ICMP ping vs trace route - dejanu/linux GitHub Wiki

Internet Control Message

The ping command uses the Internet Control Message Protocol (ICMP) and verifies Layer 3 connectivity.
The trace route returns a list of hops as a packet is routed through a network.

1. ICMP type 8 Request - used for Ping
2. ICMP type 0 Reply - used for Ping reply
3. ICMP type 11 TTL expired in transit

Ping: ICMP8 + ICMP0 (TTL and round trip time)
Traceroute: ICMP8 + ICMP0 + ICMP type 11 (expired in traffic) is based on TTL field

Tracert:
Step 1 Send ICMP8 with TTL=1 first time, then you increment the TTL
Step2 First router drops the packet and responds with ICMP11 (with his IP as source IP)=> take the source IP and put it in the cmd output
Step 3 Send ICMP8 with TTL=2

IP NEXT HOP = ip ul de pe interfata routerului vecin .

Unlike ping, the first IPv4 packet has a TTL value of one. Routers decrement TTL values by one before forwarding the packet. If the TTL value is decremented to zero, the router will drop the packet and return an ICMP Time Exceeded message back to the source. Each time the source of the traceroute receives an ICMP Time Exceeded message, it displays the source IPv4 address of the ICMP Time Exceeded message, increments the TTL by one and sends another ICMP Echo Request.