traceroute - Linux

Overview

traceroute is a network diagnostic tool used to trace the path that an IP packet takes to reach its destination. It provides visibility into the route taken by packets across an IP network, identifies how many hops the packet requires to reach the host, and helps in pinpointing network issues such as delays and bottlenecks. It is commonly used for network troubleshooting and to test network behavior.

Syntax

The basic syntax for traceroute is:

traceroute [options] <destination>

Where <destination> can be a hostname or an IP address.

Options/Flags

  • -m <max_ttl>: Specifies the maximum number of hops (max time-to-live value) traceroute will probe. The default is usually 30 hops.
  • -q <nqueries>: Sets the number of query packets sent at each hop. The default is 3.
  • -n: Avoids DNS name resolution. IP addresses will be shown instead of hostnames.
  • -I: Uses ICMP ECHO for probes instead of UDP datagrams.
  • -T: Uses TCP SYN for probes (useful for tracing through networks that block UDP or ICMP).
  • -p <port>: When using UDP or TCP, this option specifies the destination port number to use. The default is incrementally higher than 33434.
  • -f <first_ttl>: Sets the initial time-to-live used in the first outgoing probe packet.
  • -w <waittime>: The time in seconds to wait for a response to a probe. Default is 5 seconds.

Examples

  1. Basic Tracing:

    traceroute example.com

    Trace the route to example.com using the default settings.

  2. Use ICMP Instead of UDP:

    traceroute -I example.com

    Use ICMP ECHO instead of UDP datagrams for tracing.

  3. Set a Specific Port and Avoid DNS Resolution:

    traceroute -n -p 80 example.com

    Trace to example.com using port 80 (HTTP) without resolving hostnames to IP addresses.

Common Issues

  • Timeouts and “ * “: Occasionally, some hops do not return a result, displayed as “* * *”. This may be due to firewalls blocking the traceroute packet types. Using -I might mitigate this if ICMP is allowed.
  • Traceroute completes at a hop before the expected destination: Some networks employ firewalls that block traceroute packets. Trying -T could help if the network allows TCP SYN packets through.

Integration

Traceroute can be combined with other tools for comprehensive network analysis. For example, integrating it with grep can help in filtering specific hops:

traceroute example.com | grep 'specific-hop-ip'

This command traces the route to example.com and filters outputs to show information related to ‘specific-hop-ip’ only.

  • ping: Used to check the connectivity to a server and measure the round-trip time.
  • mtr: Combines the functionality of traceroute and ping into a single network diagnostic tool.

For additional resources and reading, refer to the online manual available via the man traceroute command or visit the tool’s page at Traceroute Tool Page.