tcptraceroute

Trace the route to a host

$ tcptraceroute [host]

$ tcptraceroute [host] [destination_port] [packet_length]

$ tcptraceroute [host] -p [source_port] -s [source_address]

$ tcptraceroute [host] -f [first_ttl] -m [max_ttl]

$ tcptraceroute [host] -w [wait_time] -q [number_of_queries]

$ tcptraceroute [host] -i [interface]

tcptraceroute hostname [port]

hostname
    The hostname or IP address of the target destination.

port
    The destination port number (default is 80).

-n
    Do not resolve hostnames to IP addresses.

-i interface
    Specify the network interface to send packets from.

-m max_ttl
    Set the maximum Time To Live (TTL) value. Defaults to 30.

-q nqueries
    Set the number of probes per hop. Defaults to 1.

-w wait_time
    Set the timeout (in seconds) to wait for a response. Defaults to 3.

-v
    Verbose output. Shows TCP flags and other details.

-s source_ip
    Specify the source IP address to use.

tcptraceroute is a Linux command-line tool used to trace the TCP path to a specified host, effectively acting as a TCP-based traceroute. Unlike the standard traceroute which uses UDP or ICMP packets, tcptraceroute establishes a real TCP connection to the target host on a specified port, commonly port 80 (HTTP) or 443 (HTTPS).

This makes it more effective in environments where ICMP or UDP traffic might be blocked by firewalls or network filters, as TCP traffic on well-known ports is typically allowed. The command sends TCP SYN packets with increasing TTL (Time To Live) values. When a SYN packet reaches a hop and expires, an ICMP 'Time Exceeded' message is returned, revealing the intermediate router's address.

tcptraceroute is valuable for diagnosing network connectivity issues, identifying routing problems, and understanding the path that TCP traffic takes to reach a particular destination. It allows a user to identify hops that may be dropping packets, have high latency or be unreachable. It's particularly useful when troubleshooting web server accessibility problems or other TCP-based services.

tcptraceroute requires root privileges or the CAP_NET_RAW capability because it needs to create raw sockets. The target host or intermediary routers might block or rate-limit TCP SYN packets, leading to incomplete or inaccurate results.

Each line of tcptraceroute's output represents a hop in the path. The output includes the hop number, the IP address (and optionally the hostname), and the round-trip time (RTT) for each probe. An asterisk (*) indicates a timeout. Multiple asterisks often indicate a firewall blocking traffic or a router not responding to the probes. If the destination is reached, it will show TCP SYN/ACK.

Firewalls can significantly impact tcptraceroute's results. Some firewalls may drop SYN packets or respond with TCP RST packets, causing the traceroute to terminate prematurely. Others might filter ICMP 'Time Exceeded' messages, preventing the identification of intermediate hops. Understanding firewall behavior is crucial when interpreting tcptraceroute's output.

tcptraceroute has been developed to overcome the limitations of standard traceroute in scenarios where ICMP or UDP traffic is filtered. It allows for more reliable path discovery in environments where TCP connections are more likely to be allowed. The tool's design and implementation have evolved to provide more comprehensive and accurate TCP path tracing capabilities.

traceroute(8), ping(8), netstat(1), ss(1)