19 Dec 2023

Mastering Linux Traceroutes | Network Administrator Guide

Posted in Bash, Linux, Systems Administration By Gabriel Ramuglia On December 19, 2023

Images showcasing the traceroute command in a Linux terminal emphasizing network path tracing and latency analysis

Ever found yourself curious about the journey data takes from your computer to a server halfway around the world? You’re not alone. Many users find the concept of data travel fascinating, but it’s more than just an interesting topic. It’s a crucial part of understanding how the internet works.

The ‘traceroute’ command in Linux can show you the path your data takes, from your local machine to the farthest reaches of the internet. It’s a powerful tool, and mastering it can give you a deeper understanding of network troubleshooting and cybersecurity.

In this guide, we’ll walk you through the ins and outs of using the traceroute command in Linux. From the basics to advanced usage, we’ll cover it all.

So, let’s embark on this journey and start mastering traceroute!

TL;DR: How Do I Use the Traceroute Command in Linux?

The basic usage of the traceroute command in Linux is as simple as typing traceroute [destination] in your terminal. This command will display the path that packets take from your machine to the destination you specified.

Here’s a simple example:

traceroute example.com

# Output:
# traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  ...

In this example, we used the traceroute command to trace the route to example.com. The output shows the path that the packets take, with each line representing a ‘hop’ along the route. Each hop represents a network device such as a router or a gateway.

This is just the basic usage of the traceroute command in Linux. But there’s much more to learn about this powerful tool, including advanced usage and troubleshooting techniques. Continue reading for a more detailed exploration.

Table of Contents

Basic Usage: Traceroute Command
Advanced Usage: Traceroute Command
Tracing Routes in Linux: Alternative Methods
Troubleshooting Traceroute: Common Issues and Solutions
Traceroute Fundamentals: How Data Travels Over the Internet
Traceroute: Beyond Network Diagnostics
Wrapping Up: Mastering the Traceroute Command in Linux

Basic Usage: Traceroute Command

The traceroute command in Linux is a network diagnostic tool that displays the path a packet takes to reach a destination. It’s a powerful tool for understanding how data travels across the internet and helps diagnose network issues.

Let’s explore the basic usage of the traceroute command.

traceroute google.com

# Output:
# traceroute to google.com (216.58.217.46), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  ...
# 7  dns.google (216.58.217.46)  14.385 ms  14.388 ms  14.372 ms

In this example, we’re tracing the route to google.com. The output shows the path that the packets take to reach Google’s server. Each line in the output represents a ‘hop’ along the route, with each hop representing a network device such as a router or a gateway.

The numbers following the device name (e.g., 1.275 ms 1.243 ms 1.230 ms) are the round-trip times in milliseconds for the packet to reach that device and return to your machine. This can be helpful in identifying slow segments in the route.

Advantages and Potential Pitfalls

The primary advantage of using the traceroute command is its ability to help identify network problems. It can show where packets are being lost or delayed, which can be invaluable for network troubleshooting.

However, there are potential pitfalls to be aware of. Some devices are configured not to respond to traceroute packets, which can result in incomplete traces. Also, the traceroute command can take a long time to complete, especially for destinations with many hops. Despite these potential issues, the traceroute command remains a vital tool for network diagnostics.

Advanced Usage: Traceroute Command

As you become more comfortable with the basic traceroute command, you’ll find that its true power lies in its advanced features. Traceroute’s flexibility allows it to handle more complex network diagnostic tasks. Let’s explore some of these advanced uses.

Before we dive into the advanced usage of traceroute, let’s familiarize ourselves with some of the command-line arguments or flags that can modify the behavior of the traceroute command. Here’s a table with some of the most commonly used traceroute arguments.

Argument	Description	Example
`-f`	Set the initial time-to-live used in the first outgoing probe packet	`traceroute -f 5 example.com`
`-m`	Set the max time-to-live (max number of hops) used in outgoing probe packets	`traceroute -m 10 example.com`
`-q`	Set the number of probes per ‘hop’. Default is 3	`traceroute -q 1 example.com`
`-N`	Set the number of probes to be tried simultaneously (default is 16)	`traceroute -N 20 example.com`
`-w`	Set the time (in seconds) to wait for a response to a probe	`traceroute -w 5 example.com`
`-n`	Print hop addresses numerically rather than symbolically and numerically	`traceroute -n example.com`
`-I`	Use ICMP ECHO instead of UDP datagrams	`traceroute -I example.com`
`-T`	Use TCP SYN for probes	`traceroute -T example.com`
`-A`	Perform AS path lookups in routing registries and print results directly after the corresponding addresses	`traceroute -A example.com`
`-M`	Use specified method for traceroute operations. Methods available are `icmp`, `udp`, `tcp`	`traceroute -M icmp example.com`

Now that we have a basic understanding of traceroute command line arguments, let’s dive deeper into the advanced use of traceroute.

Traceroute with ICMP ECHO

By default, traceroute uses UDP packets for probes. However, we can use the -I option to use ICMP ECHO for probes, which can be useful in certain scenarios.

traceroute -I example.com

# Output:
# traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  ...

In this example, we used the -I option to use ICMP ECHO for probes. The output is similar to the basic usage, but this time we’re using ICMP ECHO instead of UDP for probes.

Traceroute with TCP SYN

Another alternative is to use TCP SYN for probes, which can be done using the -T option. This can be useful when UDP is blocked or filtered.

traceroute -T example.com

# Output:
# traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  ...

In this example, we used the -T option to use TCP SYN for probes. Again, the output is similar to the basic usage, but this time we’re using TCP SYN instead of UDP for probes.

Traceroute with Numerical Addresses

Sometimes, you might want to print hop addresses numerically rather than symbolically. This can be done using the -n option.

traceroute -n example.com

# Output:
# traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  192.168.1.1  1.275 ms  1.243 ms  1.230 ms
# 2  ...

In this example, we used the -n option to print hop addresses numerically. This can be useful when you want to avoid the overhead of address-to-name lookups.

These are just a few examples of the advanced usage of the traceroute command. By understanding and utilizing these options, you can tailor the traceroute command to your specific needs and get the most out of this powerful tool.

Tracing Routes in Linux: Alternative Methods

While traceroute is a powerful tool, it’s not the only way to trace routes in Linux. There are alternative commands like tracepath and mtr that offer different features and can be more suitable in certain scenarios. Let’s dive into these alternative methods.

Tracepath Command

Tracepath is a network diagnostic tool that is similar to traceroute but doesn’t require root privileges. It traces path to a network host discovering MTU along this path.

Here’s an example of how to use the tracepath command:

tracepath example.com

# Output:
#  1?: [LOCALHOST]                      pmtu 1500
#  1:  gateway                                           1.641ms
#  2:  ...

In this example, we used tracepath to trace the route to example.com. The output is similar to the traceroute command, but it also includes the Path MTU (PMTU) for each hop.

MTR Command

Mtr (My Traceroute) is a network diagnostic tool that combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

Here’s an example of how to use the mtr command:

mtr example.com

# Output:
# Host                                       Loss%   Snt   Last   Avg  Best  Wrst StDev
# 1. router                                   0.0%    10    1.4   1.4   1.3   1.5   0.1
# 2. ...

In this example, we used mtr to trace the route to example.com. The output is different from the traceroute command as it continuously sends packets to the destination, providing real-time statistics about the network connection.

Comparison Table

Command	Requires Root	Continuous Output	Shows PMTU
Traceroute	Yes	No	No
Tracepath	No	No	Yes
MTR	Yes	Yes	No

As you can see, each command has its strengths and weaknesses. Choosing the right tool depends on your specific needs and the nature of the network diagnostic task at hand.

Troubleshooting Traceroute: Common Issues and Solutions

Like any tool, traceroute may occasionally present challenges. From incomplete traces to unusually long latency times, these issues can be perplexing. However, understanding common problems and their solutions can help you get the most out of traceroute. Let’s delve into some common issues and how to resolve them.

Incomplete Traces

One common issue is incomplete traces, where traceroute does not display the full path to the destination. This can occur when a network device along the path is configured to drop certain types of packets, or when a firewall is blocking the packets.

Here’s an example of an incomplete trace:

traceroute example.com

# Output:
# traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  *
# 3  *
# 4  *

In this example, the trace stops after the first hop. The asterisks (*) indicate that the traceroute did not receive a response from the next hop.

One possible solution to this issue is to use different types of probe packets. For example, you can use ICMP ECHO or TCP SYN packets instead of the default UDP packets.

Unusually Long Latency Times

Another common issue is unusually long latency times. This can occur due to network congestion, problems with the network devices along the path, or the physical distance to the destination.

Here’s an example of a trace with long latency times:

traceroute example.com

# Output:
# traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  host2 (10.0.0.2)  500.123 ms  500.456 ms  500.789 ms
# 3  host3 (10.0.0.3)  1000.123 ms  1000.456 ms  1000.789 ms

In this example, the latency times increase dramatically after the first hop. This could indicate a problem with the network connection between host2 and host3.

One possible solution to this issue is to investigate the network connection between the hops with high latency. This could involve checking for network congestion, hardware problems, or misconfigurations.

Remember, the traceroute command is a diagnostic tool. While it can help identify network issues, solving these issues often requires additional steps and tools.

Traceroute Fundamentals: How Data Travels Over the Internet

To truly understand the power of the traceroute command, it’s essential to grasp the fundamentals of how data travels over the internet. This journey involves several key concepts, including IP, ICMP, and the concept of ‘hops’ in networking.

Internet Protocol (IP)

The Internet Protocol (IP) is a set of rules that govern how data is sent and received over the internet. Each device connected to the internet has a unique IP address, which is used to identify the source and destination of each data packet.

# To find the IP address of your machine, you can use the following command:
ifconfig

# Output:
# eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
#         inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255

In this example, the IP address of the machine is 192.168.1.100. This address is used to identify the machine on the network.

Internet Control Message Protocol (ICMP)

The Internet Control Message Protocol (ICMP) is used by network devices to send error messages and operational information. Traceroute uses ICMP to determine the path that data packets take to their destination.

Hops in Networking

A ‘hop’ in networking refers to the journey a data packet takes from one network device to another. Each time a packet is forwarded by a router or another network device, it’s considered a hop. Traceroute displays the number of hops a packet takes to reach its destination, along with the time it takes for each hop.

traceroute example.com

# Output:
# traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  host2 (10.0.0.2)  10.123 ms  10.456 ms  10.789 ms
# 3  host3 (10.0.0.3)  20.123 ms  20.456 ms  20.789 ms

In this example, the data packet makes three hops to reach example.com. The time it takes for each hop is also displayed.

Understanding these fundamental concepts is crucial to mastering the traceroute command and network troubleshooting in general.

Traceroute: Beyond Network Diagnostics

While the traceroute command is primarily used for network diagnostics, its relevance extends far beyond this. It’s a versatile tool that can play a crucial role in several areas of IT, including network troubleshooting, server management, and cybersecurity.

Network Troubleshooting

Traceroute is one of the most commonly used tools for network troubleshooting. By displaying the path that packets take to reach a destination, it allows network administrators to identify where problems are occurring and take appropriate action.

# Example of using traceroute for network troubleshooting
traceroute troubleshoot.com

# Output:
# traceroute to troubleshoot.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  host2 (10.0.0.2)  500.123 ms  500.456 ms  500.789 ms
# 3  host3 (10.0.0.3)  1000.123 ms  1000.456 ms  1000.789 ms

In this example, the latency times increase dramatically after the first hop. This could indicate a problem with the network connection between host2 and host3, allowing the network administrator to focus their troubleshooting efforts on this segment of the network.

Server Management

In server management, understanding the network paths between servers can help optimize performance and reliability. Traceroute can provide valuable insights into these network paths, aiding in server configuration and management.

# Example of using traceroute for server management
traceroute server.com

# Output:
# traceroute to server.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  host2 (10.0.0.2)  10.123 ms  10.456 ms  10.789 ms
# 3  host3 (10.0.0.3)  20.123 ms  20.456 ms  20.789 ms

In this example, the traceroute command shows the path that packets take to reach server.com. This information can be used to optimize the network configuration for this server, improving its performance and reliability.

Cybersecurity

In cybersecurity, traceroute can be used to investigate network anomalies and potential security threats. By revealing the path that data packets take, it can help identify suspicious network activity.

# Example of using traceroute for cybersecurity
traceroute suspicious.com

# Output:
# traceroute to suspicious.com (93.184.216.34), 30 hops max, 60 byte packets
# 1  router (192.168.1.1)  1.275 ms  1.243 ms  1.230 ms
# 2  host2 (10.0.0.2)  10.123 ms  10.456 ms  10.789 ms
# 3  host3 (10.0.0.3)  20.123 ms  20.456 ms  20.789 ms

In this example, the traceroute command shows the path that packets take to reach suspicious.com. This path could be analyzed for potential security threats, such as unusual network devices or unusually long latency times.

Further Resources for Mastering Traceroute

To further your understanding of traceroute and its applications, the following resources can be of great help:

Linux Network Administrator’s Guide: An extensive guide covering network administration in Linux, including a detailed section on traceroute.
Linux Command Line and Shell Scripting Bible: A comprehensive resource for Linux command line and shell scripting, with practical examples including traceroute.
Cybersecurity for Beginners: This resource provides a broad overview of cybersecurity.

Wrapping Up: Mastering the Traceroute Command in Linux

In this comprehensive guide, we’ve delved deep into the traceroute command in Linux, a powerful tool that reveals the path data takes to travel from one point to another on the internet.

We began with the basics, understanding the fundamental usage of the traceroute command. We then moved on to more advanced usage, exploring various command options and flags that enhance its functionality. Along the way, we overcame common issues, such as incomplete traces and unusually long latency times, providing you with solutions and workarounds to these common challenges.

We also ventured into alternative approaches to trace routes in Linux, introducing you to commands like tracepath and mtr, and comparing their strengths and weaknesses to traceroute. Here’s a quick comparison of these methods:

Method	Requires Root	Continuous Output	Shows PMTU
Traceroute	Yes	No	No
Tracepath	No	No	Yes
MTR	Yes	Yes	No

Whether you’re a beginner just getting started with traceroute, or a seasoned professional looking to brush up your knowledge, we hope this guide has provided you with valuable insights and practical skills.

The traceroute command, with its rich functionality and broad applications, is a vital tool in your networking toolkit. Now, you’re well equipped to use it effectively in your network diagnostics, server management, and cybersecurity tasks. Happy networking!

About Author

Gabriel Ramuglia

Gabriel is the owner and founder of IOFLOOD.com, an unmanaged dedicated server hosting company operating since 2010.Gabriel loves all things servers, bandwidth, and computer programming and enjoys sharing his experience on these topics with readers of the IOFLOOD blog.

We Love Servers.