Traceoute is a popular program for tracing a packet's route from any source host to any destination host in the Internet. Before we explain what traceroute does and how it works, first try running the traceroute program. In the box below, enter the name of any host, such as surf.eurecomf.fr or www.mit.edu. The host name that you enter will be sent to a server located at IBM Israel in Tel-Aviv, Israel. The host in Tel-Aviv will respond with the route taken from Tel-Aviv to the host you have listed in the box below. After running the program, return to this page for a discussion of the traceroute program.
Leave empty to find the route to your browser.
After having traced the route from Tel-Aviv to your favorite host, try it again with a new starting place – Dana Point in sunny southern California.
The main packet switches in the Internet are called routers, and routers use datagram routing. Specifically, when a source constructs a packet, it appends the destination address onto the packet. When the packet arrives at a router, the switch determines the appropriate outgoing link for the packet by examining the packet's destination address.
Traceroute is a little program that can run in any Internet host. When the user specifies a destination host name, the program sends multiple packets towards that destination. As these packets work their way towards the destinations, they pass through a series of routers. When a router receives one of these packets, it sends a little message back to the source. This message contains the name and address of the router.
More specifically, suppose there are N−1 routers between the soruce and the destination. Then the source will send N packets into the network, with each packet addressed to the ultimate destination. These packets are also marked 1 through N, with the first of the N packets marked 1 and the last of the N packets marked N. When the nth router receives the nth packet marked n, the router destroys the packet and sends a message to the source. And when the destination host receives the Nth packet, the destination destoys it as well, but again returns a message back to the source. The source records the time that elapses from when it sends a packet until when it receives the corresponding return message; it also records the name and address of the router (or the destination host) that returns the message. In this manner, the source can reconstruct the route taken by packets flowing from source to destination, and the source can determine the round-trip delays to all the intervening routers. Traceroute actually repeats the experiment just described three times, so the source actually sends 3×N packets to the destination.
The [RFC 1393] describes traceout in detail. The Internet Encyclopedia as also gives an overview of how traceroute works.
Here is an example of the output of the traceroute program, where the route is being traced from the source host eniac.seas.upenn.edu (at the University of Pennsylvania) to diane.ibp.fr (at the University of Paris VI). The output has six columns: the first column is the n value described above, i.e., the number of the router along the route; the second column is the name of the router; the third column is the address of the router (of the form xxx.xxx.xxx.xxx); the last three columns are the round-trip delays for three experiments. If the source receives less than three messages from any given router, because of packet loss in the network, traceroute places an asterisk just after the router number and reports less than three round-trip times for that router.
1 GW.CIS.UPENN.EDU (126.96.36.199) 3 ms 2 ms 1 ms 2 DEFAULT7-GW.UPENN.EDU (188.8.131.52) 3 ms 1 ms 2 ms 3 184.108.40.206 (220.127.116.11) 3 ms 4 ms 3 ms 4 border2-hssi1-0.WestOrange.mci.net (18.104.22.168) 6 ms 6 ms 6 ms 5 core1-fddi-1.WestOrange.mci.net (22.214.171.124) 7 ms 6 ms 6 ms 6 somerouter.sprintlink.net (126.96.36.199) 16 ms 305 ms 192 ms 7 somerouter.sprintlink.net (188.8.131.52) 20 ms 196 ms 18 ms 8 sl-dc-6-H2/0-T3.sprintlink.net (184.108.40.206) 19 ms 18 ms 24 ms 9 220.127.116.11 (18.104.22.168) 19 ms 24 ms 18 ms 10 gsl-dc-3-Fddi0/0.gsl.net (22.214.171.124) 19 ms 18 ms 20 ms 11 * raspail-ip.eurogate.net (126.96.36.199) 133 ms 94 ms 12 raspail-ip2.eurogate.net (188.8.131.52) 93 ms 95 ms 97 ms 13 184.108.40.206 (220.127.116.11) 200 ms 94 ms 209 ms 14 stamand1.renater.ft.net (18.104.22.168) 105 ms 101 ms 105 ms 15 stlambert.rerif.ft.net (22.214.171.124) 108 ms 102 ms 95 ms 16 danton1.rerif.ft.net (126.96.36.199) 110 ms 97 ms 91 ms 17 u-jussieu-paris.rerif.ft.net (188.8.131.52) 94 ms 96 ms 100 ms 18 r-jusren.reseau.jussieu.fr (184.108.40.206) 100 ms 94 ms 100 ms 19 r-ibp.reseau.jussieu.fr (220.127.116.11) 96 ms 100 ms 94 ms 20 masi.ibp.fr (18.104.22.168) 121 ms 100 ms 97 ms 21 * diane.ibp.fr (22.214.171.124) 105 ms 102 ms
In the above trace there are no routers between the source and the destination. Most of these routers have a name, and all of them have addresses. For example, the name of router 8 is sl-dc-6-H2/0-T3.sprintlink.net and its address is 126.96.36.199. Looking at the data provided for this same router, we see that in the first of the three trials the roundtrip delay between the source and the router 8 was 19 msec. The roundtrip delays for the subsequent two trials were 18 and 24 msec. These roundtrip delays include packet propagation delays, router processing delays, and queueing delays due to congestion in the Internet. Because the congestion is varying with time, the roundtrip delay to a router n can actually be longer than the roundtrip delay to router n+1. Note in the above example that there is a big jump in the round-trip delay when going from router 10 to router 11. This is because the link between routers 10 and 11 is a transatlantic link.
Want to try out traceroute from some other starting points besides Tel-Aviv and Dana Point? Then visit Yahoo's List of sites offering route tracing.
Return to Table Of Contents
Copyright Keith W. Ross and Jim Kurose 1996–1998