logoCndocs
Network Testing

Traceroute Command in Linux

Introduction

The traceroute command is a powerful network diagnostic tool used to trace the path that packets take from your system to a destination host. It provides valuable insights into the network infrastructure between two points, showing each hop along the route and measuring the round-trip time for packets to reach each hop. This information is crucial for network administrators and users troubleshooting connectivity issues, analyzing network performance, or simply understanding the topology of the internet.

Unlike the simpler ping command which only tests if a destination is reachable, traceroute reveals the entire journey of packets through the network, making it an essential tool for comprehensive network diagnostics.

Traceroute Command Output Example

How Traceroute Works

Traceroute operates by sending packets with incrementally increasing Time-To-Live (TTL) values:

  1. It begins by sending a packet with a TTL of 1
  2. When this packet reaches the first router, the TTL is decremented to 0
  3. The router discards the packet and sends back an ICMP "Time Exceeded" message
  4. Traceroute records this router's address and the time taken
  5. The process repeats with TTL values of 2, 3, and so on until the destination is reached
  6. The final result is a list of all routers (hops) along the path to the destination

By default, traceroute sends UDP packets on Linux (while Windows' tracert uses ICMP Echo requests). However, modern versions of traceroute can use different protocols based on the options specified.

Basic Syntax

The basic syntax of the traceroute command is:

traceroute [options] destination

Where:

  • options: Various flags that modify the behavior of the command
  • destination: The target host, which can be specified as a domain name or an IP address

Installation

Traceroute is not installed by default in many Linux distributions. To install it:

On Debian/Ubuntu-based systems:

sudo apt install traceroute

On Red Hat/CentOS/Fedora systems:

sudo yum install traceroute

or

sudo dnf install traceroute

Basic Usage

Simple Traceroute

To perform a basic traceroute to a destination:

traceroute google.com

This command traces the route to google.com, displaying each hop along the path with its IP address, hostname (if available), and round-trip times for packets.

Understanding the Output

A typical traceroute output looks like this:

traceroute to google.com (142.250.190.78), 30 hops max, 60 byte packets
 1  _gateway (192.168.1.1)  3.171 ms  3.142 ms  3.114 ms
 2  96.120.42.133 (96.120.42.133)  12.132 ms  12.104 ms  12.077 ms
 3  96.110.156.185 (96.110.156.185)  13.450 ms  13.422 ms  13.394 ms
 4  68.85.118.13 (68.85.118.13)  13.366 ms  13.339 ms  13.311 ms
 5  68.86.102.121 (68.86.102.121)  13.283 ms  13.256 ms  13.228 ms
 6  68.86.93.5 (68.86.93.5)  13.200 ms  13.173 ms  13.145 ms
 7  * * *
 8  142.251.60.219 (142.251.60.219)  13.089 ms  13.062 ms  13.034 ms
 9  142.250.190.78 (142.250.190.78)  13.006 ms  12.979 ms  12.951 ms

Each line represents a hop along the route:

  • The first column is the hop number
  • The second column shows the hostname and IP address of the router
  • The last three columns show the round-trip time for three separate probe packets

An asterisk (*) indicates that the probe timed out (no response was received within the timeout period).

Advanced Options

1. Using IPv4 or IPv6

To explicitly use IPv4:

traceroute -4 google.com

To use IPv6:

traceroute -6 google.com

2. Preventing Packet Fragmentation

The -F option prevents packet fragmentation:

traceroute -F google.com

This is useful when troubleshooting issues related to Maximum Transmission Unit (MTU) size.

3. Starting from a Specific TTL

To start tracing from a specific hop rather than the first one:

traceroute -f 5 google.com

This command starts tracing from the 5th hop, which is useful when you're only interested in the later parts of a route.

4. Routing Through a Specific Gateway

To route packets through a specific gateway:

traceroute -g 192.168.1.254 google.com

This forces packets to go through the specified gateway, which can be useful for testing specific routing paths.

5. Setting Maximum Hops

By default, traceroute limits the trace to 30 hops. To change this limit:

traceroute -m 15 google.com

This sets the maximum number of hops to 15.

6. Disabling Hostname Resolution

For faster results, you can disable the resolution of IP addresses to hostnames:

traceroute -n google.com

This displays only IP addresses, which can significantly speed up the traceroute process.

7. Specifying Destination Port

To use a specific destination port:

traceroute -p 80 google.com

This sends probes to port 80 instead of the default high-numbered ports.

8. Adjusting the Number of Probes

By default, traceroute sends three probes per hop. To change this:

traceroute -q 1 google.com

This sends only one probe per hop, making the trace faster but potentially less reliable.

9. Setting Packet Size

To change the size of the probe packets:

traceroute google.com 100

This sets the packet size to 100 bytes.

Practical Applications

1. Network Troubleshooting

Traceroute is invaluable for identifying where network problems occur:

traceroute problematic-site.com

If you see consistent timeouts or high latency at a specific hop, that router or the link to it might be experiencing issues.

2. Analyzing Network Performance

By examining the round-trip times between hops, you can identify performance bottlenecks:

traceroute -q 5 performance-critical-server.com

Using more probes per hop (5 in this example) provides more reliable latency measurements.

3. Understanding Network Topology

Traceroute helps visualize the network path between your system and a destination:

traceroute -n major-datacenter.com

This can reveal how traffic is routed through different ISPs and backbone networks.

4. Verifying Routing Changes

After network changes, traceroute can confirm that traffic is following the expected path:

traceroute -n new-gateway-server.com

5. Security Auditing

Security professionals use traceroute to understand potential attack paths and network exposure:

traceroute -n sensitive-server.internal

Interpreting Common Issues

1. Consistent Timeouts (*)

If you see asterisks for all probes at a particular hop:

7  * * *

This could indicate:

  • The router is configured not to respond to TTL-exceeded messages
  • A firewall is blocking the probes or responses
  • The router is experiencing issues

2. Increasing Latency

If you notice a sudden increase in latency between two hops:

5  router5.isp.net (10.10.10.5)  15.283 ms  15.256 ms  15.228 ms
6  router6.isp.net (10.10.10.6)  85.200 ms  85.173 ms  85.145 ms

This could indicate:

  • A geographical jump (e.g., crossing an ocean)
  • Network congestion
  • A lower-bandwidth link

3. Asymmetric Routes

Sometimes the return path differs from the outbound path, which can lead to confusing results. This is normal in modern networks.

4. Route Changes During Trace

If you see the route changing during a trace:

5  router5.isp.net (10.10.10.5)  15.283 ms
   router5-alt.isp.net (10.10.20.5)  16.256 ms
   router5.isp.net (10.10.10.5)  15.228 ms

This indicates load balancing or dynamic routing changes.

Alternatives to Traceroute

1. MTR (My Traceroute)

MTR combines the functionality of traceroute and ping, providing continuous statistics:

mtr google.com

2. Tracepath

Tracepath is similar to traceroute but doesn't require root privileges:

tracepath google.com

3. Paris Traceroute

Paris Traceroute is designed to handle load-balanced paths better than standard traceroute:

paris-traceroute google.com

Troubleshooting Traceroute Issues

1. Incomplete Traces

If traceroute doesn't reach the destination:

  • Try increasing the maximum hop count: traceroute -m 60 destination
  • Check if the destination is actually reachable: ping destination
  • Try using a different protocol: traceroute -I destination (uses ICMP instead of UDP)

2. Permission Issues

If you get "Operation not permitted" errors:

  • Run traceroute with sudo: sudo traceroute destination
  • Or use tracepath which doesn't require root privileges: tracepath destination

3. Slow Traces

If traceroute is taking too long:

  • Disable hostname resolution: traceroute -n destination
  • Reduce the number of probes per hop: traceroute -q 1 destination
  • Reduce the wait time: traceroute -w 2 destination

Command Options Reference

OptionDescription
-4Use IPv4 only
-6Use IPv6 only
-FDo not fragment packets
-f first_ttlStart from the specified TTL
-g gatewayRoute packets through the specified gateway
-IUse ICMP ECHO instead of UDP datagrams
-m max_ttlSet the maximum number of hops
-nDo not resolve IP addresses to hostnames
-p portUse the specified destination port
-q nqueriesSet the number of probes per hop
-TUse TCP SYN for probes
-w waittimeSet the time to wait for a response
--helpDisplay help information

Conclusion

The traceroute command is an essential tool for network diagnostics, providing valuable insights into the path that packets take across networks. By understanding how to use traceroute and interpret its output, network administrators and users can effectively troubleshoot connectivity issues, analyze network performance, and gain a deeper understanding of network topology.

While traceroute has some limitations, particularly with modern networks that may block or rate-limit ICMP or UDP traffic, it remains one of the most useful tools for network diagnostics. Combined with other networking tools like ping, mtr, and tcpdump, traceroute forms a comprehensive toolkit for network analysis and troubleshooting.

Test Your Knowledge

Take a quiz to reinforce what you've learned

Exam Preparation

Access short and long answer questions for written exams

Share this page
WhatsAppTwitter/X

ping

A comprehensive guide to testing network connectivity with the ping command

mtr

A comprehensive guide to combining ping and traceroute with the mtr command

On this page

Traceroute Command in Linux
Introduction
How Traceroute Works
Basic Syntax
Installation
Basic Usage
Simple Traceroute
Understanding the Output
Advanced Options
1. Using IPv4 or IPv6
2. Preventing Packet Fragmentation
3. Starting from a Specific TTL
4. Routing Through a Specific Gateway
5. Setting Maximum Hops
6. Disabling Hostname Resolution
7. Specifying Destination Port
8. Adjusting the Number of Probes
9. Setting Packet Size
Practical Applications
1. Network Troubleshooting
2. Analyzing Network Performance
3. Understanding Network Topology
4. Verifying Routing Changes
5. Security Auditing
Interpreting Common Issues
1. Consistent Timeouts (*)
2. Increasing Latency
3. Asymmetric Routes
4. Route Changes During Trace
Alternatives to Traceroute
1. MTR (My Traceroute)
2. Tracepath
3. Paris Traceroute
Troubleshooting Traceroute Issues
1. Incomplete Traces
2. Permission Issues
3. Slow Traces
Command Options Reference
Conclusion
Edit on Github