In this article, we will discuss everything you want to know about the Linux traceroute command and how to use it in your daily practice.
Traceroute is a command line utility that prints the route (or hops) that a packet takes to reach another host. It is used for network diagnostics. As its name suggests, the main purpose of a traceroute is to trace the IP route from a source to a destination inside an IP network, allowing administrators to better resolve connectivity issues. Traceroute will not only tell whether you have connectivity, but it will point out where is the problem precisely and why would that be happening.
Traceroute gives you complete information about the path that your data will take to reach its destination. For example, if the your computer (source) is in Los Angeles, California and the server in New York (destination), traceroute will identify the complete path, each hop (the computers, routers, or any devices that comes in between the source and the destination) on the path, and the time it takes to go and come back.
However, in the Internet, Traceroute messages are often blocked by routers in various Autonomous Systems, making Traceroute inaccurate in some cases.
How Does Traceroute Works
Traceroute most commonly uses ICMP (Internet Control Message Protocol) echo packets with variable TTL (Time to Live) values. To guarantee accuracy, each hop is queried multiple times and the response time of each hop is calculated.
The Linux traceroute command works by manipulating the TTL. The purpose of TTL is to limit how long data will live in an IP network. Each packet of data that is sent out is assigned a TTL value. When a data packet reaches a hop on the way to the destination device, the TTL value is decreased by 1.
When a router decrements a packet’s hop count value to zero, it sends an ICMP “time exceeded” error message back to the source IP address in the packet, otherwise it forwards the packet onward.
A traceroute tool sends packets to a destination IP and with a TTL set to 1, so that the first router the packets reach will send back an error “time exceeded”. When the error returns, the traceroute tool records the first router’s identity and round-trip time, increments the TTL, and sends new packets, repeating this process until either the last packet reaches the destination IP or two sets of packets are dropped.
How to Use the traceroute Command on Linux
Let’s start with a simple example. Let’s execute the
traceroute command for the
traceroute to www.google.com (22.214.171.124), 30 hops max, 60 byte packets 1 126.96.36.199 (188.8.131.52) 0.210 ms 0.268 ms 0.214 ms 2 ae1.cr0-dal4.ip4.gtt.net (184.108.40.206) 0.311 ms 0.317 ms 0.354 ms 3 ae1.cr10-dal3.ip4.gtt.net (220.127.116.11) 1.260 ms 2.320 ms 2.304 ms 4 as15169.dal33.ip4.gtt.net (18.104.22.168) 3.595 ms 2.464 ms 1.365 ms 5 22.214.171.124 (126.96.36.199) 2.636 ms 188.8.131.52 (184.108.40.206) 1.501 ms 220.127.116.11 (18.104.22.168) 2.620 ms 6 22.214.171.124 (126.96.36.199) 1.480 ms 1.499 ms 188.8.131.52 (184.108.40.206) 1.473 ms 7 dfw25s44-in-f4.1e100.net (220.127.116.11) 1.425 ms 1.622 ms 1.587 ms
The first line gives us the following information:
- The destination (www.google.com) and its IP address (18.104.22.168).
- The number of hops
traceroutewill try before giving up (30 hops).
- The size of the UDP packets we’re sending (60 byte).
The rest of the output shows all the routers that our packets went through. In each of the lines, we can find information about the name and IP address of the host. The next three values represent the round-trip times for a given router.
In our case, to connect to www.google.com, the request needs to go through seven different routers. In the output, we can see that the last one (22.214.171.124) is the destination host for the www.google.com domain.
Hiding Device Names
As we’ve seen, sometimes including device names leads to a cluttered display. To make it easier to see the data, you can use traceroute command in Linux with the
traceroute -n www.google.com
traceroute to www.google.com (126.96.36.199), 30 hops max, 60 byte packets 1 188.8.131.52 0.142 ms 0.224 ms 0.207 ms 2 184.108.40.206 0.306 ms 0.303 ms 0.323 ms 3 220.127.116.11 11.812 ms 11.784 ms 11.771 ms 4 18.104.22.168 6.516 ms 1.851 ms 4.416 ms 5 22.214.171.124 2.944 ms 126.96.36.199 2.009 ms 188.8.131.52 2.920 ms 6 184.108.40.206 1.928 ms 1.928 ms 1.933 ms 7 220.127.116.11 1.937 ms 1.922 ms 1.926 ms
By adding an extra
-m parameter we can specify the maximum number of hops
traceroute will probe:
traceroute -m 3 www.google.com
traceroute to www.google.com (18.104.22.168), 3 hops max, 60 byte packets 1 22.214.171.124 (126.96.36.199) 0.170 ms 0.187 ms 0.172 ms 2 ae1.cr0-dal4.ip4.gtt.net (188.8.131.52) 0.299 ms 0.300 ms 0.301 ms 3 ae1.cr10-dal3.ip4.gtt.net (184.108.40.206) 2.727 ms 2.753 ms 2.736 ms
Now, the output will consist only of the first three routers. The default value for the
-m parameter is 30. Therefore, make sure to increase it in cases where the number of hops can exceed 30.
Setting the Number of Probe Packets per Hop
traceroute sends three UDP packets to each hop. We can use the
-q option to adjust this up or down.
To speed up the
traceroute we type the following to reduce the number of UDP probe packets to one:
traceroute -q 1 www.google.com
traceroute to www.google.com (220.127.116.11), 30 hops max, 60 byte packets 1 18.104.22.168 (22.214.171.124) 0.160 ms 2 ae1.cr0-dal4.ip4.gtt.net (126.96.36.199) 0.272 ms 3 ae1.cr10-dal3.ip4.gtt.net (188.8.131.52) 2.190 ms 4 as15169.dal33.ip4.gtt.net (184.108.40.206) 1.853 ms 5 220.127.116.11 (18.104.22.168) 3.063 ms 6 22.214.171.124 (126.96.36.199) 1.993 ms 7 dfw25s44-in-f4.1e100.net (188.8.131.52) 1.952 ms
traceroute command is a great tool to investigate network routing, check connection speeds, or identify bottlenecks. It is available in all popular Linux distributions. When using this tool, you will often employ the methods described in this article.
For more about
traceroute command in Linux, consult its manual page.