How to Run a Traceroute on Linux, Windows & macOS

Introduction

Traceroute is a crucial tool in network diagnostics. Together with other Linux commands such as ping, ip, and netstat (or the newer alternative ss), Traceroute identifies the path packets take from source to destination. The tool is universally available for Linux, Windows, and macOS.

This article explains the traceroute or tracert command, how it works, and how to run and read a traceroute on Linux, Windows, and macOS.

How to Run a Traceroute on Linux, Windows and macOS

Prerequisites

  • Access to the command line/terminal.
  • Network connection.
  • A website or IP address to trace (optional, provided in examples).

What Is Traceroute?

traceroute is a command used in network troubleshooting for mapping the path packets travel through the network. The tool aids in the discovery of possible routes of information from source to destination. Additionally, the command also helps calculate the transfer times between points.

When applied to network troubleshooting, traceroute helps locate where traffic slows down between the source and destination.

How Does Traceroute Work?

The protocol sends ICMP (Internet Control Message Protocol) packets to every router transferring between the source and destination. When you run a traceroute, the output displays:

  • The IP address of the router that successfully received the packet.
  • The travel latency, or the amount of time it took to get a response for each of the three probes.

Traceroute acts as a series of ping commands. While ping requests a response from the destination, traceroute gathers the intermediate information as well.

To gather the information available between the source and destination, a traceroute lowers the packet’s TTL (time to live) to a minimum (1). When a router receives the information, it decrements the TTL value to 0, indicating it should send information back to the source. The source gathers the intermediate router information, resets the TTL value to 1, and increments it.

Diagram of the traceroute iterations path

This way, the packet reaches the next router in the network. The iterative process repeats until the final package reaches the destination IP. Then, traceroute recognizes the destination IP and outputs all the intermediate information gathered.

The command sends out three probes by default for each TTL value and prints out the round-trip time for each packet.

How to Run a Traceroute?

Traceroute is available on most modern machines. The program is a command line tool with different options and syntax depending on the operating system.

By default, a traceroute is 30 hops for a packet size of 60 bytes for IPv4 and 80 bytes for IPv6.

Note: Learn about the difference between IPv4 and IPv6.

Run a Traceroute on Linux

On Ubuntu, the traceroute command is not available by default. Install the tool using the apt package manager.

1. Open the terminal (CTLR+ALT+T) and install traceroute with:

sudo apt install traceroute

2. In the terminal, run a traceroute with:

traceroute [options] <hostname or IP> [packet length]

For example, traceroute one of phoenixNAP’s speed test IP locations:

traceroute 131.153.40.84

Output of the traceroute command on Linux

Alternatively, use a hostname:

traceroute phoenixnap.com

Note: A similar command called tracepath is available for Linux. The main difference between the two is that traceroute offers more options, some of which require root privilege. On the other hand, tracepath is available for all users and outputs less information.

Advanced Options for Traceroute on Linux

By default, a traceroute sends UDP packets. Add the option -I for ICMP probe packets:

traceroute -I <hostname or IP>

Include the -n option to hide the device names for a cleaner output:

traceroute -In <hostname or IP>

Output of traceroute -In

By default, the number of packets sent is three. Change the number with the -q option followed by the number of packets:

traceroute -Inq <number> <hostname or IP>

Output of traceroute -Inq

Lowering the number of packets to one increases the speed of a traceroute.

For all additional options of traceroute, check the manual page in the terminal with the man command:

man traceroute

The manual contains information on all available command options and how to apply them to the command.

Run a Traceroute in Windows

Traceroute is available for Windows using the shorter name tracert. To run a traceroute on Windows, follow these steps:

1. Press the Windows key and type CMD.

2. Press Enter and open the command prompt.

3. Lastly, run traceroute with:

tracert [options] <hostname or IP>

Output of tracert on Windows

The output prints Trace complete to the console when the traceroute completes.

Run a Traceroute on macOS

To run a traceroute on macOS using the GUI, follow the steps below:

1. Click the Spotlight (magnifying glass) icon.

2. Next, search for Network Utility in the search field.

3. Double-click the Network Utility from the search result.

4. Locate and click the Traceroute tab.

Traceroute on macOS using the GUI

5. Lastly, enter the IP address or host of the destination and click Trace. The textbox below the Trace button outputs the Traceroute results.

How to Read a Traceroute?

When running a traceroute, the output shows the path packets take when traveling to a destination point. The printed result divides into three general columns:

Traceroute columns divided

1. Each line indicates a router hop. The first column shows the hop number.

2. The following three columns show the round-trip time (RTT) for a total of three packets:

  • For nearby networks, these numbers are usually below 100ms.
  • For distant networks in other countries, typical RTT values go up to 300ms.

Three asterisk symbols (* * *) instead of numbers followed by a “Request timed out” message can indicate:

  • The router is down.
  • The router is configured not to return traceroute results.
  • A firewall is enabled on the router.
  • A time-out for one of the previous routers.

3. The last column displays the destination IP address and, whenever possible, the resolved domain name.

The traceroute output rows group into a total of five units:

Traceroute rows divided

1. The local network.

2. The internet service provider (ISP) for the local network.

3. The internet.

4. The network of the destination’s host.

5. The destination address.

Note: The results are different for everyone. The general categories still apply to every situation, though. Figure out each address by looking up the reverse DNS.

Add > <filename>.txt at the end of the traceroute or tracert command to save the results into a text file for later use and analysis. For example, on Linux and macOS:

traceroute 8.8.8.8 > results.txt

Windows users can follow the same steps:

tracert 8.8.8.8 > result.txt

In both cases, the output does not print anything out and returns to the regular command line input. The file saves to the location where the command runs.

Conclusion

At the end of this tutorial, you know how to use and read the output of the traceroute or tracert command. Traceroute is a crucial tool for network troubleshooting and pinpointing bottlenecks in the connection.

If you want to learn more about traceroute comparing to other terminal programs, read our article tracepath vs. traceroute.

For more networking commands, check out our guide on the nmap network scanner tool. It’s a useful tool for scanning for open ports.

原创文章,作者:254126420,如若转载,请注明出处:https://blog.ytso.com/226176.html

(0)
上一篇 2022年1月9日
下一篇 2022年1月9日

相关推荐

发表回复

登录后才能评论