traceroute command of Linux

Posted by rweston002 on Fri, 31 Dec 2021 14:23:16 +0100

Displays the path from the data packet to the host. The traceroute command is used to track all paths of the data packet when it is transmitted on the network. By default, the size of the data packet sent is 40 bytes.

Through traceroute, we can know the path of information from your computer to the host at the other end of the Internet. Of course, every time a packet arrives at the same destination from the same source, the path may be different, but basically the route is the same most of the time.

Traceroute measures how long it takes by sending a small packet to the destination device until it returns. The traceroute of each device on a path shall be tested 3 times. The output results include the time (ms) of each test, the name of the device (if any) and its ip address.

There are three methods to implement Traceroute:

  • TCP traceroute (it can be implemented using tracetcp program)
  • UDP traceroute (used by Cisco and Linux by default)
  • ICMP traceroute (used by MS Windows by default)

Command format

Traceroute (option) (parameter)

Command options

  • -d: Use the Socket level troubleshooting function;
  • -F < survival value >: set the survival value TTL of the first detection packet;
  • -F: Do not leave the off position;
  • -G < gateway >: Set source routing gateways, up to 8;
  • -I < network interface >: send data packets using the specified network interface;
  • -1: Replace UDP data information with I CMP response;
  • -M < survival value >: set the size of the maximum survival value TTL of the detection packet;
  • -n: Directly use IP address instead of host name;
  • -P < communication port >: set the communication port of UDP transmission protocol;
  • -r: Ignore the normal Routing Table and directly send the data packet to the remote host.
  • -S < source address >: set the IP address of the packet sent by the local host;
  • -T < service type >: set the TOS value of the detection packet;
  • -v: Detailed display of instruction execution process;
  • -W < timeout seconds >: set the time to wait for the remote host to return;
  • -x: Turns on or off the correctness check of the packet.

Command parameters

Host: specify the destination host IP address or host name.

Simple usage

> traceroute rumenz.com
traceroute to rumenz.com (203.195.152.245), 64 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  1.242 ms  0.949 ms  2.494 ms
 2  192.168.1.1 (192.168.1.1)  1.337 ms  1.101 ms  0.953 ms
 3  100.64.0.1 (100.64.0.1)  4.663 ms  28.187 ms  3.346 ms
 4  111.175.227.145 (111.175.227.145)  7.321 ms  12.203 ms  10.503 ms
 5  111.175.210.221 (111.175.210.221)  4.810 ms  7.400 ms  3.673 ms
 6  202.97.17.5 (202.97.17.5)  20.276 ms
    202.97.98.25 (202.97.98.25)  38.174 ms
    202.97.17.1 (202.97.17.1)  28.942 ms
 7  * 113.96.5.158 (113.96.5.158)  26.277 ms *
 8  * * *
 9  14.18.199.106 (14.18.199.106)  22.518 ms  20.543 ms  22.583 ms
10  * * 14.18.199.74 (14.18.199.74)  22.378 ms
11  * * *
12  * * *
13  * * *
14  203.195.152.245 (203.195.152.245)  25.766 ms  21.599 ms *

Records start from 1 according to the serial number. Each record is a hop. Each hop represents a gateway. We see that each line has three times, and the unit is ms. in fact, it is the default parameter of - q. The return time after the detection packet sends three packets to each gateway and the gateway responds; If you use traceroute - q 4 rumenz COM, which means sending 4 packets to each gateway.

Sometimes when we traceroute a host, we will see that some lines are represented by asterisks. In this case, the firewall may block the ICMP return information, so we can't get any relevant packet return data.

Sometimes we delay a long time at a gateway, which may be due to the blocking of a gateway or the physical device itself. Of course, if a DNS fails to resolve the host name and domain name, there will also be a long delay; You can add the - n parameter to avoid DNS resolution and output data in IP format.

If there are different network segments in the LAN, we can use traceroute to check whether the problem is the host problem or the gateway problem. If we access a server remotely and encounter problems, we use traceroute to track the gateway through which the packet passes and submit it to the IDC service provider, which is also helpful to solve the problem; However, it seems that it is difficult to solve such problems in China. Even if we find the problem, IDC service providers cannot help us solve it.

Set hops

> traceroute -m 10 rumenz.com
traceroute to rumenz.com (203.195.152.245), 10 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  1.829 ms  0.746 ms  1.684 ms
 2  192.168.1.1 (192.168.1.1)  2.326 ms  3.365 ms  1.203 ms
 3  100.64.0.1 (100.64.0.1)  4.659 ms  5.613 ms  4.055 ms
 4  111.175.227.145 (111.175.227.145)  12.399 ms  7.991 ms  8.013 ms
 5  111.175.210.221 (111.175.210.221)  6.997 ms  10.958 ms  4.180 ms
 6  202.97.98.29 (202.97.98.29)  21.216 ms
    202.97.98.25 (202.97.98.25)  21.428 ms *
 7  * * *
 8  * * *
 9  * 14.18.199.106 (14.18.199.106)  22.443 ms  20.399 ms
10  * * *

Displays the IP address without checking the host name

> traceroute -n rumenz.com
traceroute to rumenz.com (203.195.152.245), 64 hops max, 52 byte packets
 1  192.168.0.1  2.484 ms  1.271 ms  0.813 ms
 2  192.168.1.1  1.320 ms  1.103 ms  1.075 ms
 3  100.64.0.1  2.914 ms  4.107 ms  4.372 ms
 4  111.175.227.145  7.279 ms  7.915 ms  9.007 ms
 5  111.175.210.221  3.729 ms  4.100 ms  4.160 ms
 6  202.97.29.49  25.172 ms
    202.97.34.66  23.798 ms
    202.97.29.53  18.034 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * 203.195.152.245  21.635 ms  22.201 ms

Set the number of probe packets to a value of 4

> traceroute -q 4 rumenz.com
traceroute to rumenz.com (203.195.152.245), 64 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  2.265 ms  2.010 ms  0.669 ms  1.103 ms
 2  192.168.1.1 (192.168.1.1)  1.159 ms  1.207 ms  1.082 ms  1.181 ms
 3  100.64.0.1 (100.64.0.1)  6.105 ms  4.068 ms  2.737 ms  3.858 ms
 4  111.175.227.145 (111.175.227.145)  12.785 ms  11.772 ms  11.710 ms  7.463 ms
 5  111.175.210.221 (111.175.210.221)  11.646 ms  5.033 ms  4.373 ms  5.631 ms
 6  * 202.97.29.57 (202.97.29.57)  21.332 ms *
    202.97.17.5 (202.97.17.5)  26.080 ms
 7  * * * *
 8  * * * *
 9  14.18.199.106 (14.18.199.106)  26.460 ms  20.790 ms  25.815 ms *
10  * * 14.18.199.74 (14.18.199.74)  22.642 ms *
11  * * * *
12  * * * *
13  * * * *
14  203.195.152.245 (203.195.152.245)  22.046 ms  22.201 ms  20.328 ms  24.846 ms

Bypass the normal routing table and send it directly to the host connected to the network

> traceroute -r rumenz.com
traceroute to rumenz.com (203.195.152.245), 64 hops max, 52 byte packets
traceroute: sendto: Network is unreachable
 1 traceroute: wrote rumenz.com 52 chars, ret=-1
 *traceroute: sendto: Network is unreachable
traceroute: wrote rumenz.com 52 chars, ret=-1
 *traceroute: sendto: Network is unreachable
traceroute: wrote rumenz.com 52 chars, ret=-1

The waiting response time of the probe packet is set to 3 seconds

> traceroute -w 3 rumenz.com
traceroute to rumenz.com (203.195.152.245), 64 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  2.835 ms  0.894 ms  0.967 ms
 2  192.168.1.1 (192.168.1.1)  1.289 ms  1.174 ms  1.091 ms
 3  100.64.0.1 (100.64.0.1)  3.327 ms  2.985 ms  4.280 ms
 4  111.175.227.145 (111.175.227.145)  13.337 ms  12.301 ms  9.081 ms
 5  111.175.210.221 (111.175.210.221)  3.484 ms  5.052 ms  4.033 ms
 6  202.97.98.25 (202.97.98.25)  19.580 ms
    202.97.17.1 (202.97.17.1)  21.139 ms
    202.97.34.66 (202.97.34.66)  21.232 ms
 7  * * 113.96.5.82 (113.96.5.82)  26.111 ms
 8  * * *
 9  * 14.18.199.106 (14.18.199.106)  22.279 ms *
10  * * *
11  * * *
12  * * *
13  * * *
14  * 203.195.152.245 (203.195.152.245)  22.335 ms  21.387 ms

How Traceroute works

UDP and ICMP Traceroute

The basic principle of Traceroute is to send out packets with gradually increasing TTL, so as to obtain the information of each hop in the path.

Host A makes a traceroute to host B. Host A will send a packet with TTL=1 for the first time. When the packet reaches R1, TTL will become 0 (TTL will be subtracted for each hop on the network). R1 will discard the packet with TTL=0 and return an ICMP Time Exceeded to Host A. Host A sends the second packet and increases TTL by 1 (TTL=2), After the packet reaches R2, TTL=0, and R2 returns ICMP Time Exceeded to Host A. And so on. Host B will return a Final Replay to Host A until the TTL increases to an appropriate value so that the packet can reach host B successfully.

The difference between UDP and ICMP traceroute lies in the outward sent packet (the packet marked in red in the figure above) and the final reply.

  • UDP sends out a UDP packet, and final reply is ICMP Destination Unreachable
  • ICMP sends out an ICMP Echo Request, and final reply is ICMP Echo Reply

TCP Traceroute

TCP traceroute also uses TTL to detect network paths, but it sends out TCP SYN packets. The biggest advantage of this is that it has a greater chance of penetrating the firewall, because TCP SYN seems to be trying to establish a normal TCP connection.

For more detailed information about Cisco's traceroute, please refer to Cisco Using the traceroute Command on Operating Systems (Document ID:22826)

Original link: https://rumenz.com/rumenbiji/linux-traceroute.html
WeChat official account: entry station

Topics: Linux

Hot Topics

©2024 Programmer Think