Traceroute is a command-line utility that prints the route (or hops) that a packet takes to reach another host. It is used for network diagnostics.
As its name suggests, the primary purpose of a traceroute is to trace the IP route from a source to a destination inside an IP network, allowing administrators to resolve connectivity issues better.
The traceroute command will not only tell whether you have connectivity, but it will point out where the problem is precisely and why that would be happening.
Traceroute gives you complete information about your data’s path to reach its destination. For example, suppose your computer (source) is in Los Angeles, California, and the server is in New York (destination).
In that case, the traceroute will identify the complete path, each hop (the computers, routers, or any devices that come in between the source and the destination) on the path, and the time it takes to go and come back.
However, on the Internet, traceroute messages are often blocked by routers in various Autonomous Systems, making traceroute inaccurate in some cases.
How Does Traceroute Work
Traceroute most commonly uses ICMP (Internet Control Message Protocol) echo packets with variable TTL (Time to Live) values. To guarantee accuracy, each hop is queried multiple times, and the response time of each hop is calculated.
The Linux traceroute command works by manipulating the TTL. The purpose of TTL is to limit how long data will live in an IP network. Each packet of data that is sent out is assigned a TTL value.
When a data packet reaches a hop on the way to the destination device, the TTL value is decreased by 1.
When a router decrements a packet’s hop count value to zero, it sends an ICMP “time exceeded” error message back to the sourceIP addressin the packet; otherwise, it forwards the packet onward.
A traceroute tool sends packets to a destination IP with a TTL set to 1 so that the first router the packets reach will send back an error “time exceeded.”
When the error returns, the traceroute tool records the first router’s identity and round-trip time, increments the TTL, and sends new packets, repeating this process until the last packet reaches the destination IP, or two sets of packets are dropped.
How to Use the traceroute Command on Linux
Let’s start with a simple example. First, let’s execute the traceroute command for the www.google.com domain.
traceroute www.google.comCode language: CSS (css)traceroute to www.google.com (142.251.33.4), 30 hops max, 60 byte packets1 63.133.178.109 (63.133.178.109) 0.210 ms 0.268 ms 0.214 ms2 ae1.cr0-dal4.ip4.gtt.net (69.174.3.1) 0.311 ms 0.317 ms 0.354 ms3 ae1.cr10-dal3.ip4.gtt.net (213.254.230.210) 1.260 ms 2.320 ms 2.304 ms4 as15169.dal33.ip4.gtt.net (199.229.230.118) 3.595 ms 2.464 ms 1.365 ms5 108.170.240.129 (108.170.240.129) 2.636 ms 108.170.240.193 (108.170.240.193) 1.501 ms 108.170.240.129 (108.170.240.129) 2.620 ms6 142.251.60.143 (142.251.60.143) 1.480 ms 1.499 ms 142.251.60.145 (142.251.60.145) 1.473 ms7 dfw25s44-in-f4.1e100.net (142.251.33.4) 1.425 ms 1.622 ms 1.587 msCode language: CSS (css)The first line gives us the following information:
- The destination (
www.google.com) and its IP address (142.251.33.4). - The number of hops
traceroutewill try before giving up (30 hops). - The size of the UDP packets we’re sending (60 bytes).
The rest of the output showsall the routers that our packets went through. In each of the lines, we can find information about thename and IP address of the host. For example, the following three values represent the round-trip times for a given router.
In our case, to connect to www.google.com, the request needs to go through seven different routers.The output shows that the last one (142.251.33.4) is the destination host for the www.google.com domain.
Hiding Device Names
As we’ve seen, sometimes including device names leads to a cluttered display. To make it easier to see the data, you can use the traceroute command in Linux with the-noption.
traceroute -n www.google.comCode language: CSS (css)traceroute to www.google.com (142.251.33.4), 30 hops max, 60 byte packets1 <meta http-equiv="content-type" content="text/html; charset=utf-8">63.133.178.109 0.142 ms 0.224 ms 0.207 ms2 69.174.3.1 0.306 ms 0.303 ms 0.323 ms3 213.254.230.210 11.812 ms 11.784 ms 11.771 ms4 199.229.230.118 6.516 ms 1.851 ms 4.416 ms5 108.170.240.129 2.944 ms 108.170.240.193 2.009 ms 108.170.240.129 2.920 ms6 142.251.60.143 1.928 ms 1.928 ms 1.933 ms7 142.251.33.4 1.937 ms 1.922 ms 1.926 msCode language: HTML, XML (xml)Setting the Maximum Number of Hops with the Linux traceroute Command
By adding an extra -m parameter, we can specify the maximum number of hops the traceroute will probe:
traceroute -m 3 www.google.comCode language: CSS (css)traceroute to www.google.com (142.251.33.4), 3 hops max, 60 byte packets1 <meta http-equiv="content-type" content="text/html; charset=utf-8">63.133.178.109 (<meta http-equiv="content-type" content="text/html; charset=utf-8">63.133.178.109) 0.170 ms 0.187 ms 0.172 ms2 ae1.cr0-dal4.ip4.gtt.net (69.174.3.1) 0.299 ms 0.300 ms 0.301 ms3 ae1.cr10-dal3.ip4.gtt.net (213.254.230.210) 2.727 ms 2.753 ms 2.736 msCode language: HTML, XML (xml)Now, the output will consist only of the first three routers. The default value for the -m parameter is 30. Therefore, make sure to increase it in cases where the number of hops can exceed 30.
Setting the Number of Probe Packets per Hop
By default,traceroutesends three UDP packets to each hop. We can use the -q option to adjust this up or down.
To speed up the traceroute, we type the following to reduce the number of UDP probe packets to one:
traceroute -q 1 www.google.comCode language: CSS (css)traceroute to www.google.com (142.251.33.4), 30 hops max, 60 byte packets1 <meta http-equiv="content-type" content="text/html; charset=utf-8">63.133.178.109 (<meta http-equiv="content-type" content="text/html; charset=utf-8">63.133.178.109) 0.160 ms2 ae1.cr0-dal4.ip4.gtt.net (69.174.3.1) 0.272 ms3 ae1.cr10-dal3.ip4.gtt.net (213.254.230.210) 2.190 ms4 as15169.dal33.ip4.gtt.net (199.229.230.118) 1.853 ms5 108.170.240.129 (108.170.240.129) 3.063 ms6 142.251.60.145 (142.251.60.145) 1.993 ms7 dfw25s44-in-f4.1e100.net (142.251.33.4) 1.952 msCode language: HTML, XML (xml)Conclusion
The Linux traceroute command is an excellent tool for investigating network routing, checking connection speeds, or identifying bottlenecks. It is available in all popular Linux distributions. When using this tool, you will often employ the methods described in this article.
For more about thetraceroutecommand in Linux, consult itsmanual page.
