Traceroute and Tracert – 2 Important command

August 12, 2019

Traceroute (or Tracert on Windows) is a diagnostic tool that maps the route of packets from a source to a destination using ICMP Echo Request packets. It displays each hop (router) along the path, helping network engineers troubleshoot connectivity issues. This guide is tailored for CCNA and CCNP students to master Traceroute for exams and real-world networking.

Table of Contents

Understanding ICMP and TTL in Traceroute

What is ICMP?

The Internet Control Message Protocol (ICMP) is a network-layer protocol used for error messaging and diagnostics in IP networks. Traceroute relies on ICMP Echo Request (type 8) packets sent to the destination and ICMP Time Exceeded (type 11) or Echo Reply (type 0) messages returned by intermediate routers or the destination. For CCNA students, understanding ICMP is crucial for troubleshooting connectivity issues.

How TTL Works

The Time-to-Live (TTL) field in an IP packet header prevents packets from looping indefinitely. Each router decrements the TTL by at least 1 before forwarding the packet. When the TTL reaches 0, the router discards the packet and sends an ICMP Time Exceeded message back to the source. Traceroute exploits this by sending packets with incrementally increasing TTL values (starting at 1) to map the path to the destination.

How Traceroute Works

Traceroute sends packets with incrementally increasing TTL values (starting at 1). Each router decrements the TTL by at least 1. When the TTL reaches 0, the router sends an ICMP Time Exceeded message back to the source. This process repeats until the destination responds or the maximum TTL (default 30) is reached.

Windows Command: tracert networkustad.com

Cisco Router Command: Router# traceroute networkustad.com

Figure 1 shows an example output of the tracert command entered on host 4 to trace the route to host 1. The only successful response was from the gateway on Router Peshawar and from router Karak.

A network diagram titled "Tracert From Host 4 to Host 1" showing a traceroute from Host 4 to Host 1 across a network. The diagram includes laptops labeled Host 1 (0.2), Host 2 (0.3), Host 3 (1.2), and Host 4 (1.3), connected through switches Sw.Karak and Sw.Peshawar. IP addresses include 192.168.0.24 (Sw.Karak), 172.16.0.30 (Karak), 192.168.1.24 (Sw.Peshawar), and 3560-24PS switches. A command prompt window displays the traceroute command "tracert 192.168.0.2" with results showing hop 1 to 192.168.1.1 (1 ms response), hop 2 to 172.16.0.1 (request timed out), and subsequent hops 3 to 19 all timing out.

Analyzing a Tracert Output

Below is a sample tracert output from a Windows host (Host 4) tracing the route to a destination (Host 1):

Tracing route to host1.example.com [192.168.10.10] over a maximum of 30 hops:

  1    2 ms    1 ms    1 ms  192.168.1.1   [Router_Peshawar]
  2    5 ms    4 ms    5 ms  172.16.0.1      [Router_Karak]
  3    *       *       *     Request timed out.
  4    *       *       *     Request timed out.

Interpretation

Hop 1 (192.168.1.1): The first hop is the default gateway (Router Peshawar), responding in 1-2 ms, indicating a healthy LAN connection.

Hop 2 (10.0.0.1): The second hop is Router Karak, with slightly higher latency (4-5 ms), suggesting it’s further in the network.

Hops 3-18 (Timeouts): The asterisks (*) indicate no response, likely due to:

A firewall blocking ICMP Echo Requests.
The destination (Host 1) not responding to ICMP.
A network failure beyond Router Karak.

Network Topology for Traceroute Example

The Traceroute example involves a network with the following topology:

Host 4: A Windows PC (192.168.1.100) in a LAN.
Router Peshawar: The default gateway (192.168.1.1) connects the LAN to the WAN.
Router Karak: An intermediate router (10.0.0.1) in the WAN.
Host 1: The destination server (192.168.10.10), reachable via multiple hops.

Tracert Command Switches

The tracert command on Windows and traceroute on Cisco routers support several switches to customize behavior. Below are key switches for CCNA/CCNP students:

-d: Prevents resolving IP addresses to hostnames, speeding up the trace. Example: tracert -d 8.8.8.8.
-h maximum_hops: Sets the maximum number of hops (default is 30). Useful for limiting traces in large networks. Example: tracert -h 10 google.com.
-j host-list: Specifies a loose source route (IPv4 only), allowing you to influence the path. Example: tracert -j 10.0.0.1 8.8.8.8.
-w timeout: Sets the timeout (in milliseconds) for each reply. Useful for slow networks. Example: tracert -w 1000 networkustad.com.
-4: Forces IPv4 (Windows only). Example: tracert -4 google.com.
–6: Forces IPv6 (Windows only). Example: tracert -6 google.com.

Troubleshooting with Traceroute

Traceroute is a powerful tool for diagnosing network issues. Below are common scenarios:

Timeouts at All Hops:

Cause: A firewall is blocking ICMP Echo Requests.
Solution: Check firewall rules or use a different protocol (e.g., UDP-based traceroute on Linux with traceroute -U).

Unexpected High Latency:

Cause: Congestion or a suboptimal route.
Solution: Compare Traceroute outputs over time or use pathping for detailed statistics.

Destination Unreachable:

Cause: The destination doesn’t respond to ICMP or is offline.
Solution: Verify the destination’s status with ping or check routing tables.

Traceroute with IPv6

IPv6 Traceroute works similarly to IPv4 but uses ICMPv6 messages (Type 128 for Echo Request, Type 3 for Time Exceeded). Use the -6 switch on Windows or specify an IPv6 address on Cisco routers.

Examples

tracert -6 2001:4860:4860::8888
Router# traceroute ipv6 2001:4860:4860::8888

FAQs

What is the difference between tracert and traceroute?

tracert is used on Windows, while traceroute is used on Cisco routers and Unix-based systems (e.g., Linux, macOS). Both perform the same function but differ in syntax and options.
Why do I see asterisks (*) in Traceroute output?
Can Traceroute work with IPv6?
How does Traceroute help in CCNA/CCNP exams?
What tools are similar to Traceroute?