Traceroute, ICMP, UDP and TCP
Solution 1
ICMP messages are still IP packets. Traceroute uses ECHO Request (ICMP type 8) by default on Unix and Windows with incrementing TTLs, logging the sending address of each Time Exceeded (Type 11) message it gets back from the hops along the route. (cf: http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol)
This is the 'correct' way to do it, but you can run in to problems if some of the systems on the route drop or differently handle ICMP traffic.
Some implementations of traceroute (on Linux for example) have -T and -U options for switching to TCP/UDP instead (and a following -p argument to specify a destination port). This is useful for more closely simulating real traffic, which might get you a more accurate result in some cases.
I suspect the OSX implementation defaults to UDP for that reason, but I can't say for sure. You might find a switch to use ICMP instead.
Solution 2
Windows Tracert typically uses ICMP with a specific TTL. The TTL is increased each hop until it reaches the destination. This means the first hop has a TTL (max-hop-count) of 1. Even though the packet doesn't reach the target, the first hop drops it and sends a TIME EXCEEDED message back, this message is used to map the route, and the next ICMP is sent with a TTL of 2.
OSX and Linux use UDP by default with increasing port numbers, but both can be configured to use TCP, UDP, ICMP, or GRE packets.
Related videos on Youtube
04 : 09
04 : 40
09 : 24
09 : 42
13 : 40
user171131
Updated on September 18, 2022Comments
-
user171131 over 1 year
When does traceroute use TCP? Or does it just use UDP, also why does Traceroute use UDP on MacX and ICMP on windows? I thought ICMP just contains a message saying what caused the error of a packet and does not transmit segments like TCP and UDP.
-
user171131 about 11 yearsbut why UDP, why is it not TCP default, is there a specific reason, is it because UDP is faster?
-
David Houde about 11 yearsTCP is a connection-oriented protocol. tcp trace doesnt establish a connection, and doesnt make use of a full handshake, error checking, windowing, or any of the other TCP features....so yeah, probably done for speed. -
symcbean about 11 yearsTraceroute (any implementation) uses a constrined TTL and decrements it for each hop until it either reaches it's destination or TTL=0.
-
David Houde about 11 yearsI'm a little confused, does it not start with a low TTL, working up to the destination?
-
Jim L. over 4 yearsTraceroute uses ECHO Request (ICMP type 8) by default on Unix and Windows... not correct. Windows does use ICMP by default, but Unix does not. Not sure there is a single blanket statement for traceroute on the whole spectrum of Unices. Most Linux distros I have seen do not even include traceroute. BSD and OS X default to UDP. -
Jim L. over 4 years@DavidHoude's answer is the correct one.
