Linux Traceroute Command, Explained with Examples

Linux Traceroute Command

In this article, we will discuss everything you want to know about the Linux traceroute command and how to use it in your daily practice.

Traceroute is a command line utility that prints the route (or hops) that a packet takes to reach another host. It is used for network diagnostics. As its name suggests, the main purpose of a traceroute is to trace the IP route from a source to a destination inside an IP network, allowing administrators to better resolve connectivity issues. Traceroute will not only tell whether you have connectivity, but it will point out where is the problem precisely and why would that be happening.

Traceroute gives you complete information about the path that your data will take to reach its destination. For example, if the your computer (source) is in Los Angeles, California and the server in New York (destination), traceroute will identify the complete path, each hop (the computers, routers, or any devices that comes in between the source and the destination) on the path, and the time it takes to go and come back.

However, in the Internet, Traceroute messages are often blocked by routers in various Autonomous Systems, making Traceroute inaccurate in some cases.

How Does Traceroute Works

Traceroute most commonly uses ICMP (Internet Control Message Protocol) echo packets with variable TTL (Time to Live) values. To guarantee accuracy, each hop is queried multiple times and the response time of each hop is calculated.

The Linux traceroute command works by manipulating the TTL. The purpose of TTL is to limit how long data will live in an IP network. Each packet of data that is sent out is assigned a TTL value. When a data packet reaches a hop on the way to the destination device, the TTL value is decreased by 1.

When a router decrements a packet’s hop count value to zero, it sends an ICMP “time exceeded” error message back to the source IP address in the packet, otherwise it forwards the packet onward.

How does Linux traceroute works

A traceroute tool sends packets to a destination IP and with a TTL set to 1, so that the first router the packets reach will send back an error “time exceeded”. When the error returns, the traceroute tool records the first router’s identity and round-trip time, increments the TTL, and sends new packets, repeating this process until either the last packet reaches the destination IP or two sets of packets are dropped.

How to Use the traceroute Command on Linux

Let’s start with a simple example. Let’s execute the traceroute command for the www.google.com domain.

traceroute www.google.com
traceroute to www.google.com (142.251.33.4), 30 hops max, 60 byte packets
1  63.133.178.109 (63.133.178.109)  0.210 ms  0.268 ms  0.214 ms
2  ae1.cr0-dal4.ip4.gtt.net (69.174.3.1)  0.311 ms  0.317 ms  0.354 ms
3  ae1.cr10-dal3.ip4.gtt.net (213.254.230.210)  1.260 ms  2.320 ms  2.304 ms
4  as15169.dal33.ip4.gtt.net (199.229.230.118)  3.595 ms  2.464 ms  1.365 ms
5  108.170.240.129 (108.170.240.129)  2.636 ms 108.170.240.193 (108.170.240.193)  1.501 ms 108.170.240.129 (108.170.240.129)  2.620 ms
6  142.251.60.143 (142.251.60.143)  1.480 ms  1.499 ms 142.251.60.145 (142.251.60.145)  1.473 ms
7  dfw25s44-in-f4.1e100.net (142.251.33.4)  1.425 ms  1.622 ms  1.587 ms

The first line gives us the following information:

  • The destination (www.google.com) and its IP address (142.251.33.4).
  • The number of hops traceroute will try before giving up (30 hops).
  • The size of the UDP packets we’re sending (60 byte).

The rest of the output shows all the routers that our packets went through. In each of the lines, we can find information about the name and IP address of the host. The next three values represent the round-trip times for a given router.

In our case, to connect to www.google.com, the request needs to go through seven different routers. In the output, we can see that the last one (142.251.33.4) is the destination host for the www.google.com domain.

Hiding Device Names

As we’ve seen, sometimes including device names leads to a cluttered display. To make it easier to see the data, you can use traceroute command in Linux with the -n option.

traceroute -n www.google.com
traceroute to www.google.com (142.251.33.4), 30 hops max, 60 byte packets
1  63.133.178.109  0.142 ms  0.224 ms  0.207 ms
2  69.174.3.1  0.306 ms  0.303 ms  0.323 ms
3  213.254.230.210  11.812 ms  11.784 ms  11.771 ms
4  199.229.230.118  6.516 ms  1.851 ms  4.416 ms
5  108.170.240.129  2.944 ms 108.170.240.193  2.009 ms 108.170.240.129  2.920 ms
6  142.251.60.143  1.928 ms  1.928 ms  1.933 ms
7  142.251.33.4  1.937 ms  1.922 ms  1.926 ms

Setting the Maximum Number of Hops with the Linux traceroute Command

By adding an extra -m parameter we can specify the maximum number of hops traceroute will probe:

traceroute -m 3 www.google.com
traceroute to www.google.com (142.251.33.4), 3 hops max, 60 byte packets
1  63.133.178.109 (63.133.178.109)  0.170 ms  0.187 ms  0.172 ms
2  ae1.cr0-dal4.ip4.gtt.net (69.174.3.1)  0.299 ms  0.300 ms  0.301 ms
3  ae1.cr10-dal3.ip4.gtt.net (213.254.230.210)  2.727 ms  2.753 ms  2.736 ms

Now, the output will consist only of the first three routers. The default value for the -m parameter is 30. Therefore, make sure to increase it in cases where the number of hops can exceed 30.

Setting the Number of Probe Packets per Hop

By default, traceroute sends three UDP packets to each hop. We can use the -q option to adjust this up or down.

To speed up the traceroute we type the following to reduce the number of UDP probe packets to one:

traceroute -q 1 www.google.com
traceroute to www.google.com (142.251.33.4), 30 hops max, 60 byte packets
1  63.133.178.109 (63.133.178.109)  0.160 ms
2  ae1.cr0-dal4.ip4.gtt.net (69.174.3.1)  0.272 ms
3  ae1.cr10-dal3.ip4.gtt.net (213.254.230.210)  2.190 ms
4  as15169.dal33.ip4.gtt.net (199.229.230.118)  1.853 ms
5  108.170.240.129 (108.170.240.129)  3.063 ms
6  142.251.60.145 (142.251.60.145)  1.993 ms
7  dfw25s44-in-f4.1e100.net (142.251.33.4)  1.952 ms

Conclusion

The Linux traceroute command is a great tool to investigate network routing, check connection speeds, or identify bottlenecks. It is available in all popular Linux distributions. When using this tool, you will often employ the methods described in this article.

For more about traceroute command in Linux, consult its manual page.

Leave a Reply

Your email address will not be published.

Latest from Tips & Tricks