Introduction
Traceroute is a crucial tool in network diagnostics. Together with other Linux commands such as ping, ip, and netstat (or the newer alternative ss), Traceroute identifies the path packets take from source to destination. The tool is universally available for Linux, Windows, and macOS.
This article explains the traceroute
or tracert
command, how it works, and how to run and read a traceroute on Linux, Windows, and macOS.
Prerequisites
- Access to the command line/terminal.
- Network connection.
- A website or IP address to trace (optional, provided in examples).
What Is Traceroute?
traceroute
is a command used in network troubleshooting for mapping the path packets travel through the network. The tool aids in the discovery of possible routes of information from source to destination. Additionally, the command also helps calculate the transfer times between points.
When applied to network troubleshooting, traceroute
helps locate where traffic slows down between the source and destination.
How Does Traceroute Work?
The protocol sends ICMP (Internet Control Message Protocol) packets to every router transferring between the source and destination. When you run a traceroute, the output displays:
- The IP address of the router that successfully received the packet.
- The travel latency, or the amount of time it took to get a response for each of the three probes.
Traceroute acts as a series of ping commands. While ping requests a response from the destination, traceroute gathers the intermediate information as well.
To gather the information available between the source and destination, a traceroute lowers the packet’s TTL (time to live) to a minimum (1). When a router receives the information, it decrements the TTL value to 0, indicating it should send information back to the source. The source gathers the intermediate router information, resets the TTL value to 1, and increments it.
This way, the packet reaches the next router in the network. The iterative process repeats until the final package reaches the destination IP. Then, traceroute recognizes the destination IP and outputs all the intermediate information gathered.
The command sends out three probes by default for each TTL value and prints out the round-trip time for each packet.
How to Run a Traceroute?
Traceroute is available on most modern machines. The program is a command line tool with different options and syntax depending on the operating system.
By default, a traceroute is 30 hops for a packet size of 60 bytes for IPv4 and 80 bytes for IPv6.
Note: Learn about the difference between IPv4 and IPv6.
Run a Traceroute on Linux
On Ubuntu, the traceroute
command is not available by default. Install the tool using the apt package manager.
1. Open the terminal (CTLR+ALT+T) and install traceroute with:
sudo apt install traceroute
2. In the terminal, run a traceroute with:
traceroute [options] <hostname or IP> [packet length]
For example, traceroute one of phoenixNAP’s speed test IP locations:
traceroute 131.153.40.84
Alternatively, use a hostname:
traceroute phoenixnap.com
Note: A similar command called tracepath
is available for Linux. The main difference between the two is that traceroute
offers more options, some of which require root privilege. On the other hand, tracepath
is available for all users and outputs less information.
Advanced Options for Traceroute on Linux
By default, a traceroute sends UDP packets. Add the option -I
for ICMP probe packets:
traceroute -I <hostname or IP>
Include the -n
option to hide the device names for a cleaner output:
traceroute -In <hostname or IP>
By default, the number of packets sent is three. Change the number with the -q
option followed by the number of packets:
traceroute -Inq <number> <hostname or IP>
Lowering the number of packets to one increases the speed of a traceroute.
For all additional options of traceroute
, check the manual page in the terminal with the man command:
man traceroute
The manual contains information on all available command options and how to apply them to the command.
Run a Traceroute in Windows
Traceroute is available for Windows using the shorter name tracert
. To run a traceroute on Windows, follow these steps:
1. Press the Windows key and type CMD.
2. Press Enter and open the command prompt.
3. Lastly, run traceroute with:
tracert [options] <hostname or IP>
The output prints Trace complete to the console when the traceroute completes.
Run a Traceroute on macOS
To run a traceroute on macOS using the GUI, follow the steps below:
1. Click the Spotlight (magnifying glass) icon.
2. Next, search for Network Utility in the search field.
3. Double-click the Network Utility from the search result.
4. Locate and click the Traceroute tab.
5. Lastly, enter the IP address or host of the destination and click Trace. The textbox below the Trace button outputs the Traceroute results.
How to Read a Traceroute?
When running a traceroute, the output shows the path packets take when traveling to a destination point. The printed result divides into three general columns:
1. Each line indicates a router hop. The first column shows the hop number.
2. The following three columns show the round-trip time (RTT) for a total of three packets:
- For nearby networks, these numbers are usually below 100ms.
- For distant networks in other countries, typical RTT values go up to 300ms.
Three asterisk symbols (* * *) instead of numbers followed by a “Request timed out” message can indicate:
- The router is down.
- The router is configured not to return traceroute results.
- A firewall is enabled on the router.
- A time-out for one of the previous routers.
3. The last column displays the destination IP address and, whenever possible, the resolved domain name.
The traceroute output rows group into a total of five units:
1. The local network.
2. The internet service provider (ISP) for the local network.
3. The internet.
4. The network of the destination’s host.
5. The destination address.
Note: The results are different for everyone. The general categories still apply to every situation, though. Figure out each address by looking up the reverse DNS.
Add > <filename>.txt
at the end of the traceroute
or tracert
command to save the results into a text file for later use and analysis. For example, on Linux and macOS:
traceroute 8.8.8.8 > results.txt
Windows users can follow the same steps:
tracert 8.8.8.8 > result.txt
In both cases, the output does not print anything out and returns to the regular command line input. The file saves to the location where the command runs.
Conclusion
At the end of this tutorial, you know how to use and read the output of the traceroute
or tracert
command. Traceroute is a crucial tool for network troubleshooting and pinpointing bottlenecks in the connection.
If you want to learn more about traceroute comparing to other terminal programs, read our article tracepath vs. traceroute.
For more networking commands, check out our guide on the nmap network scanner tool. It’s a useful tool for scanning for open ports.
原创文章,作者:254126420,如若转载,请注明出处:https://blog.ytso.com/226176.html