4

Traceroute is an application to trace the path from A to B. (A is your location and B is the server you want to trace).

The basic algorithm is as follows:

send UDP with TTL = 1
Server A1 received, and return ICMP packet to A because TTL is expired.
--> know first machine between. For example A1.

send UDP with TTL = 2
Server A1 received, and send this UDP to server A2.
Server A2 received, and return ICMP packet to A because TTL is expired
--> know second machine between. In this example is A2.

Do it until to B. we can track down: A -> A1 -> A2 -> ... ->B

I have a doubt that makes me skeptical as to whether this algorithm works correctly.

Since routing tables are updated frequently, during a traceroute, say for TTL=3, the probe packet follows the path A1->A2->A3->A4.

Now, when we send a probe packet with TTL=4, is it guaranteed to pass through A1, A2, A3, and A4 and then onto A5?

If not? Does the final output represent a valid path?

Hope someone can shed some light on this issue. Thanks a lot in advance!

Pratik Kapoor
  • 107
  • 5

1 Answers1

4

Now, when we send a probe packet with TTL=4, is it guaranteed to pass through A1, A2, A3, and A4 and then onto A5?

No, it's not guaranteed, but it is likely in most real-world cases. In cases in which the TTL=4 packet doesn't travel along the same path as the previous packets, you'd end up with a result that doesn't accurately reflect the actual network topology:

enter image description here

You can reduce the chance of this happening by using Paris Traceroute, which is a traceroute implementation that fiddles with various IP & ICMP header fields (article) to increase the chances for all packets to travel along the same path.

Malt
  • 28,965
  • 9
  • 65
  • 105
  • Thanks for that information, really helpful. I had one follow-up question. How often do routers update their forwarding tables? Is there a standard? Or a likely answer? Basically, I wanted to analyse how often will my traceroute data be erronous since that will determine if I will need to pivot my implementation to paris-traceroute, as this adds complexity and I'm not sure if it can be done on Android. Thanks again. – Pratik Kapoor Mar 20 '17 at 07:20
  • Changes to forwarding tables not because routers suddenly decide to change them but due to changes in the network. Such changes happen happen once in a while, especially *between* different networks. However, these types of anomalies are much more likely to happen due to load balancers, not network changes. I suggest you take a look at the paris traceroute whitepaper, even at a glance. Implementing paris traceroute isn't that hard in practice if accuracy is important. – Malt Mar 20 '17 at 08:45
  • According to: https://superuser.com/questions/1139144/why-does-traceroute-shows-multiple-paths-but-mtr-does-not#:~:text=does%20not%20have%20a%20port%20number%20and%20therefore%20its%20probes%20will%20all%20follow%20the%20same%20path traceroute in ICMP-mode (-I) is preferable to the default UDP-mode, as the UDP implementation changes ports per probe, resulting in different paths. Not sure Paris Traceroute is needed for this. – Ehud Banunu Aug 25 '22 at 18:14