1TRACEROUTE(8) Traceroute For Linux TRACEROUTE(8)
2
3
4
6 traceroute - print the route packets trace to network host
7
9 traceroute [-46dFITUnrAV] [-f first_ttl] [-g gate,...]
10 [-i device] [-m max_ttl] [-p port] [-s src_addr]
11 [-q nqueries] [-N squeries] [-t tos]
12 [-l flow_label] [-w waittime] [-z sendwait]
13 [-UL] [-P proto] [--sport=port] [-M method] [-O mod_options]
14 host [packetlen]
15 traceroute6 [options]
16 tracert [options]
17 tcptraceroute [options]
18
20 traceroute tracks the route packets taken from an IP network on their
21 way to a given host. It utilizes the IP protocol's time to live (TTL)
22 field and attempts to elicit an ICMP TIME_EXCEEDED response from each
23 gateway along the path to the host.
24
25 traceroute6 is equivalent to traceroute -6
26 tracert is equivalent to traceroute -I
27 tcptraceroute is equivalent to traceroute -T
28
29 The only required parameter is the name or IP address of the destina‐
30 tion host . This parameter can be followed by the size of the probing
31 packet sent to that host (40 by default). Varying the size of the
32 packet in conjunction with the -F parameter can be used to obtain
33 information about the MTU of individual network hops. (The size parame‐
34 ter is useless for TCP probes).
35
36 This program attempts to trace the route an IP packet would follow to
37 some internet host by launching probe packets with a small ttl (time to
38 live) then listening for an ICMP "time exceeded" reply from a gateway.
39 We start our probes with a ttl of one and increase by one until we get
40 an ICMP "port unreachable" (or TCP reset), which means we got to the
41 "host", or hit a max (which defaults to 30 hops). Three probes (by
42 default) are sent at each ttl setting and a line is printed showing the
43 ttl, address of the gateway and round trip time of each probe. If the
44 probe answers come from different gateways, the address of each
45 responding system will be printed. If there is no response within a
46 5.0 seconds (default), an "*" is printed for that probe.
47
48 After the trip time, some additional annotation can be printed: !H, !N,
49 or !P (host, network or protocol unreachable), !S (source route
50 failed), !F (fragmentation needed), !X (communication administratively
51 prohibited), !V (host precedence violation), !C (precedence cutoff in
52 effect), or !<num> (ICMP unreachable code <num>). If almost all the
53 probes result in some kind of unreachable, traceroute will give up and
54 exit.
55
56 We don't want the destination host to process the UDP probe packets, so
57 the destination port is set to an unlikely value (you can change it
58 with the -p flag). There is no such a problem for ICMP or TCP tracer‐
59 outing (for TCP we use half-open technique, which prevents our probes
60 to be seen by applications on the destination host).
61
62 In the modern network environment the traditional traceroute methods
63 can not be always applicable, because of widespread use of firewalls.
64 Such firewalls filter the "unlikely" UDP ports, or even ICMP echoes.
65 To solve this, some additional tracerouting methods are implemented
66 (including tcp), see LIST OF AVAILABLE METHODS below. Such methods try
67 to use particular protocol and source/destination port, in order to
68 bypass firewalls (to be seen by firewalls just as a start of allowed
69 type of a network session).
70
72 --help Print help info and exit.
73
74 -4, -6 Explicitly force IPv4 or IPv6 traceouting. By default, the pro‐
75 gram will try to resolve the name given, and choose the appro‐
76 priate protocol automatically. If resolving a host name returns
77 both IPv4 and IPv6 addresses, traceroute will use IPv4.
78
79 -I Use ICMP ECHO for probes
80
81 -T Use TCP SYN for probes
82
83 -d Enable socket level debugging (when the Linux kernel supports
84 it)
85
86 -F Set the "Don't Fragment" bit. This tells intermediate routers
87 not to fragment the packet when they find it's too big for a
88 network hop's MTU.
89
90 -f first_ttl
91 Specifies with what TTL to start. Defaults to 1.
92
93 -g gateway
94 Tells traceroute to add an IP source routing option to the out‐
95 going packet that tells the network to route the packet through
96 the specified gateway. Not very useful, because most routers
97 have disabled source routing for security reasons.
98
99 -i interface
100 Specifies the interface through which traceroute should send
101 packets. By default, the interface is selected according to the
102 routing table.
103
104 -m max_ttl
105 Specifies the maximum number of hops (max time-to-live value)
106 traceroute will probe. The default is 30.
107
108 -N squeries
109 Specifies the number of probe packets sent out simultaneously.
110 Sending several probes concurrently can speed up traceroute con‐
111 siderably. The default value is 16.
112 Note that some routers and hosts can use ICMP rate throttling.
113 In such a situation specifying too large number can lead to loss
114 of some responses.
115
116 -n Do not try to map IP addresses to host names when displaying
117 them.
118
119 -p port
120 For UDP tracing, specifies the destination port base traceroute
121 will use (the destination port number will be incremented by
122 each probe).
123 For ICMP tracing, specifies the initial icmp sequence value
124 (incremented by each probe too).
125 For TCP specifies just the (constant) destination port to con‐
126 nect.
127
128 -t tos For IPv4, set the Type of Service (TOS) and Precedence value.
129 Useful values are 16 (low delay) and 8 (high throughput). Note
130 that in order to use some TOS precendence values, you have to be
131 super user.
132 For IPv6, set the Traffic Control value.
133
134 -w waittime
135 Set the time (in seconds) to wait for a response to a probe
136 (default 5.0 sec).
137
138 -q nqueries
139 Sets the number of probe packets per hop. The default is 3.
140
141 -r Bypass the normal routing tables and send directly to a host on
142 an attached network. If the host is not on a directly-attached
143 network, an error is returned. This option can be used to ping
144 a local host through an interface that has no route through it.
145
146 -s source_addr
147 Chooses an alternative source address. Note that you must select
148 the address of one of the interfaces. By default, the address
149 of the outgoing interface is used.
150
151 -z sendwait
152 Minimal time interval between probes (default 0). If the value
153 is more than 10, then it specifies a number in milliseconds,
154 else it is a number of seconds (float point values allowed too).
155 Useful when some routers use rate-limit for icmp messages.
156
157 -A Perform AS path lookups in routing registries and print results
158 directly after the corresponding addresses.
159
160 -V Print the version and exit.
161
162 There is a couple of additional options, intended for an advanced usage
163 (another trace methods etc.):
164
165 --sport=port
166 Chooses the source port to use. Implies -N 1. Normally source
167 ports (if applicable) are chosen by the system.
168
169 -M method
170 Use specified method for traceroute operations. Default tradi‐
171 tional udp method has name default, icmp (-I) and tcp (-T) have
172 names icmp and tcp respectively.
173 Method-specific options can be passed by -O . Most methods have
174 their simple shortcuts, (-I means -M icmp, etc).
175
176 -O option
177 Specifies some method-specific option. Several options are sepa‐
178 rated by comma (or use several -O on cmdline). Each method may
179 have its own specific options, or many not have them at all. To
180 print information about available options, use -O help.
181
182 -U Use UDP to particular destination port for tracerouting (instead
183 of increasing the port per each probe). Default port is 53
184 (dns).
185
186 -UL Use UDPLITE for tracerouting (default port is 53).
187
188 -P protocol
189 Use raw packet of specified protocol for tracerouting. Default
190 protocol is 253 (rfc3692).
191
193 In general, a particular traceroute method may have to be chosen by
194 -M name, but most of the methods have their simple cmdline switches
195 (you can see them after the method name, if present).
196
197 default
198 The traditional, ancient method of tracerouting. Used by default.
199
200 Probe packets are udp datagrams with so-called "unlikely" destination
201 ports. The "unlikely" port of the first probe is 33434, then for each
202 next probe it is incremented by one. Since the ports are expected to be
203 unused, the destination host normally returns "icmp unreach port" as a
204 final response. (Nobody knows what happens when some application lis‐
205 tens for such ports, though).
206
207 This method is allowed for unprivileged users.
208
209 icmp -I
210 Most usual method for now, which uses icmp echo packets for probes.
211 If you can ping(8) the destination host, icmp tracerouting is applica‐
212 ble as well.
213
214 tcp -T
215 Well-known modern method, intended to bypass firewalls.
216 Uses the constant destination port (default is 80, http).
217
218 If some filters are present in the network path, then most probably any
219 "unlikely" udp ports (as for default method) or even icmp echoes (as
220 for icmp) are filtered, and whole tracerouting will just stop at such a
221 firewall. To bypass a network filter, we have to use only allowed pro‐
222 tocol/port combinations. If we trace for some, say, mailserver, then
223 more likely -T -p 25 can reach it, even when -I can not.
224
225 This method uses well-known "half-open technique", which prevents
226 applications on the destination host from seeing our probes at all.
227 Normally, a tcp syn is sent. For non-listened ports we receive tcp
228 reset, and all is done. For active listening ports we receive tcp
229 syn+ack, but answer by tcp reset (instead of expected tcp ack), this
230 way the remote tcp session is dropped even without the application ever
231 taking notice.
232
233 There is a couple of options for tcp method:
234
235 syn,ack,fin,rst,psh,urg,ece,cwr
236 Sets specified tcp flags for probe packet, in any combination.
237
238 flags=num
239 Sets the flags field in the tcp header exactly to num.
240
241 ecn Send syn packet with tcp flags ECE and CWR (for Explicit Conges‐
242 tion Notification, rfc3168)
243
244 sack,timestamps,window_scaling
245 Use the corresponding tcp header option in the outgoing probe
246 packet.
247
248 sysctl Use current sysctl (/proc/sys/net/*) setting for the tcp header
249 options above and ecn. Always set by default, if nothing else
250 specified.
251
252 mss=num
253 Use value of num for maxseg tcp header option (when syn).
254
255 Default options is syn,sysctl.
256
257 tcpconn
258 An initial implementation of tcp method, simple using connect(2) call,
259 which does full tcp session opening. Not recommended for normal use,
260 because a destination application is always affected (and can be con‐
261 fused).
262
263 udp -U
264 Use udp datagram with constant destination port (default 53, dns).
265 Intended to bypass firewall as well.
266
267 Note, that unlike in tcp method, the correspond application on the des‐
268 tination host always receive our probes (with random data), and most
269 can easily be confused by them. Most cases it will not respond to our
270 packets though, so we will never see the final hop in the trace. (For‐
271 tunately, it seems that at least dns servers replies with something
272 angry).
273
274 This method is allowed for unprivileged users.
275
276 udplite -UL
277 Use udplite datagram for probes (with constant destination port,
278 default 53).
279
280 This method is allowed for unprivileged users.
281 Options:
282
283 coverage=num
284 Set udplite send coverage to num.
285
286 raw -P proto
287 Send raw packet of protocol proto.
288 No protocol-specific headers are used, just IP header only.
289 Implies -N 1.
290 Options:
291
292 protocol=proto
293 Use IP protocol proto (default 253).
294
296 To speed up work, normally several probes are sent simultaneously. On
297 the other hand, it creates a "storm of packages", especially in the
298 reply direction. Routers can throttle the rate of icmp responses, and
299 some of replies can be lost. To avoid this, decrease the number of
300 simultaneous probes, or even set it to 1 (like in initial traceroute
301 implementation), i.e. -N 1
302
303 The final (target) host can drop some of the simultaneous probes, and
304 might even answer only the latest ones. It can lead to extra "looks
305 like expired" hops near the final hop. We use a smart algorithm to
306 auto-detect such a situation, but if it cannot help in your case, just
307 use -N 1 too.
308
309 For even greater stability you can slow down the program's work by -z
310 option, for example use -z 0.5 for half-second pause between probes.
311
312 If some hops report nothing for every method, the last chance to obtain
313 something is to use ping -R command (IPv4, and for nearest 8 hops
314 only).
315
317 ping(8), ping6(8), tracepath(8), netstat(8)
318
319
320
321Traceroute 11 October 2006 TRACEROUTE(8)