What Is Path Trace?

When working to diagnose a network issue with the ThousandEyes platform, you will likely use the Path Visualization. This tool illustrates a visual representation of the Path Trace data collected for a round.

How Path Trace Works

A single Path Trace works similarly to how a single traceroute works. Your source - in our case, an agent - sends data packets to the target. Depending on your test settings, these could be either an ICMP or TCP packets. If the test selection is an agent-to-agent test, you have the additional option to choose UDP packets. The Path Trace starts by sending a packet directed at the test target with a Time-to-Live (TTL) value set to 1. Think of the TTL value as the expiration date on a packet. Each routing device that receives this packet decreases the value by 1 before routing it to the next hop. When the TTL value equals 0, a standard routing device drops the incoming packet and replies with an ICMP TTLx packet, indicating that the packet will be dropped at this point. The next packet in the Path Trace sequence will have a TTL value set to 2, then followed by a packet with a TTL of 3, and so on. This process continues until the agent receives a response from the intended target, or the path is deemed unresponsive. For more information about how traceroute works, see https://en.wikipedia.org/wiki/Traceroute or the more recent version, https://paris-traceroute.net/about/.

One of the key features of Path Trace is the ability to detect multiple routes to the same target. By default, an agent completes 3 Path Traces per round, in an attempt to uncover alternate routes. For tests specifying a TCP target, the agent selects a unique and random source port for each Path Trace. A unique source port suggests to intermediary routing devices that each stream of data is unrelated and can be routed on different network paths.

Obtaining Node Metadata

We use the source address listed in the IP header of TTLx packets received from the Path Trace to identify each node. For nodes within the source agent’s local network, we run a reverse DNS lookup to discover the hostname; otherwise only the IP address is listed. All other nodes are checked against WHOIS databases and Geo-IP.

As an example, the image above shows an IP address local to the US. This IP will be searched in ARIN (American Registry), where Salesforce.com will be shown as the owner. This can be checked at the following link: http://whois.arin.net/ui/

GeoIP services provide the location of the physical device hosting the IP address is. One such service is Maxmind. To see how this works, you can check out a demo here.

Path Trace to Path Visualization

The Path Visualization displays Path Trace data and node metadata collected for the displayed testing round and presents it in easy-to-understand format.

To view Path Visualization data in a more traditional manner, you can hover over an agent's name, then select Show traceroute style output from the pop-up menu.

For a complete guide on using the Path Visualization, see Using the Path Visualization View.

API Access

Raw test data can be accessed via our API: