When a Client A wants to communicate with Server B, it does so by breaking its communication into standard Internet Protocol (IP) packets to be transmitted to Server B using the Transmission Control Protocol (TCP). Client A will typically begin by first asking a Domain Name Service (DNS) server for the IP address of Server B. Client A will then send IP packets containing Server B's IP address to its network gateway, which is often a router.
Multiple routers are normally used to route IP packets from the client to its desired server and back to the client. Router1 uses its forwarding tables to send the IP packets to Router 2. Router 2 and each subsequent router will use its own forwarding tables until the IP packet reaches Server B. Traceroute uses the Time-to-Live (TTL) field of each IP packet. The Transmission Control Protocol (TCP) requires each router to decrement the TTL by 1. If the TTL then becomes 0, the router tells the client that transmission of the IP packet was terminated. Traceroute begins by sending three IP packets with TTL equal to 1. Router 1 will then decrement each of these three IP packets and send three IP packets back to the client with a "Time to live exceeded" message. The client will record the round trip times for all three IP packets with TTL equal to 1. The client will then send three IP packets with TTL equal to 2. Router 1 will decrement TTL to one and forward the three IP packets to Router 2, which will decrement each of these three IP packets to zero and send the client three "TTL exceeded" messages. This will continue for each router between the client and the server. If all goes perfectly, the client will then have identified all the routers between the client and the server, with the typical transmission times for three round trips for each router. Unfortunately, firewalls, blocking, and network failures may result in fewer than three round trips for some routers. Lower priority routing for Traceroute packets may also result in round-trip times greater than that for standard traffic. Who pays for all these routers? The client's ISP pays for connecting the client to every website on the internet. The website's ISP pays for connecting the website to all its clients. There are three tiers of IP Transit Providers. Tier 1 networks have global reach and peer with other Tier 1 networks, at zero cost. There are only about a dozen Tier 1 networks, including AT&T (11 on CAIDAAS, a rank of importance on the internet, U.S.), T-Mobile (22, U.S.), Verizon (21, U.S.), Lumen (1, U.S.), Arelion (2, Sweden), NTT Communications (4, GTT, Japan), Telecom Italia Sparkle (5, Italy), GTT (7, U.S.), Tata Communications (8, India), and Zavo Group (9, U.S.) Tier 2 networks have to pay Tier 1 networks for IP transit and peer whenever they can with other Tier 2 networks at very low cost or no cost. Most last mile access network providers are Tier 2 networks. Examples are Vodafone (buys IP Transit from Level 3, Telia, et al, Comcast (buys from Tata and NTT America) and British Telecom (buys from Telia et al. Tier 2 networks include some data center providers such as Amazon. Tier 3 networks are small, local providers with regional or national reach and buy IP transit from Tier 1 only when Tier 2 transit isn't available. Traceroute can be used for diagnostic purposes. It shows how network traffic flows through routers. Each router's average route trip time and any missing round-trips helps identifies poor performance and bottlenecks. Traceroute can also be used to show network vulnerabilities. Companies frequently block or filter traceroute packets because attackers can use traceroute to map a target's network. Below is the traceroute generated when a St. Louis Charter Spectrum subscriber entered the domain name "nepal.gov.np" using "traceroute" in Network Tools. To understand traceroutes, it helps to know the three parts of a domain name (see line 2 below): the top-level domain (TLD), e.g. "dot net"; the second-level domain, e.g. "trouble-free", and the subdomain, e.g. "switch74", . Domain names go from general to more specific when read from right to left. The top-level domain and the second-level domain, "trouble-free.net", specify the primary/root domain, which is usually a website that is identified by an IP address. Typing "trouble-free.net" in the client will display the home page of "interserver.net". Entering "trouble-free.net" in the BlueWorldData pull-down menu "Network Tools" "DNS" shows a server IP address of "64.20.34.50". Entering "switch74.trouble-free.net" in the "Network Tools" "DNS" also shows a server IP address of "64.20.34.50" because server 64.20.34.50 will accept switch74.trouble-free.net packets and route them to switch 74. The IP address (66.45.224.2) that follows the subdomain name "switch74.trouble-free.net" in line 2 below is the IP address for switch74.trouble-free.net, but it can't be addressed directly for security reasons. Entering "http://66.45.224.2" in the chrome browser displays "66.45.224.2 refused to connect". Typing IP address "66.45.224.2" in the "Network Tools" "DNS" shows in-addr.arpa name = switch74.trouble.free.net." The traceroute information for IP/domain nepal.gov.np
Line 1 "208.73.203.193 (208.73.203.193) 0.324 ms 0.318 ms 0.333 ms"
Line 2 "66.45.224.1 (66.45.224.1) 0.575 ms switch74.trouble-free.net (66.45.224.2) 0.535 ms 0.813 ms"
Line 6 "* * be2273.ccr41.jfk02.atlas.cogentco.com (154.54.83.205) 1.141 ms"
Line 8 "* be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222) 24.015 ms *"
Line 12 "128.177.139.185.IDIA-241663-ZYO.zip.zayo.com (128.177.139.185) 60.605 ms be2932.ccr42.lax01.atlas.cogentco.com (154.54.45.162) 72.181 ms 72.230 ms"
Line 14 shows that the a dramatic increase in elapsed time |