Appearance
Traceroute/Tracert - Network Route Tracing
Traceroute (Linux/macOS) and tracert (Windows) are network diagnostic tools that trace the path packets take from your computer to a destination host. They show each hop along the route and measure the time it takes for packets to reach each intermediate router.
Basic Usage
Linux/macOS - traceroute
bash
# Basic traceroute
traceroute google.com
traceroute 8.8.8.8
traceroute 192.168.1.1
# Traceroute with numeric output (no DNS resolution)
traceroute -n google.com
# IPv4 specific
traceroute -4 google.com
# IPv6 specific
traceroute -6 google.comWindows - tracert
cmd
# Basic tracert
tracert google.com
tracert 8.8.8.8
tracert 192.168.1.1
# Tracert with numeric output (no DNS resolution)
tracert -d google.com
# IPv4 specific
tracert -4 google.com
# IPv6 specific
tracert -6 google.comAdvanced Options
Linux/macOS traceroute Options
bash
# Use ICMP ECHO instead of UDP
traceroute -I google.com
# Use TCP SYN packets
traceroute -T google.com
# Use UDP packets (default)
traceroute -U google.com
# Specify destination port
traceroute -p 80 google.com
traceroute -p 443 google.com
# Set maximum number of hops
traceroute -m 15 google.com
traceroute -m 30 google.com
# Set timeout for each probe
traceroute -w 3 google.com
traceroute -w 5 google.com
# Set number of queries per hop
traceroute -q 1 google.com
traceroute -q 3 google.com
# Set first TTL value
traceroute -f 5 google.com
# Use loose source routing
traceroute -g 192.168.1.1 google.com
# Specify source address
traceroute -s 192.168.1.100 google.com
# Specify interface
traceroute -i eth0 google.com
traceroute -i wlan0 google.comWindows tracert Options
cmd
# Don't resolve addresses to hostnames
tracert -d google.com
# Maximum number of hops
tracert -h 15 google.com
tracert -h 30 google.com
# Timeout in milliseconds
tracert -w 3000 google.com
tracert -w 5000 google.com
# Force IPv4
tracert -4 google.com
# Force IPv6
tracert -6 google.comProtocol Types
ICMP Traceroute (Linux/macOS)
bash
# Use ICMP ECHO packets
traceroute -I google.com
# ICMP with specific options
traceroute -I -n google.com
traceroute -I -m 20 google.comTCP Traceroute (Linux/macOS)
bash
# Use TCP SYN packets
traceroute -T google.com
# TCP to specific port
traceroute -T -p 80 google.com
traceroute -T -p 443 google.com
traceroute -T -p 22 google.com
# TCP with no DNS resolution
traceroute -T -n google.comUDP Traceroute (Linux/macOS)
bash
# Use UDP packets (default)
traceroute -U google.com
# UDP to specific port
traceroute -U -p 53 google.com
traceroute -U -p 123 google.com
# UDP with custom options
traceroute -U -n -m 15 google.comEnhanced Tools
MTR (My Traceroute) - Linux/macOS
bash
# Install MTR
sudo apt install mtr-tiny # Ubuntu/Debian
brew install mtr # macOS
# Basic MTR
mtr google.com
# Report mode (run and exit)
mtr -r google.com
mtr --report google.com
# Specify number of pings
mtr -r -c 10 google.com
# No DNS resolution
mtr -n google.com
# Wide report format
mtr -w google.com
# Show both hostnames and IPs
mtr -b google.com
# Use TCP instead of ICMP
mtr -T google.com
# Use UDP instead of ICMP
mtr -u google.com
# Specify port for TCP/UDP
mtr -P 80 google.com
# Set packet size
mtr -s 64 google.com
# Set interval between pings
mtr -i 2 google.com
# JSON output
mtr -j google.com
# CSV output
mtr -C google.com
# XML output
mtr -x google.comPathPing (Windows)
cmd
# Basic pathping
pathping google.com
# No DNS resolution
pathping -n google.com
# Maximum number of hops
pathping -h 15 google.com
# Period between pings (milliseconds)
pathping -p 2000 google.com
# Number of queries per hop
pathping -q 10 google.com
# Timeout per reply (milliseconds)
pathping -w 3000 google.com
# Force IPv4
pathping -4 google.com
# Force IPv6
pathping -6 google.comInterpreting Results
Understanding Output
bash
# Example traceroute output
traceroute to google.com (172.217.164.110), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 1.234 ms 1.123 ms 1.456 ms
2 10.0.0.1 (10.0.0.1) 5.678 ms 5.432 ms 5.789 ms
3 * * *
4 203.0.113.1 (203.0.113.1) 15.234 ms 15.123 ms 15.456 msCommon Symbols
*- Timeout (no response)!H- Host unreachable!N- Network unreachable!P- Protocol unreachable!S- Source route failed!F- Fragmentation needed!X- Communication administratively prohibited
Response Time Analysis
bash
# Good response times
1-10 ms - Local network
10-50 ms - Regional network
50-100 ms - National network
100-200 ms - International network
>200 ms - Potential issues or very distant
# Concerning patterns
Increasing times - Congestion
Timeouts (*) - Filtering or overload
High variance - Unstable connectionTroubleshooting Network Issues
Identifying Problems
bash
# Check for packet loss
mtr -r -c 100 google.com
# Identify slow hops
traceroute -n google.com | grep -E '[0-9]{3,}\.[0-9]+ ms'
# Check specific protocols
traceroute -I google.com # ICMP
traceroute -T google.com # TCP
traceroute -U google.com # UDPCommon Issues and Solutions
Timeouts at Specific Hops
bash
# Router not responding to traceroute
# Try different protocols
traceroute -I google.com
traceroute -T -p 80 google.com
# Check if it's filtering
ping $(traceroute -n google.com | awk 'NR==4 {print $2}')High Latency
bash
# Identify bottleneck
mtr -r -c 50 google.com
# Compare different paths
traceroute -s source_ip1 google.com
traceroute -s source_ip2 google.comRouting Loops
bash
# Detect loops (same IP appearing multiple times)
traceroute -m 50 problematic_host
# Use different protocols to bypass
traceroute -T -p 443 problematic_hostFirewall and Security Considerations
Bypassing Firewalls
bash
# Try different protocols
traceroute -I google.com # ICMP
traceroute -T -p 80 google.com # TCP HTTP
traceroute -T -p 443 google.com # TCP HTTPS
traceroute -T -p 53 google.com # TCP DNS
# Use common ports
traceroute -U -p 53 google.com # UDP DNS
traceroute -U -p 123 google.com # UDP NTPSecurity Implications
bash
# Traceroute can reveal network topology
# Some organizations block traceroute
# Stealth traceroute options
traceroute -T -p 80 google.com # Looks like web traffic
traceroute -I google.com # Uses ICMP like pingCross-Platform Scripting
Bash Script (Linux/macOS)
bash
#!/bin/bash
# Multi-target traceroute script
targets=("google.com" "cloudflare.com" "8.8.8.8")
for target in "${targets[@]}"; do
echo "Tracing route to $target"
traceroute -n "$target"
echo "------------------------"
donePowerShell Script (Windows)
powershell
# Multi-target tracert script
$targets = @("google.com", "cloudflare.com", "8.8.8.8")
foreach ($target in $targets) {
Write-Host "Tracing route to $target"
tracert $target
Write-Host "------------------------"
}Cross-Platform Function
bash
# Function that works on multiple platforms
trace_route() {
local target=$1
if command -v traceroute >/dev/null 2>&1; then
traceroute -n "$target"
elif command -v tracert >/dev/null 2>&1; then
tracert -d "$target"
else
echo "No traceroute tool available"
return 1
fi
}
# Usage
trace_route google.comPerformance Optimization
Fast Traceroute
bash
# Reduce queries per hop
traceroute -q 1 google.com
# Reduce timeout
traceroute -w 1 google.com
# Limit hops
traceroute -m 15 google.com
# No DNS resolution
traceroute -n google.com
# Combined fast options
traceroute -n -q 1 -w 1 -m 15 google.comDetailed Analysis
bash
# More queries for accuracy
traceroute -q 5 google.com
# Longer timeout for slow links
traceroute -w 10 google.com
# More hops for complex routes
traceroute -m 50 google.com
# MTR for continuous monitoring
mtr -r -c 100 google.comAutomation and Monitoring
Scheduled Traceroute
bash
# Cron job for regular monitoring
# Add to crontab: crontab -e
0 */6 * * * /usr/bin/traceroute -n google.com >> /var/log/traceroute.log 2>&1
# Log rotation
0 0 * * 0 /bin/mv /var/log/traceroute.log /var/log/traceroute.log.oldNetwork Monitoring Script
bash
#!/bin/bash
# Network path monitoring script
TARGETS=("8.8.8.8" "1.1.1.1" "208.67.222.222")
LOGFILE="/var/log/network-trace.log"
for target in "${TARGETS[@]}"; do
echo "$(date): Tracing to $target" >> "$LOGFILE"
# Quick traceroute
traceroute -n -q 1 -w 2 -m 15 "$target" >> "$LOGFILE" 2>&1
# MTR summary
mtr -r -c 10 -n "$target" >> "$LOGFILE" 2>&1
echo "---" >> "$LOGFILE"
doneIntegration with Other Tools
Combining with Ping
bash
# Trace route then ping each hop
traceroute -n google.com | grep -E '^ *[0-9]+' | awk '{print $2}' | while read ip; do
if [[ $ip != "*" ]]; then
echo "Pinging $ip"
ping -c 3 "$ip"
fi
doneNetwork Mapping
bash
# Create network map
traceroute -n google.com | grep -E '^ *[0-9]+' | awk '{print $2}' | sort -u > hops.txt
# Reverse DNS lookup of hops
while read ip; do
if [[ $ip != "*" ]]; then
host "$ip"
fi
done < hops.txtPerformance Analysis
bash
# Extract timing information
traceroute google.com | grep -E '^ *[0-9]+' | awk '{
hop = $1
ip = $2
time1 = $4
time2 = $6
time3 = $8
avg = (time1 + time2 + time3) / 3
print hop, ip, avg "ms"
}'Best Practices
General Guidelines
- Use numeric output (-n/-d) for faster results
- Try different protocols if one doesn't work
- Be patient with slow or congested networks
- Consider firewall policies that may block traceroute
Security Considerations
- Traceroute reveals network topology
- Some networks block or rate-limit traceroute
- Use appropriate protocols for your environment
- Be aware of privacy implications
Performance Tips
- Use MTR for continuous monitoring
- Combine with other network tools for complete analysis
- Log results for trend analysis
- Use appropriate timeout values for your network
Troubleshooting Approach
- Start with basic traceroute
- Try different protocols if blocked
- Use MTR for detailed analysis
- Compare results over time
- Correlate with other network metrics
Traceroute and its variants are essential tools for network troubleshooting and analysis. Understanding how to use them effectively across different platforms and scenarios will help you diagnose network issues and understand network topology.