Linux Traceroute Command, Explained with Examples

Linux Traceroute Command, Explained with Examples

This article will discuss everything you want to know about the Linux traceroute command and how to use it in your daily practice.

Traceroute is a command-line utility that prints the route (or hops) that a packet takes to reach another host. It is used for network diagnostics.

As its name suggests, the primary purpose of a traceroute is to trace the IP route from a source to a destination inside an IP network, allowing administrators to resolve connectivity issues better.

The traceroute command will not only tell whether you have connectivity, but it will point out where the problem is precisely and why that would be happening.

Traceroute gives you complete information about your data’s path to reach its destination. For example, suppose your computer (source) is in Los Angeles, California, and the server is in New York (destination).

In that case, the traceroute will identify the complete path, each hop (the computers, routers, or any devices that come in between the source and the destination) on the path, and the time it takes to go and come back.

However, on the Internet, traceroute messages are often blocked by routers in various Autonomous Systems, making traceroute inaccurate in some cases.

How Does Traceroute Work

Traceroute most commonly uses ICMP (Internet Control Message Protocol) echo packets with variable TTL (Time to Live) values. To guarantee accuracy, each hop is queried multiple times, and the response time of each hop is calculated.

The Linux traceroute command works by manipulating the TTL. The purpose of TTL is to limit how long data will live in an IP network. Each packet of data that is sent out is assigned a TTL value.

When a data packet reaches a hop on the way to the destination device, the TTL value is decreased by 1.

When a router decrements a packet’s hop count value to zero, it sends an ICMP “time exceeded” error message back to the source IP address in the packet; otherwise, it forwards the packet onward.

How does Linux traceroute works

A traceroute tool sends packets to a destination IP with a TTL set to 1 so that the first router the packets reach will send back an error “time exceeded.”

When the error returns, the traceroute tool records the first router’s identity and round-trip time, increments the TTL, and sends new packets, repeating this process until the last packet reaches the destination IP, or two sets of packets are dropped.

How to Use the traceroute Command on Linux

Let’s start with a simple example. First, let’s execute the traceroute command for the www.google.com domain.

traceroute www.google.com
traceroute to www.google.com (142.251.33.4), 30 hops max, 60 byte packets
1  63.133.178.109 (63.133.178.109)  0.210 ms  0.268 ms  0.214 ms
2  ae1.cr0-dal4.ip4.gtt.net (69.174.3.1)  0.311 ms  0.317 ms  0.354 ms
3  ae1.cr10-dal3.ip4.gtt.net (213.254.230.210)  1.260 ms  2.320 ms  2.304 ms
4  as15169.dal33.ip4.gtt.net (199.229.230.118)  3.595 ms  2.464 ms  1.365 ms
5  108.170.240.129 (108.170.240.129)  2.636 ms 108.170.240.193 (108.170.240.193)  1.501 ms 108.170.240.129 (108.170.240.129)  2.620 ms
6  142.251.60.143 (142.251.60.143)  1.480 ms  1.499 ms 142.251.60.145 (142.251.60.145)  1.473 ms
7  dfw25s44-in-f4.1e100.net (142.251.33.4)  1.425 ms  1.622 ms  1.587 ms

The first line gives us the following information:

  • The destination (www.google.com) and its IP address (142.251.33.4).
  • The number of hops traceroute will try before giving up (30 hops).
  • The size of the UDP packets we’re sending (60 bytes).

The rest of the output shows all the routers that our packets went through. In each of the lines, we can find information about the name and IP address of the host. For example, the following three values represent the round-trip times for a given router.

In our case, to connect to www.google.com, the request needs to go through seven different routers. The output shows that the last one (142.251.33.4) is the destination host for the www.google.com domain.

Hiding Device Names

As we’ve seen, sometimes including device names leads to a cluttered display. To make it easier to see the data, you can use the traceroute command in Linux with the -n option.

traceroute -n www.google.com
traceroute to www.google.com (142.251.33.4), 30 hops max, 60 byte packets
1  63.133.178.109  0.142 ms  0.224 ms  0.207 ms
2  69.174.3.1  0.306 ms  0.303 ms  0.323 ms
3  213.254.230.210  11.812 ms  11.784 ms  11.771 ms
4  199.229.230.118  6.516 ms  1.851 ms  4.416 ms
5  108.170.240.129  2.944 ms 108.170.240.193  2.009 ms 108.170.240.129  2.920 ms
6  142.251.60.143  1.928 ms  1.928 ms  1.933 ms
7  142.251.33.4  1.937 ms  1.922 ms  1.926 ms

Setting the Maximum Number of Hops with the Linux traceroute Command

By adding an extra -m parameter, we can specify the maximum number of hops the traceroute will probe:

traceroute -m 3 www.google.com
traceroute to www.google.com (142.251.33.4), 3 hops max, 60 byte packets
1  63.133.178.109 (63.133.178.109)  0.170 ms  0.187 ms  0.172 ms
2  ae1.cr0-dal4.ip4.gtt.net (69.174.3.1)  0.299 ms  0.300 ms  0.301 ms
3  ae1.cr10-dal3.ip4.gtt.net (213.254.230.210)  2.727 ms  2.753 ms  2.736 ms

Now, the output will consist only of the first three routers. The default value for the -m parameter is 30. Therefore, make sure to increase it in cases where the number of hops can exceed 30.

Setting the Number of Probe Packets per Hop

By default, traceroute sends three UDP packets to each hop. We can use the -q option to adjust this up or down.

To speed up the traceroute, we type the following to reduce the number of UDP probe packets to one:

traceroute -q 1 www.google.com
traceroute to www.google.com (142.251.33.4), 30 hops max, 60 byte packets
1  63.133.178.109 (63.133.178.109)  0.160 ms
2  ae1.cr0-dal4.ip4.gtt.net (69.174.3.1)  0.272 ms
3  ae1.cr10-dal3.ip4.gtt.net (213.254.230.210)  2.190 ms
4  as15169.dal33.ip4.gtt.net (199.229.230.118)  1.853 ms
5  108.170.240.129 (108.170.240.129)  3.063 ms
6  142.251.60.145 (142.251.60.145)  1.993 ms
7  dfw25s44-in-f4.1e100.net (142.251.33.4)  1.952 ms

Conclusion

The Linux traceroute command is an excellent tool for investigating network routing, checking connection speeds, or identifying bottlenecks. It is available in all popular Linux distributions. When using this tool, you will often employ the methods described in this article.

For more about the traceroute command in Linux, consult its manual page.

Bobby Borisov
Bobby Borisov

Bobby is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, Bobby has worked as a Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Leave a Reply

Your email address will not be published. Required fields are marked *