External Publication
Visit Post

Package Tracking Was Traceroute All Along — Understanding Route Tracing Through TTL

DEV Community [Unofficial] June 17, 2026
Source

Introduction

While studying CompTIA Network+, I couldn't fully understand how Traceroute and Tracert work.

I could memorize them as the tool for tracing routes, but I couldn't comprehend how they work and what TTL is. Once I grasped them through familiar example, everything clicked, so I decided to write it down.

What is Traceroute / Tracert

They are tools for investigating which route data takes to reach its destination.

The difference between Traceroute and Tracert

Traceroute → Command used in Linux・macOS
Tracert    → Command used in Windows

They work the same way, but the name differs depending on the OS.

Why are they needed

Problem:
Cannot connect to network or delayed
Cannot identify where the problem is occurring

Solution:
Check each route data pass through
 → Identify the router that delay or lost happens

Familiar example

If a package sent from Tokyo to Osaka never arrives:

Check tracking number:
 Warehouse in Tokyo → Center in Nagoya(The good is stopped at this facility)
 → Find that the center in Nagoya has problem

Similarly, with Traceroute:
 PC → Router A → Router B(Delay happens)→ Destination
 → Find that Router B has problem

Practical output image

$ traceroute google.com

1  192.168.1.1      1ms   1ms   1ms   ← Home Router
2  10.0.0.1         5ms   5ms   5ms   ← ISP Router
3  172.16.0.1      10ms  10ms  10ms   ← Intermediate Router
4  8.8.8.8         20ms  20ms  20ms   ← Destination

How to check the output

Number(1・2・3)= Hop count(Passed Router number)
IP Address     = The address of the Router
ms            = Response time(3 times measuring)

* * *         = No response(Timeout)
 → Settings that the Router do not response
 → Or any problem happens

What is TTL

TTL stands for Time To Live

In a nutshell, remaining number that packets can pass routes

Why TTL is needed

Problem:
If packets cannot reach their destinations and keep flowing in network
 ↓
Traffic congestion happens in network
 ↓
Harm for other communication

Solution:
Attach a limit to each packet
 → Discard the packet after it passes through a set number of routers
 → Avoid network congestion

How TTL works

Packets generate:
TTL = 128(In case of Windows)
TTL = 64(In case of Linux/mac)
 ↓
Each time a packet passes through a router, the TTL decreases by one
 ↓
When TTL reaches 0, the packet is discarded
 ↓
「Time Exceeded」message is sent to senders

Understanding with diagram

PC(Sent at TTL=3)
 ↓
Router A Passed
(TTL decreases from 3 to 2 )
 ↓
Router B Passed
(TTL decreases from 2 to 1 )
 ↓
Router C
(TTL decreases from 1 to 0 )
 → The packet is discarded
 → Send 「Time Exceeded」message to PC
 ↓
Don't reach them to the destination

The mechanism Traceroute / Tracert use TTL

This is the core concept of this article

Step 1:TTL = 1
 ↓
TTL becomes 0 at Router A
 ↓
Router A sends「Time Exceeded」message
 ↓
1 hop identified : Router A(192.168.1.1)

Step 2:TTL = 2
 ↓
Pass Router A (TTL 2→1)
TTL becomes 0 at Router B
 ↓
Router B sends「Time Exceeded」message
 ↓
Find 2hop = Router B(10.0.0.1)

Step 3:TTL = 3
 ↓
Pass Router A・B
TTL becomes 0 at Router C
 ↓
Router C sends 「Time Exceeded」message
 ↓
Find 3hop = Router C(172.16.0.1)

Step 4:TTL = 4
 ↓
Arrive at destination
 ↓
「Arrived」message is sent
 ↓
Traceroute complete

Understanding with courier service

Imagine a rule applied to every package:
①The count decreases by one at each relay center
②When the count reaches 0, a status message is sent back


TTL = 1:Goods stop at the warehouse in Tokyo
 → Message「Arrived at warehouse at Tokyo」

TTL = 2:Tokyo → Nagoya
Goods stop at the relay center in Nagoya
 →Message「Arrived at the relay center in Nagoya」

TTL = 3:Tokyo → Nagoya → Osaka
Goods stop at the relay center in Osaka
 →Message「Arrived at the relay center in Osaka」

TTL = 4:Tokyo → Nagoya → Osaka → Destination
Goods arrive to the destination
 → Message「Delivery completed」

Which layer does Traceroute / Tracert operate on?

Layer 7  Application       │
Layer 6  Presentation      │
Layer 5  Session           │  Not applicable for Traceroute
Layer 4  Transport         │
─────────────────────────────
Layer 3  Network      ← Traceroute works
─────────────────────────────
Layer 2  Data Link         │
Layer 1  Physical          │



The reason why Traceroute / Tracert work at Layer 3:
 → Tracking routes with IP address
 → TTL is included in IP header

Summary

Traceroute/Tracert :Tool for investigating the route data pass through

The difference of OS:
 Linux/mac → traceroute
 Windows   → tracert

TTL :The remaining number of routers a packet can pass through
 → Decreases by 1 each time it passes through a router
 → 0 means the packet is discarded and send Time Exceeded message

Traceroute / Tracert use TTL:
 Send data with TTL
 → Each router send「Time Exceeded」message, which can verify how many hop counted
 → Can comprehend routes overall

OSI refecence model:Layer 3(Network Layer)

Use case:
 → Not connect to network
 → Lag and delay with communication
 → Identify which router is causing the problem

Conclusion

I used to struggle with memorizing these tools over and over. Once I understood the mechanism through a familiar example, everything naturally fell into the place.

TTL = Expiration time packets have(Remaining hop count router can pass )
 → Count down by 1 as router pass
 → 0 means responding「Time Exceeded」message

Traceroute / Tracert = Tool for identifying where the issue occurs by increasing TTL number from 1

Discussion in the ATmosphere

Loading comments...