1TRACEROUTE(8)                Traceroute For Linux                TRACEROUTE(8)
2
3
4

NAME

6       traceroute - print the route packets trace to network host
7

SYNOPSIS

9       traceroute [-46dFITUnrAV] [-f first_ttl] [-g gate,...]
10               [-i device] [-m max_ttl] [-p port] [-s src_addr]
11               [-q nqueries] [-N squeries] [-t tos]
12               [-l flow_label] [-w waittime] [-z sendwait]
13               [-UL] [-P proto] [--sport=port] [-M method] [-O mod_options]
14               host [packetlen]
15       traceroute6  [options]
16       tracert  [options]
17       tcptraceroute  [options]
18

DESCRIPTION

20       traceroute  tracks  the route packets taken from an IP network on their
21       way to a given host. It utilizes the IP protocol's time to  live  (TTL)
22       field  and  attempts to elicit an ICMP TIME_EXCEEDED response from each
23       gateway along the path to the host.
24
25       traceroute6 is equivalent to traceroute -6
26       tracert is equivalent to traceroute -I
27       tcptraceroute is equivalent to traceroute -T
28
29       The only required parameter is the name or IP address of  the  destina‐
30       tion  host .  This parameter can be followed by the size of the probing
31       packet sent to that host (40 by  default).  Varying  the  size  of  the
32       packet  in  conjunction  with  the  -F  parameter can be used to obtain
33       information about the MTU of individual network hops. (The size parame‐
34       ter is useless for TCP probes).
35
36       This  program  attempts to trace the route an IP packet would follow to
37       some internet host by launching probe packets with a small ttl (time to
38       live)  then listening for an ICMP "time exceeded" reply from a gateway.
39       We start our probes with a ttl of one and increase by one until we  get
40       an  ICMP  "port  unreachable" (or TCP reset), which means we got to the
41       "host", or hit a max (which defaults to  30  hops).  Three  probes  (by
42       default) are sent at each ttl setting and a line is printed showing the
43       ttl, address of the gateway and round trip time of each probe.  If  the
44       probe  answers  come  from  different  gateways,  the  address  of each
45       responding system will be printed.  If there is no  response  within  a
46       5.0 seconds (default), an "*" is printed for that probe.
47
48       After the trip time, some additional annotation can be printed: !H, !N,
49       or !P  (host,  network  or  protocol  unreachable),  !S  (source  route
50       failed),  !F (fragmentation needed), !X (communication administratively
51       prohibited), !V (host precedence violation), !C (precedence  cutoff  in
52       effect),  or  !<num>  (ICMP unreachable code <num>).  If almost all the
53       probes result in some kind of unreachable, traceroute will give up  and
54       exit.
55
56       We don't want the destination host to process the UDP probe packets, so
57       the destination port is set to an unlikely value  (you  can  change  it
58       with  the  -p flag). There is no such a problem for ICMP or TCP tracer‐
59       outing (for TCP we use half-open technique, which prevents  our  probes
60       to be seen by applications on the destination host).
61
62       In  the  modern  network environment the traditional traceroute methods
63       can not be always applicable, because of widespread use  of  firewalls.
64       Such  firewalls  filter  the "unlikely" UDP ports, or even ICMP echoes.
65       To solve this, some additional  tracerouting  methods  are  implemented
66       (including  tcp), see LIST OF AVAILABLE METHODS below. Such methods try
67       to use particular protocol and source/destination  port,  in  order  to
68       bypass  firewalls  (to  be seen by firewalls just as a start of allowed
69       type of a network session).
70

OPTIONS

72       --help Print help info and exit.
73
74       -4, -6 Explicitly force IPv4 or IPv6 traceouting. By default, the  pro‐
75              gram  will  try to resolve the name given, and choose the appro‐
76              priate protocol automatically. If resolving a host name  returns
77              both IPv4 and IPv6 addresses, traceroute will use IPv4.
78
79       -I     Use ICMP ECHO for probes
80
81       -T     Use TCP SYN for probes
82
83       -d     Enable  socket  level  debugging (when the Linux kernel supports
84              it)
85
86       -F     Set the "Don't Fragment" bit. This  tells  intermediate  routers
87              not  to  fragment  the  packet when they find it's too big for a
88              network hop's MTU.
89
90       -f first_ttl
91              Specifies with what TTL to start. Defaults to 1.
92
93       -g gateway
94              Tells traceroute to add an IP source routing option to the  out‐
95              going  packet that tells the network to route the packet through
96              the specified gateway.  Not very useful,  because  most  routers
97              have disabled source routing for security reasons.
98
99       -i interface
100              Specifies  the  interface  through  which traceroute should send
101              packets. By default, the interface is selected according to  the
102              routing table.
103
104       -m max_ttl
105              Specifies  the  maximum  number of hops (max time-to-live value)
106              traceroute will probe. The default is 30.
107
108       -N squeries
109              Specifies the number of probe packets sent  out  simultaneously.
110              Sending several probes concurrently can speed up traceroute con‐
111              siderably. The default value is 16.
112              Note that some routers and hosts can use ICMP  rate  throttling.
113              In such a situation specifying too large number can lead to loss
114              of some responses.
115
116       -n     Do not try to map IP addresses to  host  names  when  displaying
117              them.
118
119       -p port
120              For  UDP tracing, specifies the destination port base traceroute
121              will use (the destination port number  will  be  incremented  by
122              each probe).
123              For  ICMP  tracing,  specifies  the  initial icmp sequence value
124              (incremented by each probe too).
125              For TCP specifies just the (constant) destination port  to  con‐
126              nect.
127
128       -t tos For  IPv4,  set  the Type of Service (TOS) and Precedence value.
129              Useful values are 16 (low delay) and 8 (high  throughput).  Note
130              that in order to use some TOS precendence values, you have to be
131              super user.
132              For IPv6, set the Traffic Control value.
133
134       -w waittime
135              Set the time (in seconds) to wait for  a  response  to  a  probe
136              (default 5.0 sec).
137
138       -q nqueries
139              Sets the number of probe packets per hop. The default is 3.
140
141       -r     Bypass  the normal routing tables and send directly to a host on
142              an attached network.  If the host is not on a  directly-attached
143              network,  an error is returned.  This option can be used to ping
144              a local host through an interface that has no route through it.
145
146       -s source_addr
147              Chooses an alternative source address. Note that you must select
148              the  address  of one of the interfaces.  By default, the address
149              of the outgoing interface is used.
150
151       -z sendwait
152              Minimal time interval between probes (default 0).  If the  value
153              is  more  than  10,  then it specifies a number in milliseconds,
154              else it is a number of seconds (float point values allowed too).
155              Useful when some routers use rate-limit for icmp messages.
156
157       -A     Perform  AS path lookups in routing registries and print results
158              directly after the corresponding addresses.
159
160       -V     Print the version and exit.
161
162       There is a couple of additional options, intended for an advanced usage
163       (another trace methods etc.):
164
165       --sport=port
166              Chooses  the  source port to use. Implies -N 1.  Normally source
167              ports (if applicable) are chosen by the system.
168
169       -M method
170              Use specified method for traceroute operations.  Default  tradi‐
171              tional  udp method has name default, icmp (-I) and tcp (-T) have
172              names icmp and tcp respectively.
173              Method-specific options can be passed by -O .  Most methods have
174              their simple shortcuts, (-I means -M icmp, etc).
175
176       -O option
177              Specifies some method-specific option. Several options are sepa‐
178              rated by comma (or use several -O on cmdline).  Each method  may
179              have its own specific options, or many not have them at all.  To
180              print information about available options, use -O help.
181
182       -U     Use UDP to particular destination port for tracerouting (instead
183              of  increasing  the  port  per  each  probe). Default port is 53
184              (dns).
185
186       -UL    Use UDPLITE for tracerouting (default port is 53).
187
188       -P protocol
189              Use raw packet of specified protocol for  tracerouting.  Default
190              protocol is 253 (rfc3692).
191

LIST OF AVAILABLE METHODS

193       In  general,  a  particular  traceroute method may have to be chosen by
194       -M name, but most of the methods have  their  simple  cmdline  switches
195       (you can see them after the method name, if present).
196
197   default
198       The traditional, ancient method of tracerouting. Used by default.
199
200       Probe  packets  are udp datagrams with so-called "unlikely" destination
201       ports.  The "unlikely" port of the first probe is 33434, then for  each
202       next probe it is incremented by one. Since the ports are expected to be
203       unused, the destination host normally returns "icmp unreach port" as  a
204       final  response.  (Nobody knows what happens when some application lis‐
205       tens for such ports, though).
206
207       This method is allowed for unprivileged users.
208
209   icmp       -I
210       Most usual method for now, which uses icmp echo packets for probes.
211       If you can ping(8) the destination host, icmp tracerouting is  applica‐
212       ble as well.
213
214   tcp        -T
215       Well-known modern method, intended to bypass firewalls.
216       Uses the constant destination port (default is 80, http).
217
218       If some filters are present in the network path, then most probably any
219       "unlikely" udp ports (as for default method) or even  icmp  echoes  (as
220       for icmp) are filtered, and whole tracerouting will just stop at such a
221       firewall.  To bypass a network filter, we have to use only allowed pro‐
222       tocol/port  combinations.  If  we trace for some, say, mailserver, then
223       more likely -T -p 25 can reach it, even when -I can not.
224
225       This method  uses  well-known  "half-open  technique",  which  prevents
226       applications  on  the  destination  host from seeing our probes at all.
227       Normally, a tcp syn is sent. For  non-listened  ports  we  receive  tcp
228       reset,  and  all  is  done.  For  active listening ports we receive tcp
229       syn+ack, but answer by tcp reset (instead of expected  tcp  ack),  this
230       way the remote tcp session is dropped even without the application ever
231       taking notice.
232
233       There is a couple of options for tcp method:
234
235       syn,ack,fin,rst,psh,urg,ece,cwr
236              Sets specified tcp flags for probe packet, in any combination.
237
238       flags=num
239              Sets the flags field in the tcp header exactly to num.
240
241       ecn    Send syn packet with tcp flags ECE and CWR (for Explicit Conges‐
242              tion Notification, rfc3168)
243
244       sack,timestamps,window_scaling
245              Use  the  corresponding  tcp header option in the outgoing probe
246              packet.
247
248       sysctl Use current sysctl (/proc/sys/net/*) setting for the tcp  header
249              options  above  and ecn.  Always set by default, if nothing else
250              specified.
251
252       mss=num
253              Use value of num for maxseg tcp header option (when syn).
254
255       Default options is syn,sysctl.
256
257   tcpconn
258       An initial implementation of tcp method, simple using connect(2)  call,
259       which  does  full  tcp session opening. Not recommended for normal use,
260       because a destination application is always affected (and can  be  con‐
261       fused).
262
263   udp        -U
264       Use udp datagram with constant destination port (default 53, dns).
265       Intended to bypass firewall as well.
266
267       Note, that unlike in tcp method, the correspond application on the des‐
268       tination host always receive our probes (with random  data),  and  most
269       can  easily  be confused by them. Most cases it will not respond to our
270       packets though, so we will never see the final hop in the trace.  (For‐
271       tunately,  it  seems  that  at least dns servers replies with something
272       angry).
273
274       This method is allowed for unprivileged users.
275
276   udplite    -UL
277       Use udplite  datagram  for  probes  (with  constant  destination  port,
278       default 53).
279
280       This method is allowed for unprivileged users.
281       Options:
282
283       coverage=num
284              Set udplite send coverage to num.
285
286   raw        -P proto
287       Send raw packet of protocol proto.
288       No protocol-specific headers are used, just IP header only.
289       Implies -N 1.
290       Options:
291
292       protocol=proto
293              Use IP protocol proto (default 253).
294

NOTES

296       To  speed up work, normally several probes are sent simultaneously.  On
297       the other hand, it creates a "storm of  packages",  especially  in  the
298       reply  direction.  Routers can throttle the rate of icmp responses, and
299       some of replies can be lost. To avoid  this,  decrease  the  number  of
300       simultaneous  probes,  or  even set it to 1 (like in initial traceroute
301       implementation), i.e.  -N 1
302
303       The final (target) host can drop some of the simultaneous  probes,  and
304       might  even  answer  only  the latest ones. It can lead to extra "looks
305       like expired" hops near the final hop. We  use  a  smart  algorithm  to
306       auto-detect  such a situation, but if it cannot help in your case, just
307       use -N 1 too.
308
309       For even greater stability you can slow down the program's work  by  -z
310       option, for example use -z 0.5 for half-second pause between probes.
311
312       If some hops report nothing for every method, the last chance to obtain
313       something is to use ping -R command  (IPv4,  and  for  nearest  8  hops
314       only).
315

SEE ALSO

317       ping(8), ping6(8), tracepath(8), netstat(8)
318
319
320
321Traceroute                      11 October 2006                  TRACEROUTE(8)
Impressum