How does traceroute work

Answered Question
Aug 30th, 2010
User Badges:

Hi,

In what situations, *** are displayed which means a router in the path is not reachable?

Why after *** are displayed, traceroute does not stop, so user sees lines of ***.

Thx,

Jingyi

Correct Answer by Lei Tian about 6 years 9 months ago

HI Jingyi,


*** doesnt mean the router is unreachble, it just means the sender doesnt receive the ICMP ttl expired reply.

Here is the steps when IP A trace IP B

1,sender sends ICMP echo to destination B with ttl=1

2,next hop receive the ICMP packet, and reply  ICMP with ttl expired error message.

3,sender receive the ICMP reply or after timeout, sends ICMP echo to destination B with ttl-2

4,2 hops away router recive the ICMP packet, and reply ICMP ttl expired error message.

repeat the above steps until reach the destination, a ICMP destination unreachable error message is sent back to the sender.


On the sender, it will show as '* * *' if it doesn't receive a ICMP reply before timeout. That could because some security policy block the ICMP or just because link congestion.


Regards,

Lei Tian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Mon, 08/30/2010 - 10:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

shelley_wang wrote:


Hi,

In what situations, *** are displayed which means a router in the path is not reachable?

Why after *** are displayed, traceroute does not stop, so user sees lines of ***.

Thx,

Jingyi


Tracroute works by setting the TTL in the ip packet. Every time the packet goes through a L3 hop the TTL is decremented by 1. So the first packet traceroute sends out as a TTL of 1. The first router it gets to sets the TTL to 0 and sends an ICMP unreachable message back to the originating device with it's IP address. Then traceroute sends out another packet with the TTL set to 2 so it will get past the first router and to the second router. And this goes until the TTL is set to 30 usually.


Some routers can be configured not to send ICMP unreachables so you might see a *** instead but that doesn't mean the next router down the line won't send it's IP address so it traceroute does not stop, it simply adds 1 to the TTL and sends the packet out.


If all you see after the first *** is *** then it usually means there is no path to the destination.


Jon

Lei Tian Mon, 08/30/2010 - 10:50
User Badges:
  • Cisco Employee,

woops, Jon, didn't see your reply while typing.

Jon Marshall Mon, 08/30/2010 - 11:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

letian wrote:


woops, Jon, didn't see your reply while typing.


Lei


Your's was much better so i'm glad you didn't notice mine


Jon

Correct Answer
Lei Tian Mon, 08/30/2010 - 10:49
User Badges:
  • Cisco Employee,

HI Jingyi,


*** doesnt mean the router is unreachble, it just means the sender doesnt receive the ICMP ttl expired reply.

Here is the steps when IP A trace IP B

1,sender sends ICMP echo to destination B with ttl=1

2,next hop receive the ICMP packet, and reply  ICMP with ttl expired error message.

3,sender receive the ICMP reply or after timeout, sends ICMP echo to destination B with ttl-2

4,2 hops away router recive the ICMP packet, and reply ICMP ttl expired error message.

repeat the above steps until reach the destination, a ICMP destination unreachable error message is sent back to the sender.


On the sender, it will show as '* * *' if it doesn't receive a ICMP reply before timeout. That could because some security policy block the ICMP or just because link congestion.


Regards,

Lei Tian

Jon Marshall Mon, 08/30/2010 - 10:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

letian wrote:


HI Jingyi,


*** doesnt mean the router is unreachble, it just means the sender doesnt receive the ICMP ttl expired reply.

Here is the steps when IP A trace IP B

1,sender sends ICMP echo to destination B with ttl=1

2,next hop receive the ICMP packet, and reply  ICMP with ttl expired error message.

3,sender receive the ICMP reply or after timeout, sends ICMP echo to destination B with ttl-2

4,2 hops away router recive the ICMP packet, and reply ICMP ttl expired error message.

repeat the above steps until reach the destination, a ICMP destination unreachable error message is sent back to the sender.


On the sender, it will show as '* * *' if it doesn't receive a ICMP reply before timeout. That could because some security policy block the ICMP or just because link congestion.


Regards,

Lei Tian

Lei


I knew someone was going to correct me I should have checked before i responded, ie. it is ttl expired message not destination unreachable.


Thanks for clarifying.


Jon

shelley_wang Mon, 08/30/2010 - 11:19
User Badges:

Thanks so much for both of your detailed explanations.


I have 3 questions:

1.      Why the destination unreachable message is sent when destination is actually reached. It does not make logic sense.

2.      Who sends the destination unreachable message if the destination is a host. The local router, or the host?

3.      What if the destination is more than 30 hops away?


Jingyi

Actions

This Discussion