traceroute
Traceroute is a command-line network diagnostic tool that traces the path, or route, taken by data packets across an IP network from a source device to a destination, while also measuring the round-trip time for each hop along the way.[1] It is widely used for troubleshooting connectivity problems, identifying network bottlenecks, and analyzing performance issues in both local and wide-area networks.[2] Available on most operating systems—such as traceroute on Unix-like systems including Linux and macOS, and tracert on Windows— it provides essential insights into how data travels through routers and gateways.[3]
The tool was originally developed in 1987 by Van Jacobson, based on a suggestion by Steve Deering, for Unix-based systems, building on early networking research to help diagnose routing paths in the early Internet.[4] Jacobson's implementation relied on the Internet Control Message Protocol (ICMP), as defined in RFC 792, to elicit responses from intermediate devices. Over time, traceroute has evolved into a standard utility, with formal specifications like RFC 1393 proposing an IP option-based variant for more efficient tracing, though the TTL-based method remains predominant.[5]
Traceroute functions by sending a series of probe packets—typically three per hop—with successively increasing Time-to-Live (TTL) values in the IP header, starting from 1.[6] Each router that receives a packet decrements the TTL; when it reaches zero, the router discards the packet and returns an ICMP "Time Exceeded" message containing its own IP address and the time of receipt, allowing the sender to map the path and calculate latency.[7] This process repeats until the packet reaches the destination (which responds with an ICMP "Echo Reply" or similar) or a predefined maximum hop limit, usually 30, is exceeded.[8] Implementations vary in probe types: the classic Unix version uses UDP packets to high-numbered ports, Windows employs ICMP Echo Requests, and modern extensions support TCP SYN packets for probing through firewalls that block UDP or ICMP.[8]
Despite its utility, traceroute has limitations, such as asymmetric routing where return paths differ from outbound ones, leading to incomplete traces, and potential blocking by security devices that filter ICMP responses.[6] Advanced tools and extensions, like Paris traceroute, address some inaccuracies by preserving packet state across hops.[9] Overall, traceroute remains a foundational tool for network administrators and remains integral to Internet diagnostics.[2]
Fundamentals
Definition and Purpose
Traceroute is a computer network diagnostic command that displays the route and transit delays of packets across an IP network.[10][11] It traces the path taken by data packets from a source host to a destination host, listing the intermediate devices encountered along the way.[3]
The primary purpose of traceroute is to identify the intermediate routers, referred to as hops, between the source and destination, enabling the diagnosis of connectivity issues, the measurement of latency at each hop, and the mapping of network topology.[11][7] By revealing the sequence of routers and associated delays, it helps network administrators pinpoint bottlenecks, packet loss, or routing anomalies that could affect performance.[3]
Unlike the ping utility, which only tests reachability and round-trip time to a destination, traceroute reveals the full path traversed by packets across multiple hops; it functions at the IP layer and does not depend on responses from the final destination host.[11][7] This tool is commonly used for troubleshooting network problems, optimizing performance, and conducting network mapping in both enterprise and internet environments.[10][3]
Operating Principle
Traceroute operates by leveraging the Time-to-Live (TTL) field in the IP header to systematically discover intermediate routers along the path to a destination host. The TTL, an 8-bit field initialized by the sender, is decremented by at least one by each router that forwards the packet; upon reaching zero, the router discards the packet and returns an ICMP Time Exceeded message (Type 11, Code 0) to the source, including the router's IP address. This core mechanism exploits the TTL's primary role in preventing infinite loops in IP networks by bounding the lifetime of datagrams that cannot reach their destination.[12][13]
The process begins with the source host sending probe packets—typically three per hop for reliability—with TTL values starting at 1 and incrementing sequentially. For the nth hop, a packet is dispatched with TTL = n; it travels through the first n-1 routers, which decrement the TTL without issue, but expires at the nth router, eliciting the ICMP response. The round-trip time (RTT) for that hop is then calculated from the response. This iteration continues up to a default maximum of 30 hops or until the destination receives the packet and responds with an ICMP Echo Reply (for ICMP probes) or Port Unreachable (for UDP probes), signaling path completion. If no response arrives within a timeout (usually 5 seconds per probe), the hop is marked as unreachable.[13][3][14]
Probe packet types vary by implementation to ensure elicit responses while minimizing interference. In Unix-like systems, UDP datagrams are used, targeted at high destination ports starting at 33434 and incrementing (e.g., up to 33534 for 30 hops with three probes each) to uniquely identify probes and avoid established services, prompting an ICMP Destination Unreachable (Type 3, Code 3) from the final host. Windows tracert employs ICMP Echo Requests (Type 8) instead, which solicit Time Exceeded from intermediates and Echo Replies (Type 0) from the destination, aligning with ICMP's diagnostic nature. An optional TCP-based variant sends SYN packets (to a specified port, often 80 or 443) to mimic connection initiations, enabling traversal of firewalls that drop UDP or ICMP; intermediates respond with ICMP Time Exceeded, while the destination may send TCP RST or SYN-ACK.[15][3][16]
The hop discovery relies on precise timing for RTT measurement. For a probe to the nth hop, the source records the send timestamp t_{\text{send}}, sets TTL = n, and upon receiving the ICMP Time Exceeded, computes:
t = t_{\text{current}} - t_{\text{send}}
where t_{\text{current}} is the receipt timestamp, yielding the propagation delay in milliseconds. Multiple probes per TTL average these values for accuracy, assuming symmetric paths and no significant queueing variations. This TTL-increment strategy, rooted in IP fundamentals, assumes routers conform to standard forwarding behavior without asymmetric routing complications.[13][12]
History and Development
Origins
Traceroute was developed in 1987 by Van Jacobson while working at Lawrence Berkeley National Laboratory (LBL), a key research institution involved in early Internet protocol advancements.[17] The tool emerged from Jacobson's efforts to create a diagnostic utility for network troubleshooting, implemented as a command-line program for Unix-like systems.[18]
The primary inspiration for traceroute came from a suggestion by Steve Deering, a researcher at Stanford University, who proposed extending route-tracing concepts to reveal intermediate network hops.[19] This built upon foundational ideas in packet diagnostics, particularly Mike Muuss's 1983 ping utility, which used ICMP echo requests for basic reachability testing at the U.S. Army Ballistic Research Laboratory; traceroute adapted and expanded this ICMP-based approach to map full paths by incrementing the IP time-to-live (TTL) field.[20] The initial implementation specifically targeted debugging routing anomalies in the evolving networks succeeding ARPANET, such as unexpected packet loops or delays in multi-hop transmissions.[18]
Traceroute's first public release occurred in 1988, distributed through Unix implementations like those from Berkeley Software Distribution (BSD), making it accessible to academic and research users.[21] The name "traceroute" was chosen to reflect its function of tracing the sequential route packets take across routers, akin to following a path in a tracing exercise.[19] This development coincided with the NSFNET era, where the National Science Foundation's 1985 backbone connected universities and supercomputing centers, amplifying Internet complexity and the demand for tools providing visibility into opaque routing paths.[22]
Evolution and Standardization
Traceroute was first integrated into BSD Unix distributions in 1988, following its development by Van Jacobson at Lawrence Berkeley Laboratory, enabling widespread use in Unix-like systems for network diagnostics.[5] In 1993, Microsoft introduced the tracert utility as part of Windows NT 3.1, adapting the tool to use ICMP Echo Request packets instead of UDP to trace paths in Windows environments.[3]
The Internet Engineering Task Force (IETF) formalized the traceroute methodology in RFC 1393 in January 1993, specifying an IP option and ICMP message type to replicate the original program's functionality while reducing extraneous traffic.[5] For IPv6, traceroute adaptations rely on ICMPv6 extensions defined in RFC 4443 (2006), which provide the necessary error messaging for path tracing without a dedicated traceroute RFC, addressing the protocol's distinct header structure and addressing scheme.
Key evolutions in the 2000s included the introduction of traceroute6 for IPv6 support, as the original Unix implementation lacked native IPv6 compatibility until enhancements in the Linux kernel 2.6 series released in December 2003, which improved IPv6 stack integration and routing diagnostics. In 2006, the Paris-traceroute tool emerged to handle load-balanced paths by controlling packet flow identifiers, mitigating artifacts like false loops in traditional traceroute outputs caused by per-flow load balancing in modern routers.[23] Post-2020, macOS versions following Big Sur (released in 2020) shifted to terminal-based traceroute but saw increased adoption of graphical third-party tools like WhatRoute for visual path representation, enhancing accessibility for non-expert users.[24]
As of 2025, traceroute has seen enhancements tailored to software-defined networking (SDN) environments, such as SDN-traceroute tools that trace paths without altering network behavior by leveraging controller APIs for precise forwarding inspection. In cloud contexts, integrations like Amazon VPC Reachability Analyzer enable simulated traceroute-like path analysis across virtual private clouds, identifying reachability issues in complex hybrid setups without live packet injection.[25] Recent IETF updates to traceroute standards include RFC 8487 (2018) for multicast traceroute and RFC 9703 (2024) for LSP Ping/Traceroute in Segment Routing, extending capabilities for specialized network environments. Community-developed tools, including those compliant with 3GPP specifications for 5G core networks, now support mobile path tracing to handle dynamic slicing and edge routing in 5G deployments.[26][27]
Implementations and Variants
Traditional Implementations
Traditional implementations of traceroute primarily refer to the core command-line tools available in major operating systems, utilizing the IP time-to-live (TTL) mechanism to map network paths.[14][3]
In Unix-like systems such as Linux, macOS, and BSD variants, the traceroute utility defaults to sending User Datagram Protocol (UDP) probe packets with destination ports starting at 33434 and incrementing sequentially for each probe.[14][28] Options like -I enable ICMP ECHO probes, while -T switches to TCP SYN packets, typically targeting port 80, allowing flexibility for probing through firewalls that block UDP.[14] By default, it sends three probes per hop, with a per-probe timeout of 5 seconds, and displays output including the hop number, resolved hostname or IP address, and round-trip times (RTTs) for each probe, using asterisks (*) for timeouts.[14][28]
The Windows implementation, known as tracert, exclusively uses Internet Control Message Protocol (ICMP) Echo Request packets for probing, differing from the UDP default in Unix systems.[3] Integrated into the Command Prompt since Windows 95, it limits traces to a maximum of 30 hops by default and sends three probes per hop with a 4-second timeout, formatting output as hop number, three RTT values in milliseconds, and the IP address or hostname.[3][29]
Common behaviors across these implementations include sending three probes per hop to compute average RTTs and using asterisks to denote unresponsive probes, with output structured to show sequential hops for path visualization.[14][3]
ReactOS, an open-source operating system designed for binary compatibility with Windows, mirrors the tracert implementation to ensure seamless execution of Windows networking tools.[30][31]
Embedded systems like Cisco IOS include a native traceroute command for path tracing.[32]
Modern and Specialized Variants
With the advent of IPv6, traceroute implementations adapted to the protocol's specifications, replacing the IPv4 Time to Live (TTL) field with the 8-bit Hop Limit field in the IPv6 header, which is decremented by each forwarding node and triggers an ICMPv6 Time Exceeded message (type 3, code 0) when it reaches zero, enabling path discovery similar to IPv4.[33][34] Tools such as traceroute6 (on Unix-like systems) and tracert -6 (on Windows) utilize UDP probes or ICMPv6 Echo Requests combined with this mechanism to map IPv6 routes.[35] These variants became available following the IPv6 specification in RFC 2460 (1998), with Linux integrating native IPv6 traceroute support through the iputils package by around 2003 as kernel and user-space tools matured.[33][36]
Hybrid tools emerged to provide more dynamic diagnostics by merging traceroute's path tracing with ping's continuous monitoring. MTR (My Traceroute), originally developed in 1997, continuously sends ICMP or UDP probes to each hop while displaying real-time statistics on latency, packet loss, and jitter, offering a scrolling view of network performance over time.[37] Similarly, PathPing, introduced in Windows 2000, performs an initial traceroute to identify the path and then pings each hop for an extended period (default 25 rounds) to measure cumulative packet loss and latency at intermediate points, helping isolate intermittent issues.[38][39]
Specialized variants address limitations in modern networks, such as load balancing. Paris traceroute, introduced in 2008, mitigates anomalies caused by Equal-Cost Multi-Path (ECMP) routing by maintaining a constant flow identifier (e.g., via fixed UDP ports or ICMP checksum adjustments) across probes, ensuring consistent per-hop forwarding behavior and accurate path reconstruction even with up to 16 interfaces per hop.[40] Graphical tools enhance visualization; for instance, VisualRoute provides a GUI-based traceroute with integrated path mapping on geographic maps, displaying response times and potential bottlenecks.[41] In cloud environments as of 2025, Azure Network Watcher's Connection Monitor incorporates traceroute-like functionality, enabling hop-by-hop analysis of latency and packet loss in virtual networks (VNets) through automated tests that simulate paths between sources and destinations.[42] However, the lack of a universal standard across these variants contributes to interoperability challenges in hybrid IPv4/IPv6 networks, where differing probe mechanisms and ICMP handling can lead to incomplete paths or inconsistent results during transitions.[43][44]
Usage and Interpretation
Command Syntax and Options
The basic syntax for the traceroute command on Unix-like systems, such as Linux, is traceroute [options] host [packet_len], where host specifies the destination hostname or IP address, and packet_len optionally sets the packet size in bytes (defaulting to 60 for IPv4 UDP probes).[10] On Windows systems, the equivalent command is tracert [/d] [/h <maximum_hops>] [/j <hostlist>] [/w <timeout>] [/R] [/S <srcaddr>] [/4] [/6] <target_name>, which primarily uses ICMP Echo Requests to trace the path to the target.[3]
Key options on Unix-like systems allow customization of probe behavior and limits. The -m max_ttl option sets the maximum number of hops (TTL value), for example, -m 16 limits the trace to 16 hops to prevent excessive routing (default is 30).[10] The -q nqueries flag specifies the number of probe packets sent per hop, such as -q 1 for a single probe to reduce network load (default is 3).[10] The -w waittime option defines the timeout for responses in seconds, e.g., -w 3 sets a 3-second wait per probe (default is 5 seconds).[10] Probe types can be selected with -I for ICMP Echo, -T for TCP SYN packets (default to port 80), or -U for UDP to port 53; the overall default is UDP to high-numbered ports starting from 33434.[10] In contrast, the Windows tracert command lacks direct equivalents for TCP or UDP probes, relying on ICMP by default, though it supports -w <timeout> for millisecond timeouts (default 4000 ms) and -h <maximum_hops> for hop limits (default 30).[3]
For IPv6 tracing on Unix-like systems, the command is traceroute6 [options] target [datalen], which uses IPv6 hop limits and ICMPv6 messages instead of IPv4 TTL and ICMP.[45] On Windows, IPv6 is invoked with tracert -6 <target_name>, forcing IPv6 routing without additional syntax changes.[3] Options like -I for ICMP6 or -T for TCP are available in traceroute6, similar to the IPv4 version.[45]
An example command on Unix-like systems is traceroute -w 3 -q 1 -m 16 example.com, which traces the route to example.com with a 3-second timeout, single probe per hop, and a 16-hop limit.[10] On Windows, a comparable invocation is tracert -w 3000 -h 16 example.com, adjusting the timeout to milliseconds.[3] The default probe count of 3 applies to both platforms, sending three packets per hop unless overridden.[10][3]
Common errors include "unknown host" if the destination cannot be resolved via DNS, and permission denied on Unix-like systems when raw sockets are required for certain probe types (e.g., ICMP), often necessitating superuser privileges.[10] On Windows, timeouts are indicated by asterisks in output if no response is received within the wait period.[3]
Analyzing Traceroute Output
The output of a traceroute command typically consists of one line per hop along the network path, displaying the hop number, the resolved hostname (if available) or IP address of the router, and the round-trip times (RTTs) for multiple probes sent to that hop, usually three by default.[10] For instance, a line might appear as "1 router.local (192.168.1.1) 1.234 ms 1.456 ms 1.789 ms", where the RTT values indicate the time taken for each probe packet to return, measured in milliseconds.[10] If hostname resolution via reverse DNS is enabled (the default behavior), the tool queries DNS to provide human-readable names for IP addresses, aiding in router identification; this can be disabled with the -n option for faster execution.[10]
Common indicators in the output include asterisks () for probes that receive no response within the timeout period, often due to packet loss or firewalls blocking replies, which appear as " * *" for all three probes on a hop.[46] Increasing or highly variable RTT values across hops or probes can signal latency buildup or bottlenecks, such as congested links, while the destination hop concludes with an exclamation mark (!) or specific ICMP codes like "port unreachable" to confirm arrival.[46] Annotations like !N (network unreachable) or !X (administratively prohibited) may also appear if ICMP errors are received.[10]
To analyze traceroute results, first count the number of hops to determine path length, which by default is limited to 30 but can exceed this if the maximum TTL is increased via options like -m.[10] Next, examine RTT trends: consistent low values suggest efficient routing, while spikes or high variance (e.g., one probe at 2 ms and another at 150 ms) highlight potential issues at specific hops.[46] Reverse DNS lookups, if performed, allow mapping IPs to organizational details, such as identifying ISP routers. Tools like MTR extend this by providing a dynamic, real-time table of packet loss percentages and average RTTs per hop, updating continuously for ongoing monitoring.[47]
A representative example of traceroute output to google.com (142.250.4.100) might show:
traceroute to google.com (142.250.4.100), 64 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 1.123 ms 1.456 ms 1.234 ms
2 10.0.0.1 (10.0.0.1) 5.678 ms 6.012 ms 5.890 ms
3 * * *
4 isp-router.example.com (203.0.113.1) 15.234 ms 16.789 ms 15.901 ms
5 google.com (142.250.4.100) 25.456 ms 26.123 ms 25.789 ms
traceroute to google.com (142.250.4.100), 64 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 1.123 ms 1.456 ms 1.234 ms
2 10.0.0.1 (10.0.0.1) 5.678 ms 6.012 ms 5.890 ms
3 * * *
4 isp-router.example.com (203.0.113.1) 15.234 ms 16.789 ms 15.901 ms
5 google.com (142.250.4.100) 25.456 ms 26.123 ms 25.789 ms
This illustrates five hops, with hop 3 non-responsive (*) and progressively increasing RTTs indicating cumulative delay. (Note: IP addresses for google.com vary by location and time.)[10]
Applications and Benefits
Network Diagnostics
Traceroute serves as a fundamental tool in network diagnostics, enabling the identification of packet loss at individual hops through repeated probes that elicit timeouts or asterisks (*) in output when responses fail to return.[11] It also detects firewall blocks, where intermediate devices configured to drop ICMP time-exceeded or port-unreachable messages result in no response from affected hops.[48] Additionally, traceroute uncovers asymmetric routing by mapping divergent forward and return paths when probes are executed bidirectionally, highlighting potential inconsistencies in network traffic handling.[49]
In practical troubleshooting, administrators begin by executing traceroute to the target destination to visualize the full path and isolate failure points.[11] They then compare outbound and inbound traceroutes to spot routing loops, indicated by repeated IP addresses, or blackholes, where packets vanish without trace beyond a certain hop.[50] End-to-end latency can be estimated from the round-trip time reported for the destination hop, aiding optimization for latency-sensitive applications such as VoIP calls or online gaming.[51]
The benefits of traceroute in diagnostics include exposing inefficiencies in ISP routing, such as suboptimal paths causing delays, and facilitating outage pinpointing without requiring administrative access to external networks.[52] This visibility empowers users to escalate issues effectively to service providers based on hop-specific evidence.
In enterprise IT environments, traceroute diagnoses internal LAN issues like congested switches or misconfigured VLANs by tracing paths within corporate infrastructure.[6] For home users, it verifies connectivity to websites, such as example.com, by revealing if problems stem from local routers or upstream providers.[7]
Traceroute is frequently paired with ping to confirm hop responsiveness and overall reachability, enhancing diagnostic accuracy.[8] Its integration into pre-emptive monitoring workflows helps detect intermittent issues early, minimizing downtime in critical operations.[53] As detailed in traceroute output analysis, interpreting these patterns provides actionable insights for resolution.[54]
Advanced Uses
Traceroute has been extensively employed in research efforts to discover and map Internet topology, particularly at the autonomous system (AS) level. The Center for Applied Internet Data Analysis (CAIDA) utilizes large-scale traceroute measurements through its Archipelago (Ark) infrastructure to construct datasets of IPv4 routed /24 topologies, enabling the inference of AS paths and overall Internet structure. These measurements help researchers analyze routing policies and physical connectivity, revealing that not all possible paths are utilized due to policy constraints.[55][56]
In penetration testing, traceroute aids in mapping network paths to identify potential attack surfaces by revealing intermediate routers, allowing security professionals to assess exposure without direct interaction. However, its utility in reconnaissance is constrained by rate-limiting mechanisms implemented on many routers to prevent abuse, which can throttle or block repeated probes.[57]
Modern cloud environments integrate traceroute for advanced diagnostics, such as within Amazon Web Services (AWS) Virtual Private Clouds (VPCs) to trace paths and measure latency in hybrid setups connecting on-premises networks to cloud resources. Similarly, Google Cloud's Connectivity Tests tool employs traceroute-like probes to verify reachability and diagnose issues between VM instances in peered VPCs. In software-defined networking (SDN) contexts, traceroute supports dynamic path verification by confirming intended routes against programmable network policies, aiding in the optimization of traffic flows.[25][58][59]
For security, traceroute helps identify exposed routers by disclosing their IP addresses and response times, which can signal vulnerabilities in forwarding behavior or malicious routing. Academic studies since 2010 have used traceroute datasets to measure global routing stability, such as detecting delay and forwarding anomalies across diverse vantage points. Graphical variants of traceroute further enhance visualization of cloud paths, merging multiple traces into reticular graphs for intuitive analysis of complex topologies.[60][61][62]
Limitations and Challenges
Technical Limitations
Traceroute provides visibility into the sequence of network interfaces along a probed path, rather than the complete end-to-end route, as it relies on the IP address of the interface that generates the ICMP Time Exceeded response.[63] This can lead to inaccuracies, particularly in environments with equal-cost multi-path (ECMP) routing, where successive probe packets may traverse different parallel paths due to per-packet or per-flow load balancing, resulting in inconsistent or incomplete path representations across multiple runs.[64] Studies indicate that per-flow load balancing affects approximately 40% of Internet paths, contributing to such traceroute inconsistencies.[65] Additionally, traceroute fails to detect Multiprotocol Label Switching (MPLS) labels, obscuring the label-switched paths within MPLS domains unless specialized extensions are used.[66]
Non-responsive hops often appear in traceroute output as asterisks (*), indicating no response within the timeout period, which can stem from firewalls or routers configured to ignore or block ICMP Time Exceeded messages or UDP probes.[21] Rate-limiting mechanisms on intermediate devices further exacerbate this by dropping excessive probe packets or delaying ICMP responses, reducing the tool's ability to map the full path.[67]
Traceroute implicitly assumes symmetric routing, where the outbound path mirrors the inbound return path for responses, but modern networks frequently exhibit asymmetry, leading to undetected variations in reverse routes.[64] In IPv4 environments, potential fragmentation of probe packets due to varying path MTUs can disrupt the process, as fragmented ICMP responses may not properly convey the originating interface or may be dropped altogether.[68] Moreover, there is no inherent guarantee of packet delivery in traceroute, as probes rely on best-effort IP routing without acknowledgments or retransmissions.
From a security perspective, traceroute responses are vulnerable to spoofing, where malicious actors can forge ICMP messages to mislead path diagnostics or conceal routing faults.[60] Overuse of traceroute probes can impose undue load on intermediate routers, potentially enabling denial-of-service (DoS) conditions through amplified ICMP traffic generation.[21] In encrypted environments such as VPNs or IPsec tunnels, traceroute becomes ineffective at revealing internal hops, as the encrypted payload obscures the underlying network topology from probe analysis.[69]
Mitigation Techniques
To address issues arising from load balancing in networks, Paris traceroute enforces consistent probe behavior across hops by controlling packet header fields, such as maintaining constant flow identifiers to ensure all probes follow the same path through equal-cost multi-path (ECMP) routers.[23]
For enhancing traceroute responsiveness in environments with firewalls or high latency, switching to TCP mode with the -T option allows probes to mimic legitimate connections, bypassing filters that block UDP or ICMP packets.[70] Increasing the number of probes per hop via the -q option (e.g., -q 5 for five probes) improves reliability in lossy networks, while adjusting timeouts with -w (e.g., -w 3 for 3 seconds) accommodates slower responses without premature termination.
Advanced mitigation involves integrating traceroute with complementary tools for more robust diagnostics. MTR combines continuous ping and traceroute functionality to monitor packet loss and latency over time, enabling ongoing path assessment rather than one-off traces.[71] For large-scale probing, Scamper supports efficient, parallel traceroute operations across thousands of targets, incorporating techniques like Paris-style probing to handle multipath routing at Internet scale.[72] In IPv6 environments, traceroute relies on the Hop Limit field analogous to TTL, with probes designed as non-fragmentable to avoid reassembly issues at endpoints, as routers do not fragment IPv6 packets.[73]