tcptraceroute

Trace the route to a host

$ tcptraceroute [host]

$ tcptraceroute [host] [destination_port] [packet_length]

$ tcptraceroute [host] -p [source_port] -s [source_address]

$ tcptraceroute [host] -f [first_ttl] -m [max_ttl]

$ tcptraceroute [host] -w [wait_time] -q [number_of_queries]

$ tcptraceroute [host] -i [interface]

tcptraceroute [options] hostname [port]

hostname
    The target hostname or IP address to trace the route to.

[port]
    Optional: The TCP destination port to use for probe packets. If not specified, the command typically defaults to a common port like 80 (HTTP) or 443 (HTTPS).

-p port
    Explicitly specifies the TCP destination port for probes. This overrides the positional port argument if both are given.

-f first_ttl
    Sets the initial Time-To-Live (TTL) value for the first outgoing probe packet. This allows you to start tracing from a specific hop number, skipping initial hops.

-m max_ttl
    Sets the maximum number of hops (maximum TTL) that tcptraceroute will probe. The default value is typically 30 hops.

-q num_probes
    Specifies the number of probe packets to send for each Time-To-Live (TTL) setting at each hop. The default is usually 3 probes.

-w timeout
    Sets the time (in seconds) to wait for a response to a probe packet. If no response is received within this time, an asterisk (*) is displayed. Default is typically 3-5 seconds.

-s source_ip
    Specifies the source IP address to use for outgoing probe packets. Useful on systems with multiple network interfaces or IP addresses.

-i interface
    Specifies the network interface through which to send probe packets.

-n
    Do not attempt to resolve IP addresses to hostnames. This speeds up the tracing process by displaying only numerical IP addresses.

-v
    Enables verbose output, providing more detailed information about the tracing process, including sent and received packet details.

tcptraceroute is a command-line utility designed to trace the network path to a destination by sending TCP SYN packets. Unlike the traditional traceroute command which primarily uses UDP or ICMP probes, tcptraceroute's method is particularly effective for diagnosing connectivity issues in environments where firewalls might block UDP or ICMP traffic but permit TCP on specific ports (e.g., 80 for HTTP, 443 for HTTPS).

It operates by sending TCP SYN packets with an incrementally increasing Time-To-Live (TTL) value. Each intermediate router (hop) that receives a packet with a TTL of 1 decrements it to 0 and sends back an ICMP Time Exceeded message, revealing its IP address. When the probe reaches the destination host, it typically responds with a TCP SYN-ACK, indicating successful arrival. This functionality enables network administrators to pinpoint where network traffic is being blocked or misrouted, helping to identify bottlenecks, routing problems, or firewall restrictions affecting TCP-based services.

• Root Privileges: tcptraceroute typically requires root privileges or appropriate capabilities (e.g., CAP_NET_RAW) to create raw sockets for sending SYN packets and listening for ICMP Time Exceeded messages.
• Firewall Blocking: While designed to bypass firewalls, firewalls at intermediate hops or the destination can still block ICMP Time Exceeded messages or the final TCP SYN-ACK response, leading to incomplete traces or asterisk (*) entries.
• Rate Limiting: Some routers or network devices may implement rate limiting on ICMP messages, which can make the output appear unreliable or cause timeouts.
• Asymmetric Routing: The return path for packets might differ from the outbound path. tcptraceroute only reveals the forward path, which can be misleading if routing is asymmetric.
• Permission Denied: If you encounter 'Permission denied' errors, ensure you are running the command with sufficient privileges (e.g., using sudo).

To trace the path to example.com using TCP port 443 (HTTPS), sending only one probe per hop, and not resolving IP addresses to hostnames:
tcptraceroute -p 443 -q 1 -n example.com

To start tracing from the 5th hop and limit the total trace to 20 hops towards google.com:
tcptraceroute -f 5 -m 20 google.com

To specify a source IP address for the trace:
tcptraceroute -s 192.168.1.100 myremotehost.com

The standard traceroute utility, introduced in 1987, became a fundamental tool for network diagnostics. However, as network security evolved, firewalls increasingly blocked the UDP and ICMP packets that traceroute traditionally uses. This growing need for a diagnostic tool capable of traversing stricter firewall rules led to the development of utilities like tcptraceroute. While its specific historical timeline is less broadly documented than traceroute itself, tcptraceroute emerged as an essential alternative for network administrators and security professionals, leveraging standard TCP SYN packets on common ports (like HTTP/S) to bypass filters and provide a more accurate route assessment in contemporary filtered network environments.

traceroute(8), mtr(8), ping(8), netstat(8), nmap(1)