This article will discuss everything you want to know about the Linux
traceroute command and how to use it in your daily practice.
Traceroute is a command-line utility that prints the route (or hops) that a packet takes to reach another host. It is used for network diagnostics.
As its name suggests, the primary purpose of a
traceroute is to trace the IP route from a source to a destination inside an IP network, allowing administrators to resolve connectivity issues better.
traceroute command will not only tell whether you have connectivity, but it will point out where the problem is precisely and why that would be happening.
Traceroute gives you complete information about your data’s path to reach its destination. For example, suppose your computer (source) is in Los Angeles, California, and the server is in New York (destination).
In that case, the
traceroute will identify the complete path, each hop (the computers, routers, or any devices that come in between the source and the destination) on the path, and the time it takes to go and come back.
However, on the Internet,
traceroute messages are often blocked by routers in various Autonomous Systems, making
traceroute inaccurate in some cases.
How Does Traceroute Work
Traceroute most commonly uses ICMP (Internet Control Message Protocol) echo packets with variable TTL (Time to Live) values. To guarantee accuracy, each hop is queried multiple times, and the response time of each hop is calculated.
traceroute command works by manipulating the TTL. The purpose of TTL is to limit how long data will live in an IP network. Each packet of data that is sent out is assigned a TTL value.
When a data packet reaches a hop on the way to the destination device, the TTL value is decreased by 1.
When a router decrements a packet’s hop count value to zero, it sends an ICMP “time exceeded” error message back to the source IP address in the packet; otherwise, it forwards the packet onward.
traceroute tool sends packets to a destination IP with a TTL set to 1 so that the first router the packets reach will send back an error “time exceeded.”
When the error returns, the traceroute tool records the first router’s identity and round-trip time, increments the TTL, and sends new packets, repeating this process until the last packet reaches the destination IP, or two sets of packets are dropped.
How to Use the traceroute Command on Linux
Let’s start with a simple example. First, let’s execute the
traceroute command for the
traceroute to www.google.com (18.104.22.168), 30 hops max, 60 byte packets 1 22.214.171.124 (126.96.36.199) 0.210 ms 0.268 ms 0.214 ms 2 ae1.cr0-dal4.ip4.gtt.net (188.8.131.52) 0.311 ms 0.317 ms 0.354 ms 3 ae1.cr10-dal3.ip4.gtt.net (184.108.40.206) 1.260 ms 2.320 ms 2.304 ms 4 as15169.dal33.ip4.gtt.net (220.127.116.11) 3.595 ms 2.464 ms 1.365 ms 5 18.104.22.168 (22.214.171.124) 2.636 ms 126.96.36.199 (188.8.131.52) 1.501 ms 184.108.40.206 (220.127.116.11) 2.620 ms 6 18.104.22.168 (22.214.171.124) 1.480 ms 1.499 ms 126.96.36.199 (188.8.131.52) 1.473 ms 7 dfw25s44-in-f4.1e100.net (184.108.40.206) 1.425 ms 1.622 ms 1.587 ms
The first line gives us the following information:
- The destination (
www.google.com) and its IP address (
- The number of hops
traceroutewill try before giving up (30 hops).
- The size of the UDP packets we’re sending (60 bytes).
The rest of the output shows all the routers that our packets went through. In each of the lines, we can find information about the name and IP address of the host. For example, the following three values represent the round-trip times for a given router.
In our case, to connect to www.google.com, the request needs to go through seven different routers. The output shows that the last one (
220.127.116.11) is the destination host for the
Hiding Device Names
As we’ve seen, sometimes including device names leads to a cluttered display. To make it easier to see the data, you can use the
traceroute command in Linux with the
traceroute -n www.google.com
traceroute to www.google.com (18.104.22.168), 30 hops max, 60 byte packets 1 22.214.171.124 0.142 ms 0.224 ms 0.207 ms 2 126.96.36.199 0.306 ms 0.303 ms 0.323 ms 3 188.8.131.52 11.812 ms 11.784 ms 11.771 ms 4 184.108.40.206 6.516 ms 1.851 ms 4.416 ms 5 220.127.116.11 2.944 ms 18.104.22.168 2.009 ms 22.214.171.124 2.920 ms 6 126.96.36.199 1.928 ms 1.928 ms 1.933 ms 7 188.8.131.52 1.937 ms 1.922 ms 1.926 ms
By adding an extra
-m parameter, we can specify the maximum number of hops the
traceroute will probe:
traceroute -m 3 www.google.com
traceroute to www.google.com (184.108.40.206), 3 hops max, 60 byte packets 1 220.127.116.11 (18.104.22.168) 0.170 ms 0.187 ms 0.172 ms 2 ae1.cr0-dal4.ip4.gtt.net (22.214.171.124) 0.299 ms 0.300 ms 0.301 ms 3 ae1.cr10-dal3.ip4.gtt.net (126.96.36.199) 2.727 ms 2.753 ms 2.736 ms
Now, the output will consist only of the first three routers. The default value for the
-m parameter is 30. Therefore, make sure to increase it in cases where the number of hops can exceed 30.
Setting the Number of Probe Packets per Hop
traceroute sends three UDP packets to each hop. We can use the
-q option to adjust this up or down.
To speed up the
traceroute, we type the following to reduce the number of UDP probe packets to one:
traceroute -q 1 www.google.com
traceroute to www.google.com (188.8.131.52), 30 hops max, 60 byte packets 1 184.108.40.206 (220.127.116.11) 0.160 ms 2 ae1.cr0-dal4.ip4.gtt.net (18.104.22.168) 0.272 ms 3 ae1.cr10-dal3.ip4.gtt.net (22.214.171.124) 2.190 ms 4 as15169.dal33.ip4.gtt.net (126.96.36.199) 1.853 ms 5 188.8.131.52 (184.108.40.206) 3.063 ms 6 220.127.116.11 (18.104.22.168) 1.993 ms 7 dfw25s44-in-f4.1e100.net (22.214.171.124) 1.952 ms
traceroute command is an excellent tool for investigating network routing, checking connection speeds, or identifying bottlenecks. It is available in all popular Linux distributions. When using this tool, you will often employ the methods described in this article.
For more about the
traceroute command in Linux, consult its manual page.