Traceroute

What is traceroute?
Traceroute is a network diagnostic tool used to trace the path of a packet on an IP network from source to destination. Traceroute also records the time each packet takes on its route to its destination.

Traceroute uses ICMP (Internet Control Message Protocol) echo packets with variable TTL (Time to Live) values. The response time of each hop is calculated. To guarantee accuracy, each jump is queried multiple times (usually three times) in order to better measure the response of that particular jump.
Traceroute exists as part of most operating systems in one form or another. A traceroute is also known as a tracert. Traceroute is a very useful tool for determining the response delays and routing loops that exist in a network path across packet switched nodes. It also helps to find points of failure on the way to a specific destination.

Traceroute uses ICMP messages and TTL fields in the IP header for its operations and transmits packets with small TTL values. Each hop that handles the packet subtracts "1" from the packet's TTL. When the TTL reaches zero, the packet has expired and is discarded. Traceroute depends on common router practice of sending an ICMP timeout message back to the sender when the TTL expires.

By using small TTL values that expire quickly, traceroute forces routers along the normal transmission path of a packet to generate these ICMP messages. These messages also identify the router. A TTL value of "1" should generate a message from the first router; A TTL value of "2" generates a message from the second and so on.

Traceroute uses the following command syntax, with or without optional parameters: tracert [-d] [-h maximum_hops] [-j hostlist] [-w timeout] destination_name
The traceroute output first shows the IP address of the destination and the maximum number of hops it will go through before the trace stops. Next, it will display the name, IP address, and response time taken on each jump.

1 is the internet gateway of the network from which the trace will be started

2 is usually the gateway of the Internet Service Provider (ISP)

3 is usually the hop name and IP address of the backbone ISP

This tracking leads to the target domain and lists all the hops on the way. It's worth noting that the trace may show different results if subsequent traces are run against the same destination. This can indicate a change in the network path due to a link failure or a hop failure. If a hop does not respond (request timed out), an asterisk (*) is displayed and another hop is attempted. If successful, the response time of the hop is displayed. Finally the target domain is displayed with its IP address.