Explaining Traceroute

• Traceroute is a small application that lets you see where your data is routed through. It is a diagnostic utility for network administrators, and an interesting way to learn how the Internet really works. In order to understand what you see in traceroute, you must first understand how the Internet works in the first place. The Internet is a loose network of routers that forward data to each other through a route, and finally, the packet will eventually reach the destination. Traceroute digs in on this route and determines where exactly the packet heads through. This is a very useful utility for network administrators to troubleshoot networks by identifying the path taken by a packet to reach its destination host.
  
  

How Traceroute Gathers its Information

• Normally, when you send a packet across the Internet, the points it goes through usually do not send back any response. The only thing that gives any response is the destination, if it has any to give. Traceroute gets information about routers a packet went through by increasing the TTL (time to live) of every packet sent across the network. This inherently makes each waypoint along the way return an ICMP (Internet Control Message Protocol) packet, alerting the recipient of its presence. In layman's terms, traceroute sends a modified packet that indirectly instructs each waypoint to send back a response.
  
  

Traceroute's Security Issues

• Hackers can gather essential information about a network's infrastructure using traceroute. As has been discussed above, traceroute gathers information about each and every waypoint before a packet reaches its destination. This can be related to a flight with multiple stops. For a corporation, this can be intrusive, since information can be gained about their network infrastructure by doing a traceroute to a particular destination within their network, essentially gaining the upper hand when trying to intrude in their network. With this in mind, many networks have implemented a way for their infrastructure not to be shown in a traceroute request. This is done in a very simple way, by negating the TTL and simply not returning an ICMP packet to the sender.