Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6864
Views
5
Helpful
7
Replies

How does traceroute work

Go to solution
shelley_wang
Level 1
Level 1

‎08-30-2010 10:12 AM - edited ‎03-06-2019 12:43 PM

Hi,

In what situations, *** are displayed which means a router in the path is not reachable?

Why after *** are displayed, traceroute does not stop, so user sees lines of ***.

Thx,

Jingyi

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lei Tian
Cisco Employee
Cisco Employee

‎08-30-2010 10:49 AM

HI Jingyi,

*** doesnt mean the router is unreachble, it just means the sender doesnt receive the ICMP ttl expired reply.

Here is the steps when IP A trace IP B

1,sender sends ICMP echo to destination B with ttl=1

2,next hop receive the ICMP packet, and reply  ICMP with ttl expired error message.

3,sender receive the ICMP reply or after timeout, sends ICMP echo to destination B with ttl-2

4,2 hops away router recive the ICMP packet, and reply ICMP ttl expired error message.

repeat the above steps until reach the destination, a ICMP destination unreachable error message is sent back to the sender.

On the sender, it will show as '* * *' if it doesn't receive a ICMP reply before timeout. That could because some security policy block the ICMP or just because link congestion.

Regards,

Lei Tian

View solution in original post

7 Replies 7

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-30-2010 10:44 AM 

shelley_wang wrote:
Hi,
In what situations, *** are displayed which means a router in the path is not reachable?
Why after *** are displayed, traceroute does not stop, so user sees lines of ***.
Thx,
Jingyi

Tracroute works by setting the TTL in the ip packet. Every time the packet goes through a L3 hop the TTL is decremented by 1. So the first packet traceroute sends out as a TTL of 1. The first router it gets to sets the TTL to 0 and sends an ICMP unreachable message back to the originating device with it's IP address. Then traceroute sends out another packet with the TTL set to 2 so it will get past the first router and to the second router. And this goes until the TTL is set to 30 usually.

Some routers can be configured not to send ICMP unreachables so you might see a *** instead but that doesn't mean the next router down the line won't send it's IP address so it traceroute does not stop, it simply adds 1 to the TTL and sends the packet out.

If all you see after the first *** is *** then it usually means there is no path to the destination.

Jon

0 Helpful

Go to solution
Lei Tian
Cisco Employee
Cisco Employee
In response to Jon Marshall

‎08-30-2010 10:50 AM

woops, Jon, didn't see your reply while typing.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lei Tian

‎08-30-2010 11:35 AM 

letian wrote:
woops, Jon, didn't see your reply while typing.

Lei

Your's was much better so i'm glad you didn't notice mine

Jon

0 Helpful

Go to solution
Lei Tian
Cisco Employee
Cisco Employee

‎08-30-2010 10:49 AM

HI Jingyi,

*** doesnt mean the router is unreachble, it just means the sender doesnt receive the ICMP ttl expired reply.

Here is the steps when IP A trace IP B

1,sender sends ICMP echo to destination B with ttl=1

2,next hop receive the ICMP packet, and reply  ICMP with ttl expired error message.

3,sender receive the ICMP reply or after timeout, sends ICMP echo to destination B with ttl-2

4,2 hops away router recive the ICMP packet, and reply ICMP ttl expired error message.

repeat the above steps until reach the destination, a ICMP destination unreachable error message is sent back to the sender.

On the sender, it will show as '* * *' if it doesn't receive a ICMP reply before timeout. That could because some security policy block the ICMP or just because link congestion.

Regards,

Lei Tian

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lei Tian

‎08-30-2010 10:51 AM 

letian wrote:
HI Jingyi,
*** doesnt mean the router is unreachble, it just means the sender doesnt receive the ICMP ttl expired reply.
Here is the steps when IP A trace IP B
1,sender sends ICMP echo to destination B with ttl=1
2,next hop receive the ICMP packet, and reply  ICMP with ttl expired error message.
3,sender receive the ICMP reply or after timeout, sends ICMP echo to destination B with ttl-2
4,2 hops away router recive the ICMP packet, and reply ICMP ttl expired error message.
repeat the above steps until reach the destination, a ICMP destination unreachable error message is sent back to the sender.
On the sender, it will show as '* * *' if it doesn't receive a ICMP reply before timeout. That could because some security policy block the ICMP or just because link congestion.
Regards,
Lei Tian

Lei

I knew someone was going to correct me I should have checked before i responded, ie. it is ttl expired message not destination unreachable.

Thanks for clarifying.

Jon

0 Helpful

Go to solution
shelley_wang
Level 1
Level 1
In response to Jon Marshall

‎08-30-2010 11:19 AM

Thanks so much for both of your detailed explanations.

I have 3 questions:

1.      Why the destination unreachable message is sent when destination is actually reached. It does not make logic sense.

2.      Who sends the destination unreachable message if the destination is a host. The local router, or the host?

3.      What if the destination is more than 30 hops away?

Jingyi

0 Helpful

Go to solution
Wassim Aouadi
Level 4
Level 4
In response to shelley_wang

‎07-04-2015 06:37 AM

Hi,

If of any help, please take a look at this blog post:

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card