The packet crosses all the routers and reaches the destination with TTL = 0. Destination D can happily accept it. But before accepting the packet at the transport layer, D checks to which port number this packet has to be delivered. It finds out that there is no such port number as mentioned in the UDP packet.

Now destination discards the packet and sends back an ICMP to source S. This packet include IP address of destination along with other relevant information. So finally source gets the IP address of destination as well.
After getting all the IP addresses, the traceroute program gives us the output as shown above. 

But if you remember I told you that traceroute is not 100% reliable when compared to record route. Can you tell me why is it not reliable? You can give it a try. Or ping me if you need any explanation on this.

As always thank you for your time. If you have any doubts regarding this or any of other tutorials you can always send me a message. Or even better, put it in the comments section below. 
And follow our Facebook page, and follow me on google+. Don't forget to follow the blog.