traceroute command

traceroute is a tool used to identify the path used by a packet to reach the destination. This tool uses ICMP messages, but unlike ping, identifies every router in the path. traceroute is useful when troubleshooting network problems because it can help you to localize problems in network connectivity.

The traceroute command is available on most modern operating systems (Windows, Apple Mac OS, Unix, Linux, etc). traceroute usually works by sending a series of ICMP echo request packets to a destination. First series of messages has a Time to Live (TTL) parameter set to 1, which means that the first router in a path will discard the packet and send an ICMP Time Exceeded message. TTL is then increased by one until the destination host is reached and an ICMP echo reply message is received. Originating host can then use the received ICMP messages to identify all routers in a path.

In Linux, by default, traceroute uses UDP packets with a large destination port number (33434 – 33534) that is unlikely to be used by any application at the destination host. TTLs are used to get the IP addresses of the intermediary routers. When a destination host is reached, it replies with an ICMP port unreachable message. You can change this behaviour by using the -I (the capital i) option. This forces the program to use the ICMP Echo Request (type 8) packets,  instead of UDP packets.

Here is an example:

linux traceroute command

In the picture above you can see that traceroute sends a series of three packets to each system between your system and www.google.com. You can also see the amount of time (in milliseconds) that the packets were taking to traverse each route.

To speed up the process, you can disable the mapping of IP addresses with hostnames by using the -n option:

linux traceroute disable mapping

You can change the number of packets sent by using the -q option:

linux traceroute number of packets


Linux course

Geek University 2022