Identifying Routers with tracert
If your network includes multiple routers, you can use the tracert (pronounced as "trace route") command to trace the path a packet takes through these routers. The tracert command can verify the path throughout an entire network.
tracert is similar to ping in that it checks connectivity. However, it also includes information on all routers between your computer and the destination computer.
Although the primary troubleshooting value of tracert is on internal networks, you can also use it to view the routing path to computers on the Internet.
The tracert command also uses ICMP. Although this normally works well, the results may be incomplete if ICMP is blocked.
Listing-5 shows the results of the tracert command from a home computer to the computer hosting the Microsoft.com website. Notice in a few of the lines that the result indicates that the request timed out. This isn't because the path is faulty but instead because ICMP is being blocked.
Attackers often use ICMP to launch attacks. It's common for Internet systems to block ICMP traffic to protect against these attacks.
Listing-5: Output of tracert commandC:\>tracert microsoft.com
Tracing route to microsoft.com [207.46.232.182]
over a maximum of 30 hops:
1 3 ms <1 ms <1 ms [192.168.1.1]
2 10 ms 8 ms 9 ms 10.10.184.1
3 11 ms 11 ms 10 ms 68.10.14.77
4 14 ms 10 ms 13 ms 172.22.48.33
5 12 ms 9 ms 9 ms nrfkdsrj02-ge600.0.rd.hr.cox.net
[68.10.14.17]
6 16 ms 16 ms 54 ms ashbbprj02-ae4.0.rd.as.cox.net
[68.1.1.232]
7 15 ms 15 ms 17 ms 209.240.199.130
8 17 ms 22 ms 18 ms ge-3-1-0-0.blu-64c-1a.ntwk.msn.net
[207.46.47.29]
9 16 ms 17 ms 19 ms ge-7-0-0-0.blu-64c-1b.ntwk.msn.net
[207.46.43.113]
10 41 ms 78 ms 40 ms xe-0-1-3-0.ch1-16c-1b.ntwk.msn.net
[207.46.46.151]
11 44 ms 40 ms 51 ms xe-7-0-0-0.ch1-16c-1a.ntwk.msn.net
[207.46.43.146]
12 93 ms 90 ms 92 ms ge-3-1-0-0.co1-64c-1a.ntwk.msn.net
[207.46.46.118]
13 95 ms 93 ms 93 ms ge-2-3-0-0.co1-64c-1b.ntwk.msn.net
[207.46.35.151]
14 95 ms 95 ms 94 ms ge-0-1-0-0.wst-64cb-1b.ntwk.msn.net
[207.46.43.185]
15 93 ms 94 ms 94 ms ge-4-3-0-0.tuk-64cb-1b.ntwk.msn.net
[207.46.46.162]
16 142 ms 96 ms 97 ms ten2-4.tuk-76c-1b.ntwk.msn.net
[207.46.46.23]
17 107 ms 181 ms 101 ms po16.tuk-65ns-mcs-1b.ntwk.msn.net
[207.46.35.142]
18 * * * Request timed out.
...
Trace complete.
The tracert command identifies round-trip times for each hop listed in milliseconds (ms). Three different times are listed as tracert sends three separate probe requests by default for each hop. Shorter times indicate the trip is faster than longer times. You can see that the round-trips take progressively longer for each additional hop. Those routers are farther away.
The round-trip times are recalculated for each hop. Additional packets are sent for each router to calculate the round-trip time for that router.
It also lists the name of the routers when it can identify them. If tracert can't identify the name of the router, it just lists the IP address.
If the path between two systems is not working and tracert fails to complete, you can use the output to determine the location of the problem. For example, Listing-5 showed that the path was successful up to the 17th step. This indicates the 17th router from the source computer. The problem could be one of three things:
- The routing information on the 17th router is incorrect. This will prevent the data from reaching the 18th router.
- The 18th router is faulty.
- ICMP is blocked on the 18th router.
Table-4 lists some additional switches you can use with the tracert command.
Table-4 Some tracert switchesSwitch Comments -4 tracert -4 microsoft.com Forces the use of an IPv4 address instead of IPv6. -6 tracert -6 microsoft.com Forces the use of an IPv6 address instead of IPv4. -d tracert -d microsoft.com Suppresses IP address to name resolution. Only the IP addresses are listed.