阅读视图

发现新文章,点击刷新页面。

Traceroute Command in Linux

✇Linux Tips, Tricks and Tutorials on Linuxize
hello@linuxize.com (Linuxize)

The traceroute command is a network diagnostic tool that displays the path packets take from your system to a destination host. It shows each hop (router) along the route and the time it takes for packets to reach each one.

Network administrators use traceroute to identify where packets are being delayed or dropped, making it essential for troubleshooting connectivity issues, latency problems, and routing failures.

This guide covers how to use the traceroute command with practical examples and explanations of the most common options.

Syntax

The general syntax for the traceroute command is:

Terminal 
traceroute [OPTIONS] DESTINATION
  • OPTIONS — Flags that modify the behavior of the command.
  • DESTINATION — The target hostname or IP address to trace.

Installing traceroute

The traceroute command is not installed by default on all Linux distributions. To check if it is available on your system, type:

Terminal 
traceroute --version

If traceroute is not present, the command will print “traceroute: command not found”. You can install it using your distribution’s package manager.

Install traceroute on Ubuntu and Debian

Terminal 
sudo apt update && sudo apt install traceroute

Install traceroute on CentOS and Fedora

Terminal 
sudo dnf install traceroute

On older CentOS versions, use sudo yum install traceroute.

Install traceroute on Arch Linux

Terminal 
sudo pacman -S traceroute

How traceroute works

When you run traceroute, it sends packets with incrementally increasing TTL (Time to Live) values, starting at 1. Each router along the path decrements the TTL by 1. When the TTL reaches 0, the router discards the packet and sends back an ICMP “Time Exceeded” message.

By increasing the TTL with each round of packets, traceroute discovers each hop along the route until the packets reach the final destination.

By default, traceroute sends three UDP packets per hop (on Linux) and displays the round-trip time for each packet.

Basic Usage

To trace the route to a destination, run traceroute followed by the hostname or IP address:

Terminal 
traceroute google.com

The output should look something like this:

output 
traceroute to google.com (142.250.185.78), 30 hops max, 60 byte packets
1 router.local (192.168.1.1) 1.234 ms 1.102 ms 1.056 ms
2 10.0.0.1 (10.0.0.1) 12.345 ms 12.234 ms 12.123 ms
3 isp-gateway.example.net (203.0.113.1) 15.678 ms 15.567 ms 15.456 ms
4 core-router.example.net (198.51.100.1) 20.123 ms 20.012 ms 19.901 ms
5 google-peer.example.net (192.0.2.1) 22.345 ms 22.234 ms 22.123 ms
6 142.250.185.78 (142.250.185.78) 25.678 ms 25.567 ms 25.456 ms

Understanding the Output

Each line in the traceroute output represents a hop along the route. Let us break down what each field means:

  • Hop number — The sequential number of the router in the path (1, 2, 3, etc.).
  • Hostname — The DNS name of the router, if available.
  • IP address — The IP address of the router in parentheses.
  • Round-trip times — Three time measurements in milliseconds, one for each probe packet sent to that hop.

The first line shows the destination, maximum number of hops (default 30), and packet size (default 60 bytes).

Interpreting the Results

Asterisks (* * *) indicate that no response was received for that hop. This can happen when:

  • The router is configured to not respond to traceroute probes.
  • A firewall is blocking the packets.
  • The packets were lost due to network congestion.

Increasing latency at a specific hop suggests a bottleneck or congested link at that point in the network.

Consistent high latency from a certain hop onward indicates the issue is at or before that router.

Common Options

The traceroute command accepts several options to customize its behavior:

  • -n — Do not resolve IP addresses to hostnames. This speeds up the output by skipping DNS lookups.
  • -m max_ttl — Set the maximum number of hops (default is 30).
  • -q nqueries — Set the number of probe packets per hop (default is 3).
  • -w waittime — Set the time in seconds to wait for a response (default is 5).
  • -I — Use ICMP ECHO packets instead of UDP (requires root privileges).
  • -T — Use TCP SYN packets instead of UDP (requires root privileges).
  • -p port — Set the destination port for UDP or TCP probes.
  • -s source_addr — Use the specified source IP address.
  • -i interface — Send packets through the specified network interface.

Skip DNS Resolution

To speed up the trace and display only IP addresses, use the -n option:

Terminal 
traceroute -n google.com
output 
traceroute to google.com (142.250.185.78), 30 hops max, 60 byte packets
1 192.168.1.1 1.234 ms 1.102 ms 1.056 ms
2 10.0.0.1 12.345 ms 12.234 ms 12.123 ms
3 203.0.113.1 15.678 ms 15.567 ms 15.456 ms

This is useful when DNS resolution is slow or when you only need IP addresses.

Change Maximum Hops

By default, traceroute stops after 30 hops. To change this limit, use the -m option:

Terminal 
traceroute -m 15 google.com

This limits the trace to 15 hops maximum.

Change Number of Probes

To send a different number of probe packets per hop, use the -q option:

Terminal 
traceroute -q 1 google.com

This sends only one probe per hop, resulting in faster but less detailed output.

Use ICMP Instead of UDP

By default, Linux traceroute uses UDP packets. Some networks block UDP, so you can use ICMP ECHO packets instead:

Terminal 
sudo traceroute -I google.com
Info
The -I option requires root privileges because sending raw ICMP packets requires elevated permissions.

Use TCP Instead of UDP

For networks that block both UDP and ICMP, you can use TCP SYN packets:

Terminal 
sudo traceroute -T google.com

You can also specify a port, such as port 443 for HTTPS:

Terminal 
sudo traceroute -T -p 443 google.com

This is useful for tracing routes through firewalls that only allow specific TCP ports.

Trace IPv6 Routes

To trace IPv6 routes, use the -6 option:

Terminal 
traceroute -6 ipv6.google.com

Specify Source Interface

If your system has multiple network interfaces, you can specify which one to use:

Terminal 
traceroute -i eth0 google.com

Or specify the source IP address:

Terminal 
traceroute -s 192.168.1.100 google.com

Traceroute vs tracepath

Linux systems often include tracepath, which is similar to traceroute but does not require root privileges and automatically discovers the MTU (Maximum Transmission Unit) along the path.

Feature traceroute tracepath
Root required Yes (for ICMP/TCP) No
Protocol UDP, ICMP, TCP UDP only
MTU discovery No Yes
Customization Many options Limited

Use tracepath for quick traces without root access:

Terminal 
tracepath google.com

Use traceroute when you need more control over the probe method or when tracepath does not provide enough information.

Practical Examples

Diagnose Slow Connections

If a website is loading slowly, trace the route to identify where the delay occurs:

Terminal 
traceroute -n example.com

Look for hops with significantly higher latency than the previous ones. The hop before the latency spike is often the source of the problem.

Check if a Host is Reachable

If ping shows packet loss, use traceroute to find where packets are being dropped:

Terminal 
traceroute google.com

Hops showing * * * followed by successful hops indicate a router that does not respond to probes but forwards traffic. If all remaining hops show * * *, the issue is at or after the last responding hop.

Trace Through a Firewall

If standard UDP probes are blocked, try ICMP or TCP:

Terminal 
sudo traceroute -I google.com
sudo traceroute -T -p 80 google.com

Compare Routes to Different Servers

To understand routing differences, trace routes to multiple servers:

Terminal 
traceroute -n server1.example.com
traceroute -n server2.example.com

This helps identify whether traffic to different destinations takes different paths through your network.

Quick Reference

Task Command
Basic trace traceroute example.com
Skip DNS resolution traceroute -n example.com
Limit to N hops traceroute -m 15 example.com
One probe per hop traceroute -q 1 example.com
Use ICMP sudo traceroute -I example.com
Use TCP sudo traceroute -T example.com
Use TCP on port 443 sudo traceroute -T -p 443 example.com
Specify interface traceroute -i eth0 example.com
Set timeout traceroute -w 3 example.com
Trace with tracepath tracepath example.com

Troubleshooting

All hops show * * *
The destination or your network may be blocking traceroute probes. Try using ICMP (-I) or TCP (-T) instead of the default UDP. If the issue persists, a firewall between you and the destination is likely blocking all probe types.

Only the first hop responds
Your local router responds, but nothing beyond it does. This often indicates a firewall or routing issue at your ISP. Contact your network administrator or ISP for assistance.

Trace never completes
The destination may not be reachable, or the maximum hop count is too low. Increase the maximum hops with -m 60 and check if the trace progresses further.

High latency at a specific hop
A single hop with high latency does not always indicate a problem. Routers often deprioritize ICMP responses. If the final destination has acceptable latency, the intermediate high latency may not affect actual traffic.

Latency increases then decreases
This can occur due to asymmetric routing, where the return path differs from the outbound path. The times displayed include the round trip, so a longer return path can inflate the displayed latency.

Permission denied
Options like -I (ICMP) and -T (TCP) require root privileges. Run the command with sudo.

FAQ

What is the difference between traceroute and ping?
ping tests whether a destination is reachable and measures round-trip latency. traceroute shows the path packets take and the latency at each hop along the route. Use ping for basic connectivity checks and traceroute for diagnosing where problems occur.

Why do some hops show asterisks?
Asterisks (* * *) mean no response was received. The router may be configured to ignore traceroute probes, a firewall may be blocking them, or the packets may have been lost. This does not necessarily mean the router is down.

What is the default protocol used by traceroute?
On Linux, traceroute uses UDP by default. On Windows, tracert uses ICMP. You can switch Linux traceroute to ICMP with -I or TCP with -T.

How do I trace the route on Windows?
Windows uses the tracert command instead of traceroute. The syntax is similar: tracert example.com. It uses ICMP by default.

What does TTL mean in traceroute?
TTL (Time to Live) is a field in the IP packet header that limits the packet’s lifespan. Each router decrements the TTL by 1. When it reaches 0, the router discards the packet and sends an ICMP “Time Exceeded” message. Traceroute uses this mechanism to discover each hop.

How can I trace the route to a specific port?
Use the -p option with TCP (-T) or UDP to specify the destination port:

Terminal 
sudo traceroute -T -p 443 example.com

Is there an alternative to traceroute for continuous diagnostics?
mtr combines ping and traceroute in a single, continuously updating view and is useful for ongoing packet loss and latency checks.

Conclusion

The traceroute command is an essential tool for diagnosing network connectivity and routing issues. It shows the path packets take to a destination and helps identify where delays or failures occur.

For more options, refer to the traceroute man page by running man traceroute in your terminal.

If you have any questions, feel free to leave a comment below.

❌