How to Decode the Hidden Information from Traceroute DNS

In the vast landscape of the internet, data travels across networks, hopping from one server to another, often traversing great distances. Have you ever wondered about the journey your data takes when you send a request to a website or connect to a server? Traceroute DNS is a powerful tool that unveils the mysterious path taken by your data, revealing the intermediate nodes it encounters along the way. But did you know that beyond its surface-level insights, Traceroute DNS holds hidden information waiting to be deciphered?

In this blog post, we will dive into the fascinating world of Traceroute DNS and explore how it can provide more than just a route map. We will uncover the secrets concealed within the wealth of data it produces and learn how to decode this information to gain deeper insights into network connectivity and performance.

Traceroute DNS, also known as traceroute or tracert, is a command-line tool used to trace the path taken by data packets from your computer to a target host or IP address. By sending a series of ICMP (Internet Control Message Protocol) or UDP (User Datagram Protocol) packets with gradually increasing time-to-live (TTL) values, Traceroute DNS elicits responses from each intermediate router it encounters, effectively mapping the path taken.

However, beyond its primary purpose of mapping the route, Traceroute DNS reveals valuable information about network latency, round-trip times, and even potential network bottlenecks. By understanding how to interpret the data it provides, you can uncover hidden insights that empower you to troubleshoot network issues, optimize performance, and enhance your overall internet experience.

When you initiate a traceroute DNS command, your device sends out a series of packets with increasing time-to-live (TTL) values. The TTL value represents the maximum number of hops (routers) the packet can travel before it is discarded. As each packet reaches a router along the path, the TTL value is decremented, and the router sends back an ICMP (Internet Control Message Protocol) packet indicating its presence.

By receiving these ICMP packets from each router, Traceroute DNS builds a list or "trace" of the network nodes that the data encounters. This trace is often presented as a numbered list, showing the IP addresses or hostnames of the intermediate routers and the round-trip time (RTT) it took for the packet to reach each router and return to your device.

Here's a step-by-step explanation of how Traceroute DNS functions:

1. TTL Initialization: When you initiate a Traceroute DNS command, your device selects an initial TTL value for the packets. The TTL represents the maximum number of hops (routers) a packet can traverse before being discarded.
2. Packet Transmission: Traceroute DNS sends out a series of packets, each with an incremental TTL value. The first packet has a TTL of 1, the second has a TTL of 2, and so on.
3. TTL Expiration and ICMP Time Exceeded: As each packet travels through the network, it encounters routers along the path. When a packet's TTL value reaches zero while passing through a router, the router discards the packet and sends an ICMP Time Exceeded message back to your device.
4. ICMP Echo Request: When your device receives the ICMP Time Exceeded message, it knows that the packet has reached the router. It then sends an ICMP Echo Request message to the router, requesting a response. This response is necessary to collect information about the round-trip time (RTT) and the router's IP address.
5. Response Collection: The router receives the ICMP Echo Request and generates an ICMP Echo Reply message, which contains the router's IP address and is sent back to your device.
6. Traceroute Output: Your device records the IP address of the router, calculates the RTT, and displays this information in the Traceroute DNS output. It then sends the next packet with an incremented TTL to continue the process.
7. Completion: The Traceroute DNS process repeats until the packets reach the target destination or a specified maximum number of hops is reached. The output displays the entire route, including the IP addresses or hostnames of each intermediate router and the corresponding RTT.

By progressively increasing the TTL value with each packet, Traceroute DNS effectively maps the path taken by data packets, allowing you to visualize the sequence of routers and measure the round-trip times along the way. This information is invaluable for diagnosing network connectivity issues, identifying latency problems, and gaining insights into the performance of your network connection.

Traceroute DNS is particularly useful for diagnosing network connectivity issues, identifying latency or delays, and locating potential bottlenecks in the network path. It allows you to pinpoint specific routers or network segments causing problems and helps network administrators or users troubleshoot network performance problems.

In addition to its diagnostic capabilities, Traceroute DNS provides valuable insights into the underlying infrastructure of the internet. It reveals the sequence of routers that handle your data, showcasing the interconnected nature of the global network and the intricate paths data can take to reach its destination.

The information inside the hostname DNS is of course very useful for the network engineers working at ISPs. However, it can also help IT administrators inside enterprises understand why the latency is changing between a source and a destination.

For example, a fiber cut between Montreal and New York City will force the traffic to go through Toronto and will add 10ms. With a traceroute history, it’s then easy to identify route changes and explain latency changes.

Obkio Vision: Visual Traceroute Tool

Leverage Obkio Vision to monitor, detect and troubleshoot network problems with visual traceroutes, IP route historic and graphical network maps.

Try for Free

Among the network metrics that are packet loss and latency, the hostname of the traceroute hops can give a lot of information about the real path from the source to the destination.

There are four pieces of information that can be decoded from the hostnames:

1. ISP operating the router
2. The city where the router is located
3. The router name, number, or unique id
4. The ingress interface or port by which the traceroute packet came on the router

Ready to take your network performance monitoring to the next level? Try Obkio's network performance monitoring tool today and unlock the full potential of Traceroute DNS!

With Obkio, you can seamlessly integrate Traceroute DNS into your network monitoring strategy. Gain real-time insights into your network's performance, troubleshoot connectivity issues, and optimize your infrastructure like never before. Obkio's intuitive interface and powerful analytics provide a comprehensive view of your network, empowering you to make informed decisions and ensure optimal network performance.

Let’s see that with a theoretical example. The traceroute below is between a desktop and a website. The desktop is connected to a switch that is connected to a router (Hop #1). The switch is not present in the traceroute because it’s not a Layer 3 device (learn more at What is a Traceroute and How Do Traceroutes Work?).

+---+-------------------------------+-------+-----+------+------+------+------+
| # | Hostname                      | Loss% | Snt | Last |  Avg | Best | Wrst |
+---+-------------------------------+-------+-----+------+------+------+------+
| 1 | 192.168.1.1                   |   0.0 |   1 |  1.0 |  1.0 |  1.0 |  1.0 |
| 2 | port1.router1.cityA.ispA.com  |   0.0 |   1 |  9.0 |  9.0 |  9.0 |  9.0 |
| 3 | port4.router2.cityB.ispA.com  |   0.0 |   1 | 30.0 | 30.0 | 30.0 | 30.0 |
| 4 | port7.router3.cityB.ispA.com  |   0.0 |   1 | 31.0 | 31.0 | 31.0 | 31.0 |
| 5 | website.com                   |   0.0 |   1 | 32.0 | 32.0 | 32.0 | 32.0 |
+---+-------------------------------+-------+-----+------+------+------+------+
Figure A - Theoretical example

The fun part is the hops #2, #3 and #4. It’s clear with the hostname that they are all three routers of ISP A. Hop #2 is in city A and hop #3 and #4 in City B. The ports and router numbers are clearly identified in the hostnames.

This one was easy. It’s not always the case with real traceroutes but here are some examples and tricks on how to decode the information.

The International Air Transport Association (IATA) has a list of codes to identify a lot of major cities and airports around the world. Some international ISPs use the IATA codes to identify the city where the routers are located.

+---+-------------------------------+-------+-----+------+------+------+------+
| # | Hostname                      | Loss% | Snt | Last |  Avg | Best | Wrst |
+---+-------------------------------+-------+-----+------+------+------+------+
| 1 | 100ge11-1.core2.yyc1.he.net   |   0.0 |   1 |  1.0 |  1.0 |  1.0 |  1.0 |
| 2 | 100ge14-2.core1.yvr1.he.net   |   0.0 |   1 | 31.0 | 31.0 | 31.0 | 31.0 |
| 3 | 100ge10-2.core1.sea1.he.net   |   0.0 |   1 | 30.0 | 30.0 | 30.0 | 30.0 |
| 4 | 100ge15-1.core1.pdx1.he.net   |   0.0 |   1 | 31.0 | 31.0 | 31.0 | 31.0 |
| 5 | 100ge15-2.core1.pao1.he.net   |   0.0 |   1 | 32.0 | 32.0 | 32.0 | 32.0 |
| 6 | 100ge14-1.core3.fmt1.he.net   |   0.0 |   1 | 32.0 | 32.0 | 32.0 | 32.0 |
| 7 | he.net                        |   0.0 |   1 | 32.0 | 32.0 | 32.0 | 32.0 |
+---+-------------------------------+-------+-----+------+------+------+------+
Figure B - HE.net Example

The example above is a traceroute from a Hurricane Electric customer in Calgary, Canada to the he.net website. The hostnames are very clear, the ISP is always he.net. The port number and the router names are very clear but to be honest, it’s not very useful except for the he.net network engineer.

The cities in that example are IATA City Codes:

• YYC: Calgary, AB, Canada
• YVR: Vancouver, BC, Canada
• SEA: Seattle, WA, USA
• PDX: Portland, OR, USA
• PAO: Palo Alto, CA, USA
• FMT: Unknown... But it’s for Fremont, CA, USA where HE.net is hosted.

The rule is not perfect as we can see with FMT, but it makes a traceroute so beautiful that it's okay to cheat if there is no code.

So you might have realized that the latencies are quite weird in that traceroute. It doesn’t mean there is network congestion or any network issue, it’s because of MPLS ICMP Tunnelling, which we will cover in another article.

+---+----------------------------------------------+-------+-----+------+------+------+------+
| # | Hostname                                     | Loss% | Snt | Last |  Avg | Best | Wrst |
+---+----------------------------------------------+-------+-----+------+------+------+------+
| 1 | gi0-4-1-19.99.agr21.ymq01.atlas.cogentco.com |   0.0 |   1 |  0.5 |  0.5 |  0.5 |  0.5 |
| 2 | te0-0-0-6.ccr22.ymq01.atlas.cogentco.com     |   0.0 |   1 |  0.8 |  0.8 |  0.8 |  0.8 |
| 3 | be2104.ccr22.alb02.atlas.cogentco.com        |   0.0 |   1 |  5.7 |  5.7 |  5.7 |  5.7 |
| 4 | be2916.ccr42.jfk02.atlas.cogentco.com        |   0.0 |   1 |  8.8 |  8.8 |  8.8 |  8.8 |
| 5 | be2807.ccr42.dca01.atlas.cogentco.com        |   0.0 |   1 | 14.5 | 14.5 | 14.5 | 14.5 |
| 6 | be3524.rcr22.iad03.atlas.cogentco.com        |   0.0 |   1 | 15.3 | 15.3 | 15.3 | 15.3 |
| 7 | be2952.agr11.iad03.atlas.cogentco.com        |   0.0 |   1 | 15.4 | 15.4 | 15.4 | 15.4 |
| 8 | cogentco.com                                 |   0.0 |   1 | 14.9 | 14.9 | 14.9 | 14.9 |
+---+----------------------------------------------+-------+-----+------+------+------+------+
Figure C - cogentco.com Example

The example above is a traceroute from a Cogent Communications customer in Montreal, Canada to the cogentco.com website. Instead of using city codes, they are using airport codes.

• YMQ: Montreal, QC, Canada
• ALB: Albary, NY, USA
• JFK: New York, NY, USA
• DCA: Washington, DC, USA
• IAD: Washington, DC, USA

In this traceroute, the last hop responded a bit faster than the previous one. This is not unusual since the routers CPUs sending the ICMP TTL Exceeded message are not very fast compared to the server CPU, and the server takes less time to generate the response than the router. But remember, what matters is the time it takes to route the packet, and routers are very good at this.

+---+-------------------------------------+-------+-----+-------+-------+-------+-------+
| # | Hostname                            | Loss% | Snt |  Last |   Avg |  Best |  Wrst |
+---+-------------------------------------+-------+-----+-------+-------+-------+-------+
| 1 | ae-7.r02.mdrdsp03.es.bb.gin.ntt.net |   0.0 |   1 |   0.5 |   0.5 |   0.5 |   0.5 |
| 2 | ae-6.r24.londen12.uk.bb.gin.ntt.net |   0.0 |   1 |  25.0 |  25.0 |  25.0 |  25.0 |
| 3 | ae-7.r20.nwrknj03.us.bb.gin.ntt.net |   0.0 |   1 |  95.0 |  95.0 |  95.0 |  95.0 |
| 4 | ae-5.r22.sttlwa01.us.bb.gin.ntt.net |   0.0 |   1 | 151.0 | 151.0 | 151.0 | 151.0 |
| 5 | ae-3.r30.tokyjp05.jp.bb.gin.ntt.net |   0.0 |   1 | 234.0 | 234.0 | 234.0 | 234.0 |
| 6 | ae-2.r03.tokyjp05.jp.bb.gin.ntt.net |   0.0 |   1 | 240.0 | 240.0 | 240.0 | 240.0 |
| 7 | ae-0.ocn.tokyjp05.jp.bb.gin.ntt.net |   0.0 |   1 | 241.0 | 241.0 | 241.0 | 241.0 |
| 8 | ???                                 |   0.0 |   1 |     - |     - |     - |     - |
+---+-------------------------------------+-------+-----+-------+-------+-------+-------+
Figure D - NTT Example

The network engineers at NTT were very explicit in the hostnames. They added the country and a 6 letter string to identify the city and the state. The routers are located at:

• Madrid, Spain
• London, England
• Newark, NJ, USA
• Seattle, WS, USA
• Tokyo, Japan

When assessing the latency between two cities, it can be challenging to determine whether the observed latency is within an acceptable range or if there are underlying issues affecting network performance. However, a useful rule of thumb called the "100km / 1ms rule" can provide a helpful approximation.

The rule suggests that for every 100 kilometers of distance between two points in a fiber optic network, the expected latency would be around 1 millisecond. While this rule is not flawless and can vary depending on various factors such as network congestion and routing paths, it offers a practical estimation of latency.

By applying the 100km / 1ms rule, you can gauge whether the observed latency aligns with the expected values for the geographical distance between two cities. If the latency significantly exceeds the rule's approximation, it may indicate potential issues affecting network performance, such as congestion, suboptimal routing, or equipment problems.

Furthermore, the 100km / 1ms rule can also assist in identifying the location of a specific router when the router hostname is not easily recognizable. By considering the latency observed from your current location to that router, you can make an educated guess about the city or geographical region where the router is located.

While it's important to note that the rule is not a definitive metric for assessing network performance, it serves as a practical guideline to evaluate latency within fiber optic networks. Combined with other performance monitoring techniques, it can provide valuable insights into network connectivity and help identify potential areas for improvement or investigation.

How to Measure Latency

Learn how to measure latency with Obkio’s Network & Latency Monitoring tool. Check for latency in your network & analyze latency measurements.

Learn more

Latency, the delay experienced in network communication, is a critical factor that affects the performance of data transmission. Traceroute DNS, with its ability to measure round-trip times (RTT) at each hop along the network path, provides valuable insights into latency.

By analyzing these RTT values, Traceroute DNS helps identify latency spikes, pinpoint sources of delay, troubleshoot issues, and optimize network performance.

Here's how Traceroute DNS helps understand and analyze latency:

1. Latency Measurement: Traceroute DNS measures latency, the by measuring round-trip time (RTT) for each hop along the network path. RTT represents the time it takes for a packet to travel from your device to a specific router and back. By collecting RTT measurements at each hop, Traceroute DNS provides valuable data on latency.
2. Identifying Latency Spikes: Traceroute DNS highlights significant changes in RTT values between successive hops. A sudden increase in RTT indicates potential latency spikes, which may indicate congestion, network bottlenecks, or other issues affecting the performance of that specific hop.
3. Pinpointing Latency Sources: Traceroute DNS reveals the IP addresses or hostnames of the routers encountered during the network path traversal. By analyzing the RTT values and identifying specific hops with consistently high latency, you can pinpoint the routers or network segments contributing to latency issues.
4. Troubleshooting Latency Problems: With the information provided by Traceroute DNS, you can troubleshoot and diagnose latency problems more effectively. By identifying specific routers or network segments with high latency, you can focus your efforts on optimizing or resolving issues at those points, such as adjusting routing paths, addressing congestion, or improving network infrastructure.
5. Optimization and Performance Improvement: Traceroute DNS empowers you to optimize network performance by addressing latency-related issues. By identifying the key sources of latency, you can implement measures to improve the efficiency of the network path, enhance connectivity, and reduce unnecessary delays.

Traceroute DNS is a versatile and essential tool for network troubleshooting and optimization. By tracing the path of data packets from your device to a target destination, it helps identify connectivity issues, diagnose network latency, locate bottlenecks, and gain insights into the underlying structure of the Internet.

Here are some key benefits:

• Network Troubleshooting: When you encounter network connectivity issues or slow network performance, Traceroute DNS helps identify the specific routers or network segments causing the problem. By tracing the path of your data packets, you can pinpoint where the connection is failing or experiencing delays, enabling you to focus your network troubleshooting efforts on the right areas.
• Diagnosing Network Latency: Traceroute DNS provides round-trip time (RTT) measurements for each hop along the path. This information helps identify network latency, which is crucial for understanding and addressing performance issues. By analyzing the RTT values, you can identify routers or network links with high latency and take appropriate measures to optimize your network connection.
• Locating Network Bottlenecks: Traceroute DNS allows you to identify potential bottlenecks in your network infrastructure. If you notice significant delays or high RTT values at specific hops, it indicates congestion or performance issues at those points. This knowledge enables you to optimize your network configuration, upgrade or reroute connections, and ensure efficient data transmission.
• Understanding Network Topology: Traceroute DNS provides insights into the structure and organization of the internet. By revealing the sequence of routers that your data traverses, it showcases the interconnected nature of the global network. This knowledge is beneficial for network administrators, researchers, and anyone interested in understanding the underlying infrastructure of the internet.
• Verifying Routing Paths: Traceroute DNS helps validate the routing paths taken by your data. It allows you to confirm that your packets are following the intended path and not being redirected or taking detours. This is especially important for network security, as unexpected routing paths can indicate potential malicious activity or unauthorized network access.
• Benchmarking Network Performance: By running Traceroute DNS tests to various destinations, you can establish baselines for network performance. This enables you to compare different routes and service providers, evaluate the efficiency of your network connections, and make informed decisions about optimizing your network infrastructure.

In summary, Traceroute DNS is a powerful tool that aids in troubleshooting network issues, diagnosing latency problems, identifying bottlenecks, understanding network topology, verifying routing paths, and benchmarking network performance. Its insights empower network administrators, IT professionals, and users to optimize their networks, improve connectivity, and enhance overall internet experience.

Traceroute DNS is not merely a tool for mapping the path of data packets; it holds a wealth of hidden information waiting to be decoded. Throughout this blog post, we have explored the invaluable benefits of Traceroute DNS and how it empowers network administrators, IT professionals, and users to optimize network performance, diagnose connectivity issues, and gain a deeper understanding of the intricate network infrastructure.

By leveraging Traceroute DNS, you can identify network latency, locate bottlenecks, validate routing paths, and benchmark network efficiency. This tool enables you to troubleshoot network problems effectively, make informed decisions about network configuration, and enhance the overall internet experience for yourself or your organization.

To fully harness the power of Traceroute DNS, consider incorporating Obkio's network performance monitoring tool into your network management strategy.

With Obkio, you can seamlessly integrate Traceroute DNS and gain real-time insights into your network's performance, ensuring optimal connectivity and efficient data transmission.

Take the next step in network performance monitoring and unlock the hidden information within Traceroute DNS. Embrace the power of Traceroute DNS and Obkio to transform your network management practices, optimize performance, and navigate the complex landscape of the internet with confidence.

Don't let network issues go unnoticed or unresolved.

Take control of your network with Obkio's network performance monitoring tool and harness the hidden information within Traceroute DNS. Sign up now and experience the difference Obkio can make in your network management journey.

• 14-day free trial of all premium features
• Deploy in just 10 minutes
• Monitor performance in all key network locations
• Measure real-time network metrics
• Identify and troubleshoot live network problems

The next articles will cover how to analyze traceroutes and which information is the most important.

We hope you enjoyed this article in the traceroute series.

• What is a Traceroute and How Do Traceroutes Work?
• How To Identify Network Issues with Traceroutes?
• Why Do Some Routers Drop Packets or Have High Latencies?
• Decode the Hidden Information from Traceroute DNS (this article)
• Internet Traffic is Asymmetrical - How to Catch Reverse Path Issues?
• How to Share a Traceroute With an ISP NOC?
• Impact of Load Balancing or Multiple Paths on Traceroutes
• MPLS Networks, TTL Propagation and ICMP Tunneling

The Complete Guide to Traceroutes

Download Obkio's free Complete Guide to Traceroutes to learn to identify network problems with the most popular network troubleshooting tool for IT Pros.

Download Now