Display the route packets take
traceroute [-46dFITUnrAV] [-f first_TTL] [-m max_TTL] [-q nqueries]
[-i device] [-p port] [-s src_addr]
[-N squeries] [-t tos]
[-l flow_label] [-w waittime] [-z sendwait]
traceroute6 is the same as
tracert is the same as
traceroute -I (ICMP ECHO only root)
tcptraceroute is the same as
traceroute -T -p 80
Uses IP protocol's time-to-live (
|maximum hops. Default 30.
|Number of packets sent out simultaneously (i.e. without waiting for a response)
reducing the time to complete the trace. Default: 15.|
Some routers and hosts use ICMP rate throttling, specifying too large number can lead to loss of responses.
|sleep time between probes (default 0).|
more than 10: milliseconds
less than 10: number of seconds (fractional values allowed ).
-z 8 causes traceroute to go CPU bound 3/22/11 version 2.0.1, Feb 26 2009
Useful when some routers use rate-limit for icmp messages.
| seconds to wait for a response (default 5.0 ).
| number of packets per hop. default 3.
| no hostnames lookup, i.e. DNS will not be queried (usually faster).
|For IPv4, Type of Service (|
TOS) and Precedence value.
Useful values 16 (low delay) and 8 (high throughput).
Requires super user.
For IPv6, set the Traffic Control value.
| Routing tables are bypassed, packets are sent directly to a host on an attached network. |
If the host is not on a directly-attached network, an error is returned.
Used to ping a local host through an interface that has no route through it.
|Chooses a specific source address.
| For UDP, destination port (incremented for each probe).|
For ICMP, initial icmp sequence value (incremented by each probe ).
For TCP, (constant) destination port to connect.
| Use |
UDP datagrams (default)
| Use |
ICMP ECHO (requires root)
| Use |
TCP SYN (requires root)
|debugging at socket level is Enabled
| "Don't Fragment" bit is set the packets
|add IP source routing option to the outgoing packet
to route the packet through the specified gateway. |
Most routers disable source routing.
|used to send packets. Default: according to the routing table.
| By default resolve the name and choose the appropriate protocol.|
If host returns both IPv4 and IPv6 addresses, use IPv4.
|Perform AS path lookups in routing registries and display results directly after the addresses
| and exit.
TTL) option in attempts to elicit an
ICMP† TIME_EXCEEDED response from each gateway along the path to the host, thus identifying them.
TTL is expressed in transfers from each host or gateway aka hops (has nothing to do with time).
Routes are dynamic and 2 packets sent even within milliseconds may not take the same path due to congestion or balancing or performance considerations or router outage.
Starts by sending packets with a
TTL of 1 and increments by 1 until "Port Unreachable" (or TCP reset), which means
host was reached, or max hops. Three packets are sent at each
TTL and a display showing the
ttl, address of the gateway and round trip time of each packet is output.
If the answers come from different gateways, the address of each will be displayed.
If there is no response within a timeout, a "
*" is displayed.
Varying the size of the packet sent to that host (default 40),
in conjunction with
-F (don't fragment) can obtain information about the MTU of individual network hops. (size not used with TCP ).
Error flags: IETF RFC1812
If almost all the packets result in some kind of unreachable error, traceroute exits.
! TTL <=1
!N (network), or
!P protocol unreachable
!S source route failed
!U Destination network unknown
!W host unknown
!I source host is isolated
!A communication with destination is network administratively prohibited
!Z communication with destination is host administratively prohibited
!Q for this ToS the destination network is unreachable
!T for this ToS the destination host is unreachable
!F fragmentation needed ( - the RFC1191 Path MTU Discovery value is displayed)
!X communication administratively prohibited
!V host precedence violation
!C precedence cutoff in effect
!nnn ICMP unreachable code as in RFC1812
ping, tracepath, netstat.
trace path to a network host discovering MTU along this path
tracepath [-nc] destination[/port]
Uses UDP port or random port, similar to traceroute,
-c use the return address instead of the reply type (
connection refused) to determine when to stop.
-n No DNS resolving names
Tracepath6 is good replacement for traceroute6
Some IP routers do not return enough information in icmp error messages.
Uses Van Jacobson's algorithm, sweeping a range of UDP ports to maintain trace history.
# tracepath6 3ffe:2400:0:109::2
1?: [LOCALHOST] pmtu 1500
1: dust.inr.ac.ru 0.411ms
2: dust.inr.ac.ru asymm 1 0.390ms pmtu 1480
2: 3ffe:2400:0:109::2 463.514ms reached
Resume: pmtu 1480 hops 2 back 2
- TTL of the probe, followed by colon. Usually obtained from reply , sometimes
reply does not contain necessary information
- network hop which replied either the address of router or
LOCALHOST (if the packet was not sent to the gateway).
- information about path to the correspinding hetwork hop. RTT. MTU, when it changes.
If the path is asymmetric or the packet expires before it reaches destination,
difference between number of hops in forward and backward direction is shown following keyword
Hop 2 shows asymmetry of 1, because the first probe with TTL of 2 was rejected at the first hop due to Path MTU Discovery.
Resume) shows detected Path MTU, hops to the destination and hops from the destination back, which can be different when the path is asymmetric.
traceroute [-dFISdnrvx] [-f first_ttl]
Display the route packets took to host
[-m max_ttl] [-P proto] [-p port] [-q nqueries]
[-z pausemsecs] host
Tracking the route packets follow (or
Finding the miscreant gateway discarding packets can be difficult.
Utilizes the IP protocol
time to live field and attempts to elicit an
response from each gateway along the path to a host.
Default packet size of 40 bytes may be increased by specifying size after the destination.
-f first_ttl Set the initial time-to-live used in the first outgoing probe packet.
-F Set the "dont fragment" bit.
-d Enable socket level debugging.
-g gateway loose source route gateway (8 maximum).
-i iface a network interface to obtain the source IP address for
outgoing probe packets. Useful on a multihomed host (i.e. one with multilple lines to ISPs. (
-s for another way to do this.)
-I Use ICMP ECHO instead of UDP datagrams. (A synonym for "-P icmp").
-M first_ttl initial time-to-live, default 1, i.e., start with the first hop.
-m max_ttl max number of hops, default is
net.inet.ip.ttl hops (the same default used for TCP connections).
-n display gateway addresses numerically
-P proto Send packets of specified IP protocol:
UDP , TCP , GRE and ICMP Other protocols may also
be specified (either by name or by number), though traceroute
does not implement any special knowledge of their packet formats.
This option is useful for determining which router along a path
may be blocking packets based on protocol number.
For UDP and TCP, sets the base port number used in probes (default is 33434). Traceroute hopes that nothing
is listening on UDP ports base to base+nhops-1 at the destination
host (so an ICMP PORT_UNREACHABLE message will be returned to
terminate the route tracing). If something is listening on a
port in the default range, this option can be used to pick am different port range.
Set the number of probes per
to nqueries (default 3.
-r Bypass the normal routing tables and send directly to a host on
an attached network. If the host is not on a directly-attached
network, an error is returned.
This option can be used to ping a
local host through an interface that has no route through it
(e.g., after the interface was dropped by
Use the following IP address (which must be given as an IP num ber, not a hostname) as the source address in outgoing probe
packets. On hosts with more than one IP address, this option can
be used to force the source address to be something other than
the IP address of the interface the probe packet is sent on. If
the IP address is not one of this machines interface addresses,
an error is returned and nothing is sent. (See
another way to do this.)
-S display a summary of how many probes were not answered for each hop.
-ttype-of-service a decimal integer in the range 0 to 255 used to see if different types-of-service result in different paths.
16 (low delay)
8 (high throughput).
-v Verbose, Received packets other than TIME_EXCEEDED and UNREACHABLEs are listed.
-w seconds wait for a response to a probe (default 5 .).
-x Toggle IP checksums calculation. Normally prevents calculation.
The system can overwrite parts of the outgoing packet but not recalculate the
-x causes them to be calculated).
checksums are usually required for the last hop when using ICMP ECHO
-I ). So they are always calculated when using ICMP.
-z pausemsecs between probes (default 0). use 500 (e.g. 1/2 second).
It is important to understand that the list of hops displayed is only one of the possible paths that packets may take.
Routers (dedicated or on general purpose hosts) frequently have more than 2 interfaces. Packets received on one interface may be routed to the second interface or the traffic may better suits routing to the third interface. It would not be unusual for all packets to use the same route during a short
time period. It would not be unusual for packets at a later time to use a different route.
traceroute sends UDP probe packets with a small ttl (time
to live) then listens for the ICMP "time exceeded"†
reply from a gateway.
Default settings start with a ttl of 1 and increase by 1 until ICMP "port unreachable" is received (i.e target host replied or hit a max)
(defaults to net.inet.ip.ttl hops & can be changed with
3 probes (changed with
-q ) are sent at each ttl setting
and a report line is displayed showing the
ttl, address of the gateway and round
trip time of each probe. If the replies come from different gateways, the address of each responding system will be printed.
If no response is receivedwithin the timeout interval (
-w ), a * is printed for that probe.
To prevent the host to process the UDP probe packets so
the destination port is set to an unlikely value with
A sample use and output might be:
[yak 71]% traceroute nis.nsf.net.
traceroute to nis.nsf.net (22.214.171.124), 64 hops max, 38 byte packet
1 helios.ee.lbl.gov (126.96.36.199) 19 ms 19 ms 0 ms
2 lilac-dmc.Berkeley.EDU (188.8.131.52) 39 ms 39 ms 19 ms
3 ccngw-ner-cc.Berkeley.EDU (184.108.40.206) 39 ms 40 ms 39 ms
4 ccn-nerif22.Berkeley.EDU (220.127.116.11) 39 ms 39 ms 39 ms
5 18.104.22.168 (22.214.171.124) 40 ms 59 ms 59 ms
6 126.96.36.199 (188.8.131.52) 59 ms 59 ms 59 ms
7 184.108.40.206 (220.127.116.11) 99 ms 99 ms 80 ms
8 18.104.22.168 (22.214.171.124) 139 ms 239 ms 319 ms
9 126.96.36.199 (188.8.131.52) 220 ms 199 ms 199 ms
10 nic.merit.edu (184.108.40.206) 239 ms 239 ms 239 ms
gateways at 12, 14, 15, 16 & 17 hops away, either don't send
ICMP "time exceeded" messages or send them with a ttl too small to get back to the traceroute server
[yak 72]% traceroute allspice.lcs.mit.edu.
traceroute to allspice.lcs.mit.edu (220.127.116.11), 64 hops max
1 helios.ee.lbl.gov (18.104.22.168) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (22.214.171.124) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (126.96.36.199) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (188.8.131.52) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (184.108.40.206) 20 ms 39 ms 39 ms
6 220.127.116.11 (18.104.22.168) 59 ms 119 ms 39 ms
7 22.214.171.124 (126.96.36.199) 59 ms 59 ms 39 ms
8 188.8.131.52 (184.108.40.206) 80 ms 79 ms 99 ms
9 220.127.116.11 (18.104.22.168) 139 ms 139 ms 159 ms
10 22.214.171.124 (126.96.36.199) 199 ms 180 ms 300 ms
11 188.8.131.52 (184.108.40.206) 300 ms 239 ms 239 ms
12 * * *
13 220.127.116.11 (18.104.22.168) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (22.214.171.124) 339 ms 279 ms 279 ms
gateway 12 is silent which .
There are 12 "gateways" (13 is the final destination) and
exactly the last half of them are "missing".
1 helios.ee.lbl.gov (126.96.36.199) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (188.8.131.52) 39 ms 19 ms 39 ms
3 lilac-dmc.Berkeley.EDU (184.108.40.206) 19 ms 39 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (220.127.116.11) 39 ms 40 ms 19 ms
5 ccn-nerif35.Berkeley.EDU (18.104.22.168) 39 ms 39 ms 39 ms
6 csgw.Berkeley.EDU (22.214.171.124) 39 ms 59 ms 39 ms
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 rip.Berkeley.EDU (126.96.36.199) 59 ms ! 39 ms ! 39 ms !
What could be happening is
that rip is using the ttl from our arriving datagram as the ttl in its ICMP reply.
The reply will time out on the return path (with no notice sent to anyone since ICMP's aren't sent
for ICMP's) until we probe with a ttl that's at least twice the path
length. I.e., rip is really only 7 hops away. A reply that returns with
a ttl of 1 is a clue this problem exists.
traceroute displays a ! after the time if the ttl is <= 1.
Use in network testing, measurement and management, manual fault isolation. Some options could impose excessive load on the network
CloudMonitor.ca.com(checks from different locations!!)
When using protocols other than UDP, functionality is reduced. In particular, the last packet will often appear to be lost, because even
though it reaches the destination host, theres no way to know that
because no ICMP message is sent back. In the TCP case, traceroute should
listen for a RST from the destination host (or an intermediate router
thats filtering packets), but this is not implemented yet.