Now you may have noticed a tool called traceroute which is an interesting way of looking at how traffic works across your network at Layer 3. If you type traceroute and some ip address then you will see a series of ip addresses which are the hops that the traffic goes through to reach that destination. So the question I'm raising here is: how does that work? How does it even know what routers have gone through? Well if you've not seen this before then you won't know the answer. This is a very clever piece of engineering. There is a field in the IPv4 header called the time to live TTL and that is a counter which is decremented every time that the packet, the datagram, is forwarded from one router to another router. So it will start at some value, let's say 64. and then it after going one hop it will be decremented to 63 and then it will decrement to 62. If it ever decrements to zero then a router will throw the packet away and this was designed as a safety feature. The safety feature is so that packets can't just keep going round and round your network if there's a misconfiguration in your network. So the forwarding tables are set up with a loop you don't want, datagrams going round and round forever. So the TTL decrements and if it reaches zero the datagram is thrown away and that stops your network collapsing due to these packets. However, traceroute uses this in a really interesting way: what it does is it sends a test packet to your destination with a TTL of 1. So it will go from your starting point to the first router, the first route will decrement from one to zero and then it will throw the packet away because the TTL has reached zero but as well as doing that it should send back an ICMP error message back to the origin saying "sorry, I couldn't deliver your packet, time to live exceeded." So in receiving this response you've learned the ip address of the router that's one hop away from you. So then you can send the packet with a time to live of 2. It will go to the first router be decremented to one go to the second router and then that router will throw the packet away and send back an ICMP error saying "Sorry, I couldn't deliver your packet, time to live exceeded" and the source address of that error message tells you the ip address of that router and so on. By sending these test probes with increasing TTLs you can actually learn the topology of your network, which routers your packet is tracing through. So it's a useful debugging tool.

© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.