Your linked 1+ hour video includes things like IATA airport codes for geolocation and such. None of that is relevant to the fact that all traceroute implementations make use of very basic networking fundamentals: in particular, by sending out a series of packets with artificially limited TTL, to [hopefully] receive ICMP type 11 code 0 "TTL expired" packets from the hops along the path to your target.
Traceroute is simple. Sure, there's lots you can do to enrich the data you receive (e.g, reverse DNS and geolocation), or sending multiple sequences to identify equal cost multipath. But these are not inherent or necessary to perform a traceroute.
And understanding why different protocols exhibit different behavior / observe different metrics, or why some nodes don't send ICMP TTL expired, is important. But that's more in line with what you call "using it to troubleshoot", which is not "how it works."
But "how traceroute works" is simple: First you send a packet with TTL=1, then you send a packet with TTL=2, and so on. That's it, that's how it works.
The typical candidate I might ask doesn't know that IP packets include a TTL field. So we start simpler: "What is a packet?" "What is a router?" "How does a packet get to the destination?" "What if there's a routing loop?"
Some candidates throw up their hands immediately, which makes it a short interview. Some candidates already know, which makes it a useless question and we move on to other things. For everyone else, I think it's a good interview question.
I asked chatgpt to give me answers to these questions as I'm also in the process of learning these things. What do you think of these answers? Would chatgpt pass the interview?
1. *"What is a packet?"*
- A packet is a data unit sent over a network, encapsulated within protocols like IP and TCP/UDP. It contains both the payload (actual data) and control information such as source and destination IP addresses. Packets enable efficient routing and reassembly at the destination in network communication.
2. *"What is a router?"*
- A router is a device that forwards data packets between networks, operating at the network layer. It uses IP addresses, routing tables, and algorithms to determine the best path for packet forwarding, connecting different network types and managing traffic between internal and external networks.
3. *"How does a packet get to the destination?"*
- A packet reaches its destination through routing. It passes through routers that consult their routing tables to forward the packet. The packet traverses multiple networks, with IP protocols guiding it towards the destination, ensuring error checking and congestion handling.
4. *"What if there's a routing loop?"*
- In a routing loop, a packet is passed continuously between routers. The Time-To-Live (TTL) field in IP packets prevents endless loops by decrementing each time a packet passes a router. If TTL hits zero before the destination is reached, the packet is discarded to prevent network clogging. Routing protocols also have mechanisms to detect and prevent loops.
Yup I saw your other reply and totally makes sense -- networking related or adjacent, but not quite networking-proper type roles. Thanks for your replies.
Its relevant to what I stated, that interpreting the data that traceroute provides is not simple. The mechanism itself is indeed very simple.
Have you never been asked a question in an interview that starts a discussion or has follow up questions? In isolation its not a good question, true for most questions, but to initiate something deeper its good. After the initial explanation of how it works you can get into how you have used it, what kind of issues you have solved with it. Then maybe look at an actual case and give your interpretation of the data. You could get into router hardware architectures, what the control/data planes are, why some drops in the output are not a problem and when they are, ECMP, why bidirectional traceroutes are useful, routing topology, flapping routes, etc.
I just realized I don't know traceroute as well as I thought I did. apparently Unix systems send UDP packets, while Windows sends ICMP. which maybe explains why I've had such a miserable experience with traceroute on the modern Internet, because many ISPs block ICMP from outside.
I’ve never encountered an isp blocking icmp that doesn’t also block all sorts of traffic. I can ping 8.8.8.8 or whatever from almost every connection I’ve used anywhere in the world.
Not every router will return a tel expired of course, and many ISPs route ipv4 traffic via rfc1918 addresses nowadays , so you can get big gaps in their networks, but that applies whether your outbound packet is icmp, tcp, UDP, or any other type.
Worth remembering that packets with different source and destination ports can route via different paths, so sometimes you need to be aware of the entire ip/port/protocol for src/dst and configuring them properly. Nat can cause problems there too when it changes your source ports.
Traceroute is simple. Sure, there's lots you can do to enrich the data you receive (e.g, reverse DNS and geolocation), or sending multiple sequences to identify equal cost multipath. But these are not inherent or necessary to perform a traceroute.
And understanding why different protocols exhibit different behavior / observe different metrics, or why some nodes don't send ICMP TTL expired, is important. But that's more in line with what you call "using it to troubleshoot", which is not "how it works."
But "how traceroute works" is simple: First you send a packet with TTL=1, then you send a packet with TTL=2, and so on. That's it, that's how it works.