Tracert and Ping
Background Training: TCP/IP
Tracert (and ping) are both command line utilities that are built into Windows and most other computer systems. The basic tracert command syntax is "tracert hostname". For example, "tracert visualroute.com" and the output might look like:
Here is a similar trace route as it would appear in a VisualRoute table:
Discover the path: Tracert sends an ICMP echo packet, but it takes advantage of the fact that most Internet routers will send back an ICMP 'TTL expired in transit' message if the TTL field is ever decremented to zero by a router. Using this knowledge, we can discover the path taken by IP Packets.
How tracert works:Tracert sends out an ICMP echo packet to the named host, but with a TTL of 1; then with a TTL of 2; then with a TTL of 3 and so on. Tracert will then get 'TTL expired in transit' message back from routers until the desination host computer finally is reached and it responds with the standard ICMP 'echo reply' packet.
Try it yourself: To see this in action yourself, just use the '-i' option of ping, which allows you to set the TTL value of outgoing ping packets. For example, "ping -i 1 visualroute.com" and you will see "Reply from 22.214.171.124: TTL expired in transit" (where the router IP Address returned, 126.96.36.199, is specific to your Internet connection). Then again with "ping -i 2 visualroute.com", and get back "Reply from 188.8.131.52: TTL expired in transit", and so on. Finally at "ping -i 13 visualroute.com" you get "Reply from 184.108.40.206: bytes=32 time=198ms TTL=245", which is the destination host responding.
Round Trip Times: Each millisecond (ms) time in the table is the round-trip time that it took (to send the ICMP packet and to get the ICMP reply packet). The faster (smaller) the times the better. ms times of 0 mean that the reply was faster than the computers timer of 10 milliseconds, so the time is actually somewhere between 0 and 10 milliseconds.
Packet Loss: Packet loss kills throughput. So, having no packet loss is critical to having a connection to the Internet that responds well. A slower connection with zero packet loss can easily outperform a faster connection with some packet loss. Also, packet loss on the last hop, the desination, is what is most important. Sometimes routers in-between will not send ICMP "TTL expired in transit" messages, causing what looks to be high packet loss at a particular hop, but all it means is that the particular router is not responding to ICMP echo.
The basic ping command syntax is "ping hostname". For example, "ping visualroute.com" and the output might look like:
TTL reply: Ping sends an ICMP echo packet (with the TTL value set to the host default) to the host listed on the ping command line. Ping expects back an ICMP 'echo reply' packet. The millisecond time displayed is the round trip time. The "TTL=245" above says that the incoming ICMP echo reply packet has its TTL field set to 245. Because this value was decremented by one at each hop on the way back, this tells us that visualroute.com is probably setting the initial TTL value to 255.
TTL Expired in Transit: Most computers today initialize the TTL value of outgoing IP Packets 128 or higher. If you ever see a reply above with a "TTL=5" (or some other low TTL number) this tells you that the computer being pinged should most likely have its default TTL value increased. Otherwise, anyone trying to communicate with the computer that is at a hop count higher than the TTL will not be able to communicate with the computer. For example, if you are 40 hops away from www.xyz.com, and www.xyz.com sets TTL fields in IP packets that it sends out to 32, the IP Packets will not reach you. They will 'expire in transmit' before they reach you.
Discover your TTL: To discover the default TTL value of your computer, 'ping localhost' and examine the TTL reply value. For older Windows machines this value is 32. For newer Windows machines, this value is 128.