The article mentions many traceroute implementations change the source port to
associate queries with responses. Another technique is to use the IP ID field,
leaving the source port static. In tcptraceroute, you can choose either method
using "--track-id" or "--track-port". By comparing the two, you can sometimes see traffic being load-balanced across multiple links.
From a quick glance, this looks to be a rewrite/reformatting of a presentation at NANOG 47 entitled "Tutorial: How to Accurately Interpret Traceroute Results". From the abstract [0]:
> Many people think they understand how to use and understand traceroute, yet the large number of traceroute based tickets at any sizable ISP proves that the vast majority of people do not. Even the ISPs themselves are frequently unable to come up with staff who are qualified to look at a traceroute and interpret it correctly.
There's a PDF of the slides [1] as well as a WMV [2] available. As a network engineer at an ISP, I send out these links fairly often. To quote someone else [3]:
> This is an incredibly useful presentation. All the little bits and
pieces you can't learn from text books.
Seriously, watch the video or, at the least, listen to it as you do something else. I'd almost guarantee that you'll learn something.
The article mentions many traceroute implementations change the source port to associate queries with responses. Another technique is to use the IP ID field, leaving the source port static. In tcptraceroute, you can choose either method using "--track-id" or "--track-port". By comparing the two, you can sometimes see traffic being load-balanced across multiple links.
I just did a quick write up of this at https://gist.github.com/mct/2ae1dbc2d596f59f5aff (which I should add to the examples.txt file)