Understanding IP Packets, TTL, and Traceroute: Tracing the Path to GitHub

When you visit a popular site like GitHub, the data packets your computer sends travel through many devices before reaching the destination server. This journey is governed by the TCP/IP protocol suite, where application data is wrapped by HTTP, TCP, and IP layers to form IP packets that are transmitted over the network.

Each IP packet carries a TTL (Time To Live) field that decrements at every hop; when TTL reaches zero, the packet is discarded and an ICMP "time exceeded" message is sent back. Traceroute (Linux) and tracert (Windows) exploit this behavior by sending packets with gradually increasing TTL values, allowing them to identify each intermediate node that responds with the timeout message.

In Windows, tracert sends ICMP packets, while Linux traceroute typically sends UDP packets. By observing which node returns the timeout notification for each TTL, the tools map the route.

Running a trace to GitHub (IP 140.82.121.3) yields the following output:

F:\work>tracert 140.82.121.3

通过最多 30 个跃点跟踪
到 lb-140-82-121-3-fra.github.com [140.82.121.3] 的路由:

  1    <1 毫秒   <1 毫秒   <1 毫秒 10.??.??.1
  2    <1 毫秒   <1 毫秒   <1 毫秒 10.??.??.??
  3     2 ms     1 ms     1 ms  182.150.63.1
  4     *        *        *     请求超时。
  5     1 ms     *        2 ms  171.208.199.81
  6     *       25 ms     *     202.97.29.45
  7     *        *        *     请求超时。
  8    36 ms    37 ms    36 ms  202.97.91.190
  9   184 ms   191 ms   185 ms  202.97.27.242
 10   195 ms   194 ms   194 ms  xe-10-0-0.mpr4.sjc7.us.zip.zayo.com [64.125.14.45]
 11   190 ms   190 ms   190 ms  ae16.cr2.sjc2.us.zip.zayo.com [64.125.31.14]
 12   324 ms   325 ms   324 ms  ae27.cs2.sjc2.us.eth.zayo.com [64.125.30.232]
 13     *        *      333 ms  ae16.cs2.den5.us.zip.zayo.com [64.125.28.215]
 14   334 ms     *        *     ae5.cs4.ord2.us.eth.zayo.com [64.125.29.217]
 15     *      327 ms   325 ms  ae3.cs2.lga5.us.eth.zayo.com [64.125.29.212]
 16     *        *        *     请求超时。
 17     *        *        *     请求超时。
 18   332 ms   332 ms   340 ms  ae0.cs1.lhr15.uk.eth.zayo.com [64.125.29.119]
 19     *        *        *     请求超时。
 20   343 ms   338 ms     *     ae4.cs1.ams17.nl.eth.zayo.com [64.125.28.36]
 21   355 ms   353 ms   353 ms  ae2.cs1.fra6.de.eth.zayo.com [64.125.29.58]
 22   335 ms   334 ms   338 ms  ae1.mcs1.fra6.de.eth.zayo.com [64.125.29.57]
 23   340 ms   341 ms   341 ms  82.98.193.31
 24     *        *        *     请求超时。
 25     *        *        *     请求超时。
 26   335 ms   343 ms   343 ms  lb-140-82-121-3-fra.github.com [140.82.121.3]

The trace shows 26 hops before reaching GitHub, indicating that the packet’s TTL must be at least 26 to succeed.

Analyzing each hop reveals the path: the first two hops are local LAN gateways, the third is a public address in Chengdu, the fourth hop times out (some routers do not send ICMP replies), the fifth remains in Chengdu, the sixth jumps to Beijing, the seventh again times out, the eighth and ninth are in Shanghai, and the tenth hop reaches California, USA, after which the remaining hops stay within the United States.

Beyond the individual hops, the article explains China’s backbone networks—ChinaNet (CT163), CN2, CHINA169, and CMNET—and describes how packets exit the local network, traverse city‑level and provincial networks, reach a core node (Beijing, Shanghai, or Guangzhou), pass through an international exchange (X‑router), and finally arrive at overseas points.

This step‑by‑step exploration demonstrates how a simple "ping" followed by a traceroute can reveal the complex, multi‑regional journey of a data packet across the global Internet.