How does traceroute work

Answered Question
Aug 30th, 2010

Hi,

In what situations, *** are displayed which means a router in the path is not reachable?

Why after *** are displayed, traceroute does not stop, so user sees lines of ***.

Thx,

Jingyi

I have this problem too.
0 votes
Correct Answer by Lei Tian about 6 years 3 months ago

HI Jingyi,

*** doesnt mean the router is unreachble, it just means the sender doesnt receive the ICMP ttl expired reply.

Here is the steps when IP A trace IP B

1,sender sends ICMP echo to destination B with ttl=1

2,next hop receive the ICMP packet, and reply  ICMP with ttl expired error message.

3,sender receive the ICMP reply or after timeout, sends ICMP echo to destination B with ttl-2

4,2 hops away router recive the ICMP packet, and reply ICMP ttl expired error message.

repeat the above steps until reach the destination, a ICMP destination unreachable error message is sent back to the sender.

On the sender, it will show as '* * *' if it doesn't receive a ICMP reply before timeout. That could because some security policy block the ICMP or just because link congestion.

Regards,

Lei Tian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Mon, 08/30/2010 - 10:44

shelley_wang wrote:

Hi,

In what situations, *** are displayed which means a router in the path is not reachable?

Why after *** are displayed, traceroute does not stop, so user sees lines of ***.

Thx,

Jingyi

Tracroute works by setting the TTL in the ip packet. Every time the packet goes through a L3 hop the TTL is decremented by 1. So the first packet traceroute sends out as a TTL of 1. The first router it gets to sets the TTL to 0 and sends an ICMP unreachable message back to the originating device with it's IP address. Then traceroute sends out another packet with the TTL set to 2 so it will get past the first router and to the second router. And this goes until the TTL is set to 30 usually.

Some routers can be configured not to send ICMP unreachables so you might see a *** instead but that doesn't mean the next router down the line won't send it's IP address so it traceroute does not stop, it simply adds 1 to the TTL and sends the packet out.

If all you see after the first *** is *** then it usually means there is no path to the destination.

Jon

Jon Marshall Mon, 08/30/2010 - 11:35

letian wrote:

woops, Jon, didn't see your reply while typing.

Lei

Your's was much better so i'm glad you didn't notice mine

Jon

Correct Answer
Lei Tian Mon, 08/30/2010 - 10:49

HI Jingyi,

*** doesnt mean the router is unreachble, it just means the sender doesnt receive the ICMP ttl expired reply.

Here is the steps when IP A trace IP B

1,sender sends ICMP echo to destination B with ttl=1

2,next hop receive the ICMP packet, and reply  ICMP with ttl expired error message.

3,sender receive the ICMP reply or after timeout, sends ICMP echo to destination B with ttl-2

4,2 hops away router recive the ICMP packet, and reply ICMP ttl expired error message.

repeat the above steps until reach the destination, a ICMP destination unreachable error message is sent back to the sender.

On the sender, it will show as '* * *' if it doesn't receive a ICMP reply before timeout. That could because some security policy block the ICMP or just because link congestion.

Regards,

Lei Tian

Jon Marshall Mon, 08/30/2010 - 10:51

letian wrote:

HI Jingyi,

*** doesnt mean the router is unreachble, it just means the sender doesnt receive the ICMP ttl expired reply.

Here is the steps when IP A trace IP B

1,sender sends ICMP echo to destination B with ttl=1

2,next hop receive the ICMP packet, and reply  ICMP with ttl expired error message.

3,sender receive the ICMP reply or after timeout, sends ICMP echo to destination B with ttl-2

4,2 hops away router recive the ICMP packet, and reply ICMP ttl expired error message.

repeat the above steps until reach the destination, a ICMP destination unreachable error message is sent back to the sender.

On the sender, it will show as '* * *' if it doesn't receive a ICMP reply before timeout. That could because some security policy block the ICMP or just because link congestion.

Regards,

Lei Tian

Lei

I knew someone was going to correct me I should have checked before i responded, ie. it is ttl expired message not destination unreachable.

Thanks for clarifying.

Jon

shelley_wang Mon, 08/30/2010 - 11:19

Thanks so much for both of your detailed explanations.

I have 3 questions:

1.      Why the destination unreachable message is sent when destination is actually reached. It does not make logic sense.

2.      Who sends the destination unreachable message if the destination is a host. The local router, or the host?

3.      What if the destination is more than 30 hops away?

Jingyi

Actions

This Discussion