Question about tracert.

[Raynian]

I am trying to understand how tracert works and have some trouble, any guidance is appreciated =D

I understand that an ICMP error message "ICMP Time Exceeded" is sent back to the sender machine whenever the TTL value is 0 or 1.

But why don't we see the error message each time the trace packet passes through each router ?

As tracert works by receiving the "ICMP Time Exceeded" error message each time it passes through a router.

 

[TanyaC]

We don't see an error message because the behaviour of traceroute is that the time exceeded indicates to it that it has not reached the destination IP address.

There are two possible responses to the datagram being sent; Host unreachable and Time Exceeded. The first is a fatal error that stops the trace, the second simply means we have not reached the destination yet.

Tracert typically will follow a route for up to 30 hops, at which point it gives up (unreachable). However, some implementations of tracert allow you to specify the number of hops.

Here is a snippet from InetDaemon.com..

If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an Internet Control Message Protocol (ICMP)Time-Exceeded message to the sender. Traceroute determines the IP address of the first hop by examining the source address field of the ICMP Time-Exceeded message.
To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the Time-Exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host or until the maximum TTL is reached or the destniation host replies with an ICMP Echo Reply.