Linux Traceroute Command Examples

Leave a reply

In some cases, one wants to know the route the connection follows. Routes here refer to the IP addresses of all forwarding entities (eg, intermediate routers).

While there is no guarantee that all packets of a connection are routed the same, they are usually the same. This routing related information is very handy when debugging network related issues.

The traceroute utility prints out the complete route to a specific destination. In this article, we’ll discuss how traceroute works and see some practical examples.

How does Traceroute work?

Before we start with an example, let’s first understand the concept of how traceroute works.

The Traceroute utility uses the TTL field in the IP header for its operation. For those unfamiliar with the TTL field, this field describes how many hops a particular packet will take to travel across the network.

So this effectively outlines the life cycle of a packet on the network. This field is usually set to 32 or 64. Every time a packet is saved on an intermediate router, it decrements the TTL value by 1. When a router finds a TTL value of 1 in a received packet, the packet is not forwarded, but discarded.

After dropping the packet, the router sends a “timed out” ICMP error message back to the source of the packet. The ICMP packets sent back contain the IP address of the router.

So now it’s easy to understand that traceroute works by sending packets with a TTL value that starts at 1 and increments by 1 each time. Every time a router receives a packet, it checks the TTL field, and if the TTL field is 1, it drops the packet and sends an ICMP error packet containing its IP address, which is what traceroute requires. Therefore, traceroute gradually gets the IPs of all routers between the source and the destination.

You should also be aware of the IP header fields we discussed a while ago .

Traceroute example

1. How to run traceroute?

$ traceroute <server-name>

The server-name above is the target name or IP address. For example, traceroute is used to find the network path from my machine to google.com:

$ traceroute google.com
traceroute to google.com (74.125.236.132), 30 hops max, 60 byte packets
1  220.224.141.129 (220.224.141.129)  89.174 ms  89.094 ms  89.054 ms
2  115.255.239.65 (115.255.239.65)  109.037 ms  108.994 ms  108.963 ms
3  124.124.251.245 (124.124.251.245)  108.937 ms  121.322 ms  121.300 ms
4  * 115.255.239.45 (115.255.239.45)  113.754 ms  113.692 ms
5  72.14.212.118 (72.14.212.118)  123.585 ms  123.558 ms  123.527 ms
6  72.14.232.202 (72.14.232.202)  123.499 ms  123.475 ms  143.523 ms
7  216.239.48.179 (216.239.48.179)  143.503 ms  95.106 ms  95.026 ms
8  bom03s02-in-f4.1e100.net (74.125.236.132)  94.980 ms  104.989 ms  104.954 ms

Each line provides details of interaction with each router encountered. So we see that traceroute not only gives the IP address of the intermediate router, but also the three round-trip times for that particular router, because the traceroute command fires three packets for each router.

“*” field in output

Sometimes “*” may be encountered instead of a value in the output. This means that the required fields cannot be obtained. The reason could be anything from a failed reverse DNS lookup, to the packet not reaching the destination router, to the packet being lost on the way back. So we see that there could be many reasons, but for all these types of cases, the traceroute utility provides a * in the output.

2. Disable IP address and hostname mapping

Traceroute provides an option to disable the mapping of IP addresses to hostnames (traceroute attempts). The option to do this is ‘-n’. The following example illustrates this:

$ traceroute google.com -n
traceroute to google.com (173.194.36.7), 30 hops max, 60 byte packets
1  220.224.141.129  109.352 ms  109.280 ms  109.248 ms
2  115.255.239.65  131.633 ms  131.598 ms  131.573 ms
3  124.124.251.245  131.554 ms  131.529 ms  131.502 ms
4  115.255.239.45  131.478 ms  131.464 ms  199.741 ms
5  72.14.212.118  199.674 ms  199.637 ms  199.603 ms
6  209.85.241.52  199.578 ms  199.549 ms  209.838 ms
7  209.85.241.187  199.488 ms  177.264 ms  177.196 ms
8  173.194.36.7  177.159 ms  187.463 ms  187.434 ms

So we see that the hostname is not shown in the output.

3. Configure the response waiting time

You can also configure how long the traceroute utility waits after issuing a probe. This can be done with the “-w” option it provides. The -w option requires a value that the utility will wait as the response time. In this example, the wait time is 0.1 seconds, and the traceroute utility cannot wait for any response, it prints all *.

$ traceroute google.com -w 0.1
traceroute to google.com (74.125.236.101), 30 hops max, 60 byte packets
1  * * *
2  * * *
3  * * *
..
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

So we see that traceroute tries 30 attempts (max hop attempts) and then gives up because it didn’t receive an ICMP packet in 0.1 seconds.

4. Configure the number of queries per hop

As mentioned earlier, the traceroute utility sends 3 packets per hop to provide 3 round-trip times. This default value of 3 is configurable with option “-q”. This option requires an integer, which is set to the new value of probes per hop.

$ traceroute google.com -q 5
traceroute to google.com (173.194.36.46), 30 hops max, 60 byte packets
1  220.224.141.129 (220.224.141.129)  91.579 ms  91.497 ms  91.458 ms  91.422 ms  91.385 ms
2  115.255.239.65 (115.255.239.65)  91.356 ms  91.325 ms  98.868 ms  98.848 ms  98.829 ms
3  124.124.251.245 (124.124.251.245)  94.581 ms  107.083 ms  107.044 ms  107.017 ms  106.981 ms
4  115.255.239.45 (115.255.239.45)  106.948 ms  106.918 ms  144.432 ms  144.412 ms  144.392 ms
5  72.14.212.118 (72.14.212.118)  115.565 ms  115.485 ms  115.446 ms  115.408 ms  115.381 ms
6  72.14.232.202 (72.14.232.202)  115.351 ms  87.232 ms  117.157 ms  117.123 ms  117.049 ms
7  209.85.241.189 (209.85.241.189)  126.998 ms  126.973 ms  126.950 ms  126.929 ms  126.912 ms
8  bom04s02-in-f14.1e100.net (173.194.36.46)  126.889 ms  95.526 ms  95.450 ms  95.418 ms  105.392 ms

So we see that after configuring the number of probes to 5, the output starts showing 5 round trip times per hop.

5. Configure the starting TTL value

The Traceroute utility is flexible enough to accept the TTL value at which the user wants to start the utility. By default, it has a value of 1, which means it starts at the first router in the path, but using the “-f” option (expect a new value for TTL) can set a new value for the TTL field. For example, I tried normal traceroute operation and then traceroute with different TTL values.

$ traceroute google.com
traceroute to google.com (74.125.236.132), 30 hops max, 60 byte packets
1  220.224.141.129 (220.224.141.129)  89.181 ms  101.540 ms  101.503 ms
2  115.255.239.65 (115.255.239.65)  101.468 ms  101.431 ms  101.324 ms
3  124.124.251.245 (124.124.251.245)  121.373 ms  121.350 ms  158.694 ms
4  115.255.239.45 (115.255.239.45)  101.223 ms  141.135 ms  123.932 ms
5  72.14.212.118 (72.14.212.118)  123.867 ms  123.832 ms  123.802 ms
6  72.14.232.202 (72.14.232.202)  123.773 ms  123.742 ms  587.812 ms
7  216.239.48.179 (216.239.48.179)  587.723 ms  587.681 ms  587.642 ms
8  bom03s02-in-f4.1e100.net (74.125.236.132)  577.548 ms  577.524 ms  587.512 ms

$ traceroute google.com -f 8
traceroute to google.com (74.125.236.129), 30 hops max, 60 byte packets
8  bom03s02-in-f1.1e100.net (74.125.236.129)  96.961 ms  96.886 ms  96.849 ms

So we see that after using the -f option with a value of 8, only the last (8th) line of the previous output is displayed.

Read More:

Leave a Reply

Your email address will not be published. Required fields are marked *