CCIE or Null!

The fact that Windows tracert operates differently from the traceroute command in Cisco devices will almost always lead to an interesting discussion. Mainly because many people are not aware of the real differences between these two utilities, they are merely aware of the spelling differences and how could you blame them both commands give you very similar results and perform the same function.

Let’s look at a tracert from a Microsoft Windows workstation:

What to know here is the Window’s tracert utility is relying on ICMP echo requests. (So this is nothing more then an extension of a simple ping)

The other key difference between Windows and Cisco, is when the destination is reached it replies back with an ICMP echo reply:

Now when we look at traceroute utility from a Cisco device:

Now the packets:

What we see here is a UDP packet with a destination port of 33434 (The source port is almost always random), not an ICMP echo packet.

Now with Cisco the destination will not answer back with reply packet but surprising enough a destination unreachable packet. See below (Notice the source of the IP packet, it’s the destination of our traceroute)

So to recap, Windows Tracert utility relies on ICMP Type 8 (Echo Request) and Type 0 (Echo Reply) packets, while Cisco replies on a UDP probe packet with a destination port of 33434, and ICMP Type 3 (Destination Unreachable) packet.