traceroute

Display the route packets take

traceroute [-46dFITUnrAV] [-f first_TTL] [-m max_TTL] [-q nqueries] [-i device] [-p port] [-s src_addr] [-N squeries] [-t tos] [-l flow_label] [-w waittime] [-z sendwait] [-g gate,…] host [packetSize]

traceroute6 is the same as traceroute -6
tracert is the same as traceroute -I (ICMP ECHO only root)
tcptraceroute is the same as traceroute -T -p 80
tracepath non-priviledge

`-f first_TTL`	Default 1.
`-m max_ttl`	maximum hops. Default 30.
`-N squeries`	Number of packets sent out simultaneously (i.e. without waiting for a response) reducing the time to complete the trace. Default: 15. Some routers and hosts use ICMP rate throttling, specifying too large number can lead to loss of responses.
`-z zzz`	sleep time between probes (default 0). more than 10: milliseconds less than 10: number of seconds (fractional values allowed ). -z 8 causes traceroute to go CPU bound 3/22/11 version 2.0.1, Feb 26 2009 Useful when some routers use rate-limit for icmp messages.
`-w waittime`	seconds to wait for a response (default 5.0 ).
`-q queries`	number of packets per hop. default 3.
`-n`	no hostnames lookup, i.e. DNS will not be queried (usually faster).
`-t tos`	For IPv4, Type of Service (`TOS`) and Precedence value. Useful values 16 (low delay) and 8 (high throughput). Requires super user. For IPv6, set the Traffic Control value.
`-r`	Routing tables are bypassed, packets are sent directly to a host on an attached network. If the host is not on a directly-attached network, an error is returned. Used to ping a local host through an interface that has no route through it.
`-s addr`	Chooses a specific source address.
`-p port`	For UDP, destination port (incremented for each probe). For ICMP, initial icmp sequence value (incremented by each probe ). For TCP, (constant) destination port to connect.
`-U`	Use `UDP` datagrams (default)
`-I`	Use `ICMP ECHO` (requires root)
`-T`	Use `TCP SYN` (requires root)
`-d`	debugging at socket level is Enabled
`-F`	"Don't Fragment" bit is set the packets
`-g gateway`	add IP source routing option to the outgoing packet to route the packet through the specified gateway. Most routers disable source routing.
`-i interface`	used to send packets. Default: according to the routing table.
`-4, -6`	By default resolve the name and choose the appropriate protocol. If host returns both IPv4 and IPv6 addresses, use IPv4.
`-A`	Perform AS path lookups in routing registries and display results directly after the addresses
`--help`	and exit.
`-V`	and exit.

Uses IP protocol's time-to-live (TTL) option in attempts to elicit an ICMP^† TIME_EXCEEDED response from each gateway along the path to the host, thus identifying them. TTL is expressed in transfers from each host or gateway aka hops (has nothing to do with time).

Routes are dynamic and 2 packets sent even within milliseconds may not take the same path due to congestion or balancing or performance considerations or router outage.

Starts by sending packets with a TTL of 1 and increments by 1 until "Port Unreachable" (or TCP reset), which means host was reached, or max hops. Three packets are sent at each TTL and a display showing the ttl, address of the gateway and round trip time of each packet is output.
If the answers come from different gateways, the address of each will be displayed.

If there is no response within a timeout, a "*" is displayed.

Varying the size of the packet sent to that host (default 40),
in conjunction with -F (don't fragment) can obtain information about the MTU of individual network hops. (size not used with TCP ).

IETF RFC1812

! TTL <=1
!H (host), !N (network), or !P protocol unreachable
!S source route failed
!U Destination network unknown
!W host unknown
!I source host is isolated
!A communication with destination is network administratively prohibited
!Z communication with destination is host administratively prohibited
!Q for this ToS the destination network is unreachable
!T for this ToS the destination host is unreachable
!F fragmentation needed ( - the RFC1191 Path MTU Discovery value is displayed)
!X communication administratively prohibited
!V host precedence violation
!C precedence cutoff in effect
!nnn ICMP unreachable code as in RFC1812

If almost all the packets result in some kind of unreachable error, traceroute exits.

trace path to a network host discovering MTU along this path


       tracepath [-nc] destination[/port]

Uses UDP port or random port, similar to traceroute,
-c use the return address instead of the reply type (connection refused) to determine when to stop.
-n No DNS resolving names

Tracepath6 is good replacement for traceroute6
Some IP routers do not return enough information in icmp error messages.
Uses Van Jacobson's algorithm, sweeping a range of UDP ports to maintain trace history.

OUTPUT

       # tracepath6 3ffe:2400:0:109::2
        1?: [LOCALHOST]                              pmtu 1500
        1:  dust.inr.ac.ru                   0.411ms
        2:  dust.inr.ac.ru        asymm  1   0.390ms pmtu 1480
        2:  3ffe:2400:0:109::2               463.514ms reached
            Resume: pmtu 1480 hops 2 back 2

column

TTL of the probe, followed by colon. Usually obtained from reply , sometimes reply does not contain necessary information
network hop which replied either the address of router or LOCALHOST (if the packet was not sent to the gateway).
information about path to the correspinding hetwork hop. RTT. MTU, when it changes.
If the path is asymmetric or the packet expires before it reaches destination, difference between number of hops in forward and backward direction is shown following keyword async Hop 2 shows asymmetry of 1, because the first probe with TTL of 2 was rejected at the first hop due to Path MTU Discovery.

Summary (Resume) shows detected Path MTU, hops to the destination and hops from the destination back, which can be different when the path is asymmetric.

BSD version

traceroute [-dFISdnrvx] [-f first_ttl] [-g gateway] [-i iface] [-M first_ttl] [-m max_ttl] [-P proto] [-p port] [-q nqueries] [-s src_addr] [-t tos] [-w waittime] [-z pausemsecs] host [packetsize] Display the route packets took to host
Tracking the route packets follow (or Finding the miscreant gateway discarding packets can be difficult. Utilizes the IP protocol time to live field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to a host.

Default packet size of 40 bytes may be increased by specifying size after the destination.

-f first_ttl Set the initial time-to-live used in the first outgoing probe packet.

-F Set the "dont fragment" bit.

-d Enable socket level debugging.

-g gateway loose source route gateway (8 maximum).

-i iface a network interface to obtain the source IP address for outgoing probe packets. Useful on a multihomed host (i.e. one with multilple lines to ISPs. ( -s for another way to do this.)

-I Use ICMP ECHO instead of UDP datagrams. (A synonym for "-P icmp").

-M first_ttl initial time-to-live, default 1, i.e., start with the first hop.

-m max_ttl max number of hops, default is net.inet.ip.ttl hops (the same default used for TCP connections).

-n display gateway addresses numerically

-P proto Send packets of specified IP protocol:

UDP , TCP , GRE and ICMP Other protocols may also be specified (either by name or by number), though traceroute does not implement any special knowledge of their packet formats. This option is useful for determining which router along a path may be blocking packets based on protocol number.

-p port For UDP and TCP, sets the base port number used in probes (default is 33434). Traceroute hopes that nothing is listening on UDP ports base to base+nhops-1 at the destination host (so an ICMP PORT_UNREACHABLE message will be returned to terminate the route tracing). If something is listening on a port in the default range, this option can be used to pick am different port range.

-q nqueries Set the number of probes per ttl to nqueries (default 3.
-r Bypass the normal routing tables and send directly to a host on an attached network. If the host is not on a directly-attached network, an error is returned.
This option can be used to ping a local host through an interface that has no route through it (e.g., after the interface was dropped by routed(8)).

-s src_addr Use the following IP address (which must be given as an IP num ber, not a hostname) as the source address in outgoing probe packets. On hosts with more than one IP address, this option can be used to force the source address to be something other than the IP address of the interface the probe packet is sent on. If the IP address is not one of this machines interface addresses, an error is returned and nothing is sent. (See -i for another way to do this.)

-S display a summary of how many probes were not answered for each hop.

-ttype-of-service a decimal integer in the range 0 to 255 used to see if different types-of-service result in different paths. 16 (low delay) 8 (high throughput).

-v Verbose, Received packets other than TIME_EXCEEDED and UNREACHABLEs are listed.

-w seconds wait for a response to a probe (default 5 .).

-x Toggle IP checksums calculation. Normally prevents calculation.
The system can overwrite parts of the outgoing packet but not recalculate the checksum using -x causes them to be calculated).
checksums are usually required for the last hop when using ICMP ECHO probes ( -I ). So they are always calculated when using ICMP.

-z pausemsecs between probes (default 0). use 500 (e.g. 1/2 second).

Understanding traceroute

It is important to understand that the list of hops displayed is only one of the possible paths that packets may take.

Routers (dedicated or on general purpose hosts) frequently have more than 2 interfaces. Packets received on one interface may be routed to the second interface or the traffic may better suits routing to the third interface. It would not be unusual for all packets to use the same route during a short time period. It would not be unusual for packets at a later time to use a different route.

traceroute sends UDP probe packets with a small ttl (time to live) then listens for the ICMP "time exceeded"^† reply from a gateway.

Default settings start with a ttl of 1 and increase by 1 until ICMP "port unreachable" is received (i.e target host replied or hit a max) (defaults to net.inet.ip.ttl hops & can be changed with -m).
3 probes (changed with -q ) are sent at each ttl setting and a report line is displayed showing thettl, address of the gateway and round trip time of each probe. If the replies come from different gateways, the address of each responding system will be printed.
If no response is receivedwithin the timeout interval ( -w ), a * is printed for that probe.
To prevent the host to process the UDP probe packets so the destination port is set to an unlikely value with -p .

A sample use and output might be:

 
     [yak 71]% traceroute nis.nsf.net.
     traceroute to nis.nsf.net (35.1.1.48), 64 hops max, 38 byte packet
     1  helios.ee.lbl.gov (128.3.112.1)  19 ms  19 ms  0 ms
     2  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  39 ms  19 ms
     3  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  39 ms  40 ms  39 ms
     4  ccn-nerif22.Berkeley.EDU (128.32.168.22)  39 ms  39 ms  39 ms
     5  128.32.197.4 (128.32.197.4)  40 ms  59 ms  59 ms
     6  131.119.2.5 (131.119.2.5)  59 ms  59 ms  59 ms
     7  129.140.70.13 (129.140.70.13)  99 ms  99 ms  80 ms
     8  129.140.71.6 (129.140.71.6)  139 ms  239 ms  319 ms
     9  129.140.81.7 (129.140.81.7)  220 ms  199 ms  199 ms
     10  nic.merit.edu (35.1.1.48)  239 ms  239 ms  239 ms

     [yak 72]% traceroute allspice.lcs.mit.edu.
     traceroute to allspice.lcs.mit.edu (18.26.0.115), 64 hops max
     1  helios.ee.lbl.gov (128.3.112.1)  0 ms  0 ms  0 ms
     2  lilac-dmc.Berkeley.EDU (128.32.216.1)  19 ms  19 ms  19 ms
     3  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  19 ms  19 ms
     4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  19 ms  39 ms  39 ms
     5  ccn-nerif22.Berkeley.EDU (128.32.168.22)  20 ms  39 ms  39 ms
     6  128.32.197.4 (128.32.197.4)  59 ms  119 ms  39 ms
     7  131.119.2.5 (131.119.2.5)  59 ms  59 ms  39 ms
     8  129.140.70.13 (129.140.70.13)  80 ms  79 ms  99 ms
     9  129.140.71.6 (129.140.71.6)  139 ms  139 ms  159 ms
     10  129.140.81.7 (129.140.81.7)  199 ms  180 ms  300 ms
     11  129.140.72.17 (129.140.72.17)  300 ms  239 ms  239 ms
     12  * * *
     13  128.121.54.72 (128.121.54.72)  259 ms  499 ms  279 ms
     14  * * *
     15  * * *
     16  * * *
     17  * * *
     18  ALLSPICE.LCS.MIT.EDU (18.26.0.115)  339 ms  279 ms  279 ms

gateways at 12, 14, 15, 16 & 17 hops away, either don't send ICMP "time exceeded" messages or send them with a ttl too small to get back to the traceroute server
gateway 12 is silent which .

     1  helios.ee.lbl.gov (128.3.112.1)  0 ms  0 ms  0 ms
     2  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  19 ms  39 ms
     3  lilac-dmc.Berkeley.EDU (128.32.216.1)  19 ms  39 ms  19 ms
     4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  39 ms  40 ms  19 ms
     5  ccn-nerif35.Berkeley.EDU (128.32.168.35)  39 ms  39 ms  39 ms
     6  csgw.Berkeley.EDU (128.32.133.254)  39 ms  59 ms  39 ms
     7  * * *
     8  * * *
     9  * * *
     10  * * *
     11  * * *
     12  * * *
     13  rip.Berkeley.EDU (128.32.131.22)  59 ms !  39 ms !  39 ms !

There are 12 "gateways" (13 is the final destination) and exactly the last half of them are "missing".
What could be happening is that rip is using the ttl from our arriving datagram as the ttl in its ICMP reply.
The reply will time out on the return path (with no notice sent to anyone since ICMP's aren't sent for ICMP's) until we probe with a ttl that's at least twice the path length. I.e., rip is really only 7 hops away. A reply that returns with a ttl of 1 is a clue this problem exists.
traceroute displays a ! after the time if the ttl is <= 1.

Errors:

Use in network testing, measurement and management, manual fault isolation. Some options could impose excessive load on the network

See netstat(1), ping CloudMonitor.ca.com(checks from different locations!!)

BUGS
When using protocols other than UDP, functionality is reduced. In particular, the last packet will often appear to be lost, because even though it reaches the destination host, theres no way to know that because no ICMP message is sent back. In the TCP case, traceroute should listen for a RST from the destination host (or an intermediate router thats filtering packets), but this is not implemented yet.