In this article, we will talk about how traceroute works using ICMP. ICMP stands for Internet Control Message Protocol. This is used in the network layer just above the IP because ICMP messages are also encapsulated in IP packets. Now let’s have a look at how traceroute works using ICMP.
When you type traceroute destination IP address. Traceroute create packets putting some UDP data in an IP packet with increasing TTL’s destined to the destination. Now let’s see what basic protocol principles it uses to decide the path. TTL stands for time to live.
When a TTL is equal to 0, Packet is dropped and an ICMP error message is sent back to the source with IP of the current node and Type 0 Code 11 which means TTL expired.
Whenever a host is reachable and port is not reachable Type 3 Code 3 is send which means port not reachable.
Every hop packet passes its TTL is decreased by 1.
You can see all the list of ICMP codes and types here.
Now let’s see what happens.
Step 1: First Packet is sent with some UDP data in an IP packet with a TTL of 1.
Step 2: The packet reaches the next hop, TTL is now 0. An ICMP error message with Type 0 Code 11 is sent back with the host IP. When traceroute gets this packet it understands that this is the next hop.
Step 3: Now the second packet is created with TTL 2.
Step 4: Packet reaches first hop, TTL = 1, packet moves to next hop , TTL = 0. ICMP error message is sent back. Traceroute understands that this is the second hop.
Step5: Again a packet is created with TTL = 3 and the same process keeps happening.
Step N-1: Now say we reach the N-1 hops. In case of the last hop instead of sending a type 0 Code 11 error message. Type 3 Code 3 packet is sent which means that the port is not reachable. This is done deliberately by sending a UDP packet to some arbitrary port which ensures it doesn’t accept the connection on that port.
This was basically how traceroute uses ICMP error message to trace the route between two hosts.
If you like the article please share and subscribe.