If you need to figure out where your packets are going once they leave your Linux computer, traceroute on Linux is your friend.
Traceroute is a handy utility that’s on nearly every Linux distribution that tracks which routers your network packets traverse over a network. This utility is handy for troubleshooting or for simple network planning.
Not every distribution of Linux contains the same package for the
traceroutecommand. Some distributions use the legacy inetutils package which contains traceroute as part of a suite of network tools, while others have a modern traceroute.x86_64 package.
Table of Contents
Inspecting Traceroute Parameters
To get started, let’s first check out what’s possible with the Linux traceroute command.
Open up a terminal and type the command
traceroute -? to get access the manual page:
Usage: traceroute [OPTION...] HOST Print the route packets trace to network host. -f, --first-hop=NUM set initial hop distance, i.e., time-to-live -g, --gateways=GATES list of gateways for loose source routing -I, --icmp use ICMP ECHO as probe -m, --max-hop=NUM set maximal hop count (default: 64) -M, --type=METHOD use METHOD (`icmp' or `udp') for traceroute operations, defaulting to `udp' -p, --port=PORT use destination PORT port (default: 33434) -q, --tries=NUM send NUM probe packets per hop (default: 3) --resolve-hostnames resolve hostnames -t, --tos=NUM set type of service (TOS) to NUM -w, --wait=NUM wait NUM seconds for response (default: 3) -?, --help give this help list --usage give a short usage message -V, --version print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to <[email protected]>.
As you can see above, you have a lot of options to tweak how traceroute works.
Basic Traceroute Functionality
Although you have parameters to tweak traceroute, you don’t actually need all of them. You can, in fact, just run traceroute and provide the host to trace to. Once you do that, as you can see below, traceroute on Linux sends a 60-byte packet and follows every hop that it takes to get to the destination host.
It’s able to track these hops by using a time-to-live (TTL) on each packet decrementing it by one each time to detected when the package is no longer received.
Know that traceroute has a maximum number of hops. It will only go up to 30 hops max.
Adding Switches for More Precise Tracking
The default functionality of traceroute on Linux works well but there’s so much more you can do. Let’s now cover many of the most popular and useful switches that you have available.
Excluding Hops with the First-Hop Switch
One helpful command excludes certain routers from the trace. Using the
--first-hop=NUM parameter, you can exclude certain routers from displaying. This could be very useful if you are confident that one or more routers are not causing any issues.
You can also use the
-f switch to set the trace to begin past your network perimeter to narrow down any possible causes for latency on the Internet.
In the following GIF, you can see the command
traceroute -f 3 google.com running. This command is skipping the first three routers thus bypassing my home networking and ISP router. Notice that the first two hops are missing.
It takes 15 hops to reach www.google.com from my network from the above example. You see:
- hop count
- hostname or IP of the router along the path being traced
- response times as before
You may see additional interfaces for some hopes in the output. This is expected.
Limiting Hops with the Max-Hop Switch
Now lets say that in addition to skipping the first two hops, you also want the path up to the fifth hop in the route. That’s where you would use the
--max-hop=NUM switch parameter.
traceroute -m 5 -f 3 http://www.google.com into your terminal and press Enter. This command certainly is useful for narrowing potential routing issues. Traceroute now skips the first two hops and stops at the fifth hop.
Reducing Probe Packets Sent with the -Q Switch
Traceroute on Linux, by default, sends three probe packets to each router in the path. Perhaps you’d like to reduce the time
traceroute takes to run. You can change the number of probe packets sent to each router using the
traceroute -q -m 5 -f 3 www.google.com into your terminal and press Enter. You can see below that
traceroute is only sending one packet because we’re only getting one response time per hop.
You can also increase the number of probe packets sent per hop too but specifying an argument for the
-q parameter as shown below. Increasing packet probes sent could help by providing a way to average response times to each hop.
In this article on Traceroute for Linux, you learned the basics of using this handy utility. There is so much more you can do with this command. If you’d like to learn how to use every switch, be sure to check out the man page.
More from Adam The Automator & Friends
Find out how many of your Active Directory users are using leaked passwords by running a free read-only scan with Specops Password Auditor.
Why not write on a platform with an existing audience and share your knowledge with the world?
We've put together a list of the resources we, at ATA, can wholeheartedly recommend.