The network route from a destination is not always static. Alot of routers allow load splitting. Traceroute assumes a single path from a destination.
Traceroute works by sending packets with varying Time To Live (TTL) fields. Each time a packet is routed or forwarded, the TTL is decremented. When the TTL reaches 0, a router should send a TTL Exceeded message to the origin. The router in question identifies itself to the originator of the packet. The reason for the TTL is to avoid packets being forwarded indefinately, due to routing loops or incorrectly configured routers.
The packet we send is arbitrary, but probably something like a TCP connection on port 80 which most people allow. If we dont use a popular protocol we might get filtered. If we set the TTL to 1, our packet will make it 1 hop before returning to us. Then making it 2, it makes it 2 hops. Making it 3 makes it return after 3 hops and so on. If we continue until the packet finally makes it the destination, we can determine the route the packet takes.
Infact, its not strictly correct. Assymetric routing means that packets are forwarded on different paths depending on wether the packets originate from the source or destination. That is, the source takes a different path to the destination compared to packets travelling from the destination to the source.
In addition to determing network routes, firewalls can be detected along the way by differences in packet filtering and handling of the TTL.
A better apprach though than the one I described is to send multiple packets on each TTL being used. This way we can detect routers that are using load balancing techniques. By drawing a map using the results we get a much clearer indication of the network topology, and discover that load balancing is used almost everywhere.
I wrote a program that did this in 2002, which I since lost into internet oblivious. I think something like xtraceroute would be ideal to add to any system.