traceroute

Traceroute to a host

$ traceroute [example.com]

$ traceroute -n [example.com]

$ traceroute [[-w|--wait]] [0.5] [example.com]

$ traceroute [[-q|--queries]] [5] [example.com]

$ traceroute [example.com] [42]

$ traceroute --mtu [example.com]

$ traceroute [[-I|--icmp]] [example.com]

traceroute [OPTIONS] DESTINATION

DESTINATION
    The target hostname or IP address to trace.

-I, --icmp
    Use ICMP ECHO for probes (requires root privileges).

-T, --tcp
    Use TCP SYN for probes, to a specific port (requires root privileges).

-U, --udp
    Use UDP datagrams for probes (default method).

-n
    Do not resolve IP addresses to hostnames (numeric output).

-p PORT, --port=PORT
    Set destination port for UDP/TCP probes.

-m MAX_TTL, --max-hops=MAX_TTL
    Set the maximum number of hops (TTL) to probe.

-w TIMEOUT, --wait=TIMEOUT
    Set the time in seconds to wait for a response to a probe.

-q NPROBES, --queries=NPROBES
    Set the number of probes to send per hop.

-g GATEWAY, --gateway=GATEWAY
    Specify a loose source route gateway (for some networks).

-s SOURCE_IP, --source=SOURCE_IP
    Specify the source IP address.

-v, --verbose
    Print verbose output.

traceroute is a network diagnostic utility that displays the route (path) and measures transit delays of packets across an Internet Protocol (IP) network. It achieves this by sending packets with progressively increasing Time-To-Live (TTL) values. When a packet's TTL reaches zero, an intermediate router sends an ICMP "Time Exceeded" message back to the source.

By analyzing these ICMP responses, traceroute maps out the sequence of routers (hops) traversed by the packets from the source to the destination. It typically sends three probes per TTL level, providing Round-Trip Times (RTTs) for each hop, which helps in identifying network latency and potential bottlenecks. It supports various probe types, including UDP (default), ICMP echo, and TCP SYN, to bypass firewalls or test specific service paths.

Certain traceroute options (like ICMP or TCP SYN probes) require root privileges because they use raw sockets.
Firewalls often block ICMP messages or specific UDP/TCP ports, which can cause traceroute to display asterisks (*) for hops that are actually reachable.
Network address translation (NAT), load balancers, and asymmetric routing can cause traceroute output to be misleading or show seemingly incorrect paths.
ICMP rate limiting on routers can also lead to incomplete or delayed responses.

traceroute sends a series of packets to the destination, starting with a Time-To-Live (TTL) value of 1. Each router that forwards the packet decrements the TTL. When TTL reaches 0, the router discards the packet and sends an ICMP "Time Exceeded" message back to the source.

The next set of packets is sent with a TTL of 2, then 3, and so on. This process continues until the packets reach the destination, or the maximum TTL (max hops) is reached. For each hop, traceroute records the IP address of the router that sent the ICMP "Time Exceeded" message and the Round-Trip Time (RTT) for the probe to that router.

The output typically shows a numbered list of hops.
Each line represents a hop (a router or device on the path).
The first column is the hop number.
Subsequent columns show the RTT (in milliseconds) for each probe sent to that hop, along with the hostname (if resolved) and IP address of the responding device.
An asterisk (*) indicates that no response was received for a probe, which can be due to packet loss, firewall blocking, or the device not sending ICMP responses.
"!H" or "!N" indicates a host/network unreachable error, meaning the destination or network could not be reached beyond that point.

traceroute was originally written by Van Jacobson at Lawrence Berkeley National Laboratory (LBL) in 1987. It quickly became an indispensable tool for network administrators and users to diagnose connectivity issues and visualize network paths. Its fundamental principle of using Time-To-Live (TTL) values remains the core of its operation, though various implementations and probe types (UDP, ICMP, TCP) have been added over time to enhance its utility in diverse network environments.

ping(8), ip(8), netstat(8), ss(8), mtr(8), tracepath(8)