Traceroute leverages TTL (time-to-live) to avoid network loops. Each time a packet hits a router, the TTL value decreases by one until it reaches zero, and the device drops the box.
Traceroutes can help you identify ISP issues, investigate cyberattacks and test network performance. However, it’s important to understand how to interpret the results and identify trends.
Make sure the routers are working properly
Traceroute is a handy tool to use when troubleshooting connection and performance issues. It shows the path data packets take between network gateways and identifies potential bottlenecks. The command can be used on both ICMP-based and UDP-based networks. However, before implementing it, you must be aware of what does a traceroute do. It is noted that ICMP is more reliable. To start a traceroute, type “traceroute [hostname]” at the command prompt and press enter. The results will display a list of the network gateways your data packets passed through on their way to the destination and the milliseconds it took for each hop.
The first line of the result will display your router’s IP address and hostname (if available). The other lines will show the other routers’ IP addresses in the destination’s path. The RTT values (round trip time) displayed in the other columns represent how long data travels to and from each router.
Pay attention to the lines containing asterisks, which indicate no reply from the router at that hop. This can happen if the router is configured to ignore traceroute traffic or if a security device on the network is blocking the request. It can also occur if the device is experiencing congestion or load balancing. If so, work with your ISP to resolve the issue.
Use a TCP-based trace instead of an ICMP-based trace
As a network administrator, you might be familiar with the traceroute tool. This utility lets you see the route data takes from your system to a destination server. But you may need to learn how to interpret the results.
In a typical ICMP-based traceroute, each packet’s time to live (TTL) decreases with every hop from your system to the destination server. After a certain amount of time, the router will send back an ICMP message to inform the sender that the TTL has expired and must send another packet.
However, not all routers will do this, so if you notice a large “jump” in latency at one of the hops on your traceroute report, that doesn’t necessarily mean a problem with that router. This could be a sign of a saturated network link, a slow network connection, or even a temporary network congestion issue.
To help avoid this, you can use a TCP-based traceroute. This will ensure that the TTL value does not drop to zero immediately and will continue increasing with each hop until a timeout is reached or the destination host is discovered. This will help you see more details of your data path and allow you to diagnose potential issues more accurately.
Check the RTT values
As the data packets travel from your computer to the destination device, each one experiences a delay. The delay duration, the RTT or round-trip time, depends on several factors. One of the biggest contributors is the network hardware the data passes through. Issues with routers or switches can slow down data transmission. Additionally, a web page may take longer with large images or require multiple third-party providers to deliver content.
When you run a traceroute, the output includes columns displaying each hop’s RTT values. A high value indicates a longer delay than usual. A jump in the RTT value can be caused by various reasons, including congestion, router or switch issues, and security devices blocking incoming packets.
The RTT values are based on a network mechanism called TTL, or Time to Live. Each time a packet passes through a router, the TTL value decreases by 1. Once the TTL reaches 0, the router will drop the box and send back an ICMP message indicating that the packet was discarded. Traceroute then records the egress interface for the device on which the ICMP message was received as the next hop.
Many potential problems with your network become apparent when you look at the average latency over a set of hops. The key is to identify trends over the entire set of results. A sudden change in latency can indicate a problem, but most issues are much more subtle and are only noticeable when you see consistent breaks in latency.
Check the number of hops
When analyzing traceroute results, the number of hops that data must travel between your computer and the destination server or host is one important factor to consider. The higher the number of hops, the more time it will take to reach your destination. If your response times are increased at a specific hop in the result, it may be a sign that the device at this hop is experiencing some form of congestion or queuing.
The traceroute output will typically display a list of each network hop’s IP addresses and hostnames along the path and a set of round-trip times. The hostnames can help you identify which router or network device is responsible for each hop, and the round-trip times can help you pinpoint areas of the network that are causing latency.
You should also pay attention to whether DNS resolution is enabled, as this will allow you to use the command output to resolve the hostnames to their corresponding IP addresses. This will speed up the traceroute process and make it easier to identify problems with the network.
It’s also worth noting that the number of hops displayed in a traceroute result can vary slightly depending on how the network is configured, such as Equal-Cost Multi-Path routing (ECMP). This means you will see different paths for each traceroute command, which does not necessarily indicate an error with the current network configuration.