The traceroute command is an important analysis tool and enables the diagnosis of network problems and the analysis of network structures. It can be used to determine whether a packet is taking the expected route to its destination or is arriving there via detours. If network nodes fail, the result of traceroute shows which alternative routes a packet takes to the target computer.
How tracerout works: Traceroute (called "tracert" in Windows) provides further important information on runtimes. This makes it possible to determine whether the runtimes between the individual hops are within the normal range or whether individual network sections cause problems due to long runtimes. Possible bandwidth bottlenecks or overloads can be limited with this command. Also network loops that lead to an IP packet not arriving at the recipient can be diagnosed with tracert. In order to determine the path of an IP data packet from the source computer to the target computer, the tracert command sends several ICMP echo request commands with the IP target address. The first ICMP packet has a TTL (Time to Live) of one. Since each intermediate node (router) in IP networks must reduce the TTL field by one when forwarding IP packets, the first router counts the TTL down to zero and then discards the data packet. At the same time, it sends the ICMP message "time to live exceeded in transit" to the sender's computer with its own IP address as sender. The sender computer receives the reply, records the time until the reply arrives and sends the next ICMP echo request packet. This has a TTL of two. On its way to the destination, it reaches the second router. This router counts the TTL down to zero again, discards it and sends "time to live exceeded in transit" to the source computer.