How Does Traceroute Work?
When you issue the traceroute command, the utility starts sending of a packet (Internet Control Message Protocol), including in the packet a “time to live” (TTL) time limit value. It is designed to be exceeded by the first router that receives it, which will send back a “time exceeded” message.
This enables traceroute to calculate the time needed for the hop to the first router. It then resends the packet increasing the time limit value so that it will reach the second router in the path to the destination point, which returns another “time exceeded” message, and so on.
Traceroute finds out when the packet has reached the destination point by including a port number that is outside of the normal range. When it is received, a “port unreachable” message is returned, enabling traceroute to determine the time length of the final hop. Each hop is measured three times by the most of the trace-route programs (* indicates a hop that exceeded some limit). Traceroute may take up to a few minutes to complete