What is "tracert", some examples and how it is helpful to IT admin?

Date: THURSDAY, 4th July 2024 

Time: 5:30 PM to 6:00 PM

Topic 7:  tracert (traceroute for non-windows systems)

Software: Windows Command Line, Linux/Chromebook Crosh Shell

Tracert (traceroute on non-Windows systems) is a command-line utility that helps IT administrators diagnose network connectivity issues and understand the path data takes across a network. Here's an overview of tracert and how it's useful for IT admins:

What is tracert:

Tracert is a diagnostic tool that traces the route taken by data packets from a source computer to a destination IP address or domain. It shows each "hop" along the network path and provides timing information for each hop.

How tracert works:

1. It sends a series of Internet Control Message Protocol (ICMP) echo packets to the destination.

2. Each packet has an increasing Time To Live (TTL) value, starting from 1.

3. When a router receives a packet with TTL=1, it drops the packet and sends back an ICMP Time Exceeded message.

4. This process continues, incrementing the TTL, until the destination is reached or the maximum number of hops is hit.

Examples of using tracert:

1. Basic usage: 

   tracert www.example.com

2. Limit the number of hops:

   tracert -h 10 www.example.com

3. Prevent DNS lookups (faster):

   tracert -d www.example.com

How tracert is helpful for IT admins:

1. Identifying network bottlenecks: By showing the time taken at each hop, admins can pinpoint where delays are occurring.

2. Troubleshooting connectivity issues: If a connection fails, tracert can show where in the network path the failure occurs.

3. Verifying network paths: Admins can confirm that traffic is taking the expected route through the network.

4. Detecting routing problems: Unusual paths or loops in the route can indicate misconfigured routers.

5. Assessing network performance: By comparing tracert results over time, admins can monitor changes in network performance.

6. Diagnosing ISP issues: Tracert can help determine if a problem lies within the local network or with the ISP.

7. Understanding network topology: It provides insight into the structure of the network and the number of hops to reach a destination.

8. Validating network changes: After making changes to network configuration, admins can use tracert to verify the impact.

By using tracert, IT administrators can gain valuable insights into network behaviour, troubleshoot issues more effectively, and maintain optimal network performance.

Based on the search results, here are some tracert examples with details on how to interpret them:

1. Basic tracert command:

tracert www.example.com

This command traces the route to the specified domain or IP address.

2. Limiting the number of hops:

tracert -h 10 www.example.com

This limits the trace to a maximum of 10 hops, useful for focusing on the initial part of the route.

3. Preventing DNS lookups:

tracert -d www.example.com

The -d option prevents tracert from resolving IP addresses to hostnames, which can speed up the process.

4. Saving output to a file:

tracert 72.47.244.140 > c:\temp\tracert.txt

This command saves the tracert output to a text file for later analysis.

Interpreting tracert output:

A typical tracert output includes the following information:

1. Hop number

2. Three round-trip times (in milliseconds)

3. IP address or hostname of each hop

Example output:

1  <1 ms    <1 ms    <1 ms  192.168.1.1

2  20 ms    19 ms    19 ms  10.0.0.1

3  25 ms    25 ms    24 ms  172.16.1.1

4  30 ms    29 ms    30 ms  example.com [93.184.216.34]

In this example:

- Hop 1 is likely the local router

- Hops 2 and 3 are intermediate routers

- Hop 4 is the final destination

Each line shows the time taken for three separate ICMP packets to reach that hop and return.

Identifying issues:

1. High latency: If you see a significant increase in response time between two hops, it may indicate network congestion or a problematic link.

2. Timeouts: Represented by asterisks (*), they indicate that the hop didn't respond within the timeout period.

3. Routing loops: If you see the same IP addresses repeating, it may indicate a routing loop problem.

Example of a routing loop:

8  65 ms    65 ms    65 ms  64.125.31.49

9  65 ms    65 ms    72 ms  216.200.159.42

10 64 ms    65 ms    64 ms  64.125.31.49

11 66 ms    66 ms    66 ms  216.200.159.42

In this case, the packet is bouncing between two routers, indicating a routing issue.

By analysing tracert output, IT admins can identify network bottlenecks, connectivity issues, and routing problems, making it an invaluable tool for network troubleshooting and performance optimisation.