Tracert

Tracert is a route tracing utility that display a list of near-side router interfaces of the routers along the path between a source host and a destination. Tracert uses the IP TTL field in ICMP Echo Requests and ICMP Time Exceeded messages to determine the path from a source to a destination through an IP internetwork.

Note that some routers silently drop packets with expired TTLs. These routers do not appear in the Tracert display.

How Tracert Works

Tracert works by incrementing the TTL value by one for each ICMP Echo Request it sends, then waiting for an ICMP Time Exceeded message. The TTL values of the Tracert packets start with an initial value of one; the TTL of each trace after the first is incremented by one. A packet sent out by Tracert travels one hop further on each successive trip.

Figure 3.2 shows how Tracert works. Tracert is being run on Host A, and is following the path to Host B. At Router 1 and Router 2, the TTL is decremented to 0, causing each router to send an ICMP Time Exceeded message. When the ICMP Echo Request is received at Host B, it sends back an ICMP Echo Reply.

Figure 3.2 Step-by-Step Operation of the Tracert Tool

Note

The UNIX version of Tracert performs the same function as the Windows version except that the IP payload is a UDP packet addressed to a (presumably) unknown destination UDP port. Intermediate routers send back ICMP Time Expired messages recording the route taken and the final destination sends back an ICMP Destination Unreachable-Port Unreachable message.

The UDP payload from the UNIX Tracert tool can cross routers and firewalls, whereas the ICMP Echo Request messages might not due to ICMP filtering. To avoid this problem in Windows 2000, turn off packet filtering as described in "Check Packet Filtering" later in this chapter, then try using Tracert again.

Top of page

Interpreting Tracert Results

Following is an example of a tracert command output. Beginning with the first entry, it shows each router discovered on the way to the final destination in sequence; after the first two routers the trace reaches its destination. The lines of the tracert display have been indented for readability.

C:\tracert reskit

Tracing route to reskit.dns.microsoft.com [172.16.180.113] over a maximum of 30 hops:

1 <10>

ms28-rtr1-f10-00.network.microsoft.com [157.59.0.1]

2 <10>

ms42-rtr1-a5-00-1.network.microsoft.com [157.54.247.98]

1 <10>

RESKIT [172.16.180.113]

In cases where a trace either fails to reach its destination or no ICMP Time Exceeded messages are returned, the output shows an asterisk in each of the three time columns where the round-trip time is usually displayed, and shows a "Request timed out." or other error message in the right-hand column where a domain name or IP address is usually displayed.

Table 3.12 lists Tracert switches.

Table 3.12 Tracert Switches

Switch	Function
-d	Specifies to not resolve addresses of router interfaces to host names.
-h < maximum_hops >	Specifies a maximum number of hops to reach destination.
-j < host_list >	Specifies loose source routing along the host-list.
-w < timeout >	Indicates how many milliseconds to wait for each reply.