I Rebuilt Traceroute in Rust — and It Was Simpler Than I Expected

The little surprise

A developer stepped into a familiar black box — traceroute — and came out smiling. After poking around a Tailscale exit node and wondering how traceroute actually discovers intermediate routers, they rewrote the tool in Rust and found the whole thing unexpectedly simple. It has been reported that the final implementation clocks in at roughly 80 lines of Rust. Who knew a classic network utility could be so concise?

The TTL trick, in plain English

The trick, as the post explains, is brutally elegant: TTL (Time To Live) fields and ICMP “Time Exceeded” replies. Each router decrements a packet’s TTL; when it hits zero the router drops the packet and sends an ICMP message back — which carries the router’s IP. So send UDP packets with TTL=1, TTL=2, TTL=3, and listen for the ICMP responses. The author’s example uses Rust’s socket2 crate to set a send socket’s TTL, fire a UDP probe to a high port (33434), and capture Time Exceeded replies on a raw ICMP socket, parsing the source IP out of the returned packet. Note: raw ICMP sockets typically require elevated privileges on most systems.

Why this matters

This is more than an academic exercise. Rewriting traceroute in Rust is part of a broader trend — Rustifying small, high-value system tools to get safer, clearer code without sacrificing control. The post is a neat how-to: short, play-by-play, and practical for anyone who’s ever wondered what their packets see on the way to the internet. There’s a small joy in turning a mysterious utility into readable code — and in this case, the mystery shrinks to a clever TTL trick and a few dozen lines of Rust.

Sources: stonecharioteer.com, Hacker News