Traceroute command for Linux

The traceroute command is used to trace all the paths of packets transmitted over the network. The default size of packets sent is 40 bytes.

Traceroute lets us know what route information takes from your computer to the host on the other side of the Internet. Of course, each packet from the same source to the same destination may take a different path, but basically most of the time the route will be the same.

Traceroute measures how long it takes to send a small packet to the destination device until it returns. The traceroute of each device on a path must be tested three times. The output includes the time of each test (ms) and the name of the device, if any, and its IP address.

There are three ways to implement Traceroute, which are:

TCP Traceroute (implemented using tracetCP)
UDP Traceroute (default for Cisco and Linux)
ICMP Traceroute (MS Windows by default)

The command format

Traceroute (option)(parameter)

Command options

-d: uses the socket-level troubleshooting function.
-f< TTL value > : sets the TTL value of the first detected packet.
-f: do not set off;
-g< gateway > : sets the source gateway. A maximum of eight gateways can be set.
-i< Network interface > : sends packets using the specified network interface.
-i: Uses ICMP response instead of UDP data.
-m< TTL value > : sets the TTL size of the maximum TTL value for packets to be detected.
-n: Use the IP address instead of the host name.
-p< Communication Port > : sets the UDP communication port.
-r: ignores the normal Routing Table and directly sends packets to the remote host.
-s< Source Address > : Sets the IP address of the data packet sent by the local host.
-t< Service type > : Sets the TOS value of the detected data packet.
-v: displays the execution process of the command in detail.
-w< Timeout seconds > : sets the time to wait for a return from the remote host.
-x: enables or disables the correctness check of packets.

The command parameter

Host: Specifies the IP address or host name of the destination host.

Simple usage

> traceroute to rumenz.com (203.195.152.245), 64 hops Max, 52 byte packets 1 192.168.0.1 (192.168.0.1) 1.242 ms 0.949 ms 2.494 ms 2 192.168.1.1 (192.168.1.1) 1.337 ms 1.101 ms 0.953 ms 3 100.64.0.1 (100.64.0.1) 4.663 ms 28.187 ms 3.346 ms 4 111.175.227.145 (111.175.227.145) 7.321 ms 12.203 ms 10.503 ms 5 111.175.210.221 (111.175.210.221) 4.810 ms 7.400 ms 3.673 ms 6 202.97.17.5 (202.97.17.5) 20.276 ms 202.97.98.25 (202.97.98.25) 38.174 ms 202.97.17.1 (202.97.17.1) 28.942 ms 7 * 113.96.5.158 (113.96.5.158) 26.277 ms * 8 * * * 9 14.18.199.106 (14.18.199.106) 22.518 ms 20.543 ms 22.583 ms 10 * * 14.18.199.74 (14.18.199.74) 22.378 ms 11 * * * 12 * * * 13 * * * 14 203.195.152.245 (203.195.152.245) 25.766ms 21.599ms *Copy the code

Records start with a sequence number of 1, each record is a hop, each hop represents a gateway, we see that each line has three times in ms, which is the default for -q. The time when the probe packet sends three packets to each gateway and the gateway responds; If traceroute -q 4 rumenz.com is used, four packets are sent to each gateway.

Sometimes when we traceroute a host, we see some lines indicated by asterisks. In this case, the firewall may block the ICMP return information, so we can not get any relevant packet return data.

Sometimes we have a long delay at a certain gateway, which may be caused by a congested gateway or the physical device itself. Of course, if a DNS fails to resolve the host name or domain name, the delay will also occur. You can add the -n argument to avoid DNS resolution and output the data in IP format.

If you are on different segments of the LAN, you can use Traceroute to determine whether the problem is the host or the gateway. If we have a problem accessing a server remotely, we use Traceroute to track the gateway through which the data packet passes and submit it to the IDC service provider, which also helps solve the problem. But at present, it seems that it is difficult to solve such problems in China. Even if we find the problem, IT is impossible for THE IDC service provider to help us solve it.

Set the hop

> traceroute -m 10 rumenz.com traceroute to rumenz.com (203.195.152.245), 10 hops Max, 52 byte packets 1 192.168.0.1 (192.168.0.1) 1.829 ms 0.746 ms 1.684 ms 2 192.168.1.1 (192.168.1.1) 2.326 ms 3.365 ms 1.203ms 3 100.64.0.1 (100.64.0.1) 4.659 ms 5.613 ms 4.055 ms 4 111.175.227.145 (111.175.227.145) 12.399 ms 7.991 ms 8.013 ms 5 111.175.210.221 (111.175.210.221) 6.997 ms 10.958 ms 4.180 ms 6 202.97.98.29 (202.97.98.29) 21.216 ms 8.013 ms 5 111.175.210.221 (111.175.210.221) 6.997 ms 10.958 ms 4.180 ms 6 202.97.98.29 (202.97.98.29) 21.216 ms 202.97.98.25 (202.97.98.25) 21.428 ms * 7 * * * 8 * * 9 * 14.18.199.106 (14.18.199.106) 22.443 ms 20.399 ms 10 * * *Copy the code

The IP address is displayed without the host name

> traceroute -n rumenz.com traceroute to rumenz.com (203.195.152.245), 64 hops Max, 52 byte packets 1 192.168.0.1 2.484 ms 1.271 ms 0.813 ms 2 192.168.1.1 1.320 ms 1.103 ms 1.075 ms 3 100.64.0.1 2.914 ms 4.107 ms 4.372 ms 4 111.175.227.145 7.279 ms 7.915 ms 9.007 ms 5 111.175.210.221 3.729 ms 4.100 ms 4.160 ms 6 202.97.29.49 25.172 ms 202.97.34.66 23.798 ms 202.97.29.53 18.034 ms 7 * * * 8 * * * 9 * * 10 * * 11 * * 12 * * * 13 * * * 14 * 203.195.152.245 21.635ms 22.201msCopy the code

Set the number of probe packets to a value of 4

> 4 rumenz.com traceroute to rumenz.com (203.195.152.245), 64 hops Max, 52 byte packets 1 192.168.0.1 (192.168.0.1) 2.265 ms 2.010 ms 0.669 ms 1.103 ms 2 192.168.1.1 (192.168.1.1) 1.159 ms 1.207ms 1.082ms 1.181ms 3 100.64.0.1 (100.64.0.1) 6.105ms 4.068 ms 2.737 ms 3.858 ms 4 111.175.227.145 (111.175.227.145) 12.785 ms 11.772 ms 11.710 ms 7.463 ms 5 111.175.210.221 (111.175.210.221) 11.646 ms 5.033 ms 4.373 ms 5.631ms 6 * 202.97.29.57 (202.97.29.57) 21.332ms * 202.97.17.5 (202.97.17.5) 26.080ms 7 * * * * 8 * * * * 9 14.18.199.106 (14.18.199.106) 26.460 ms 20.790 ms 25.815 ms * 10 * * 14.18.199.74 (14.18.199.74) 22.642 ms * 11 * * * * 12 * * * * 13 * * * * 14 203.195.152.245 (203.195.152.245) 22.046 ms 22.201 ms 20.328 ms 24.846 msCopy the code

Bypass the normal routing table, directly to the network connected to the host

> traceroute -r rumenz.com traceroute to rumenz.com (203.195.152.245), 64 byte packets traceroute: sendto: Network is unreachable 1 traceroute: wrote rumenz.com 52 chars, ret=-1 *traceroute: sendto: Network is unreachable traceroute: wrote rumenz.com 52 chars, ret=-1 *traceroute: sendto: Network is unreachable traceroute: wrote rumenz.com 52 chars, ret=-1Copy the code

The wait time for a probe packet is set to 3 seconds

> traceroute 3 rumenz.com traceroute to rumenz.com (203.195.152.245), 64 hops Max, 52 byte packets 1 192.168.0.1 (192.168.0.1) 2.835 ms 0.894 ms 0.967 ms 2 192.168.1.1 (192.168.1.1) 1.289 ms 1.174 ms 1.091 ms 3 100.64.0.1 (100.64.0.1) 3.327 ms 2.985 ms 4.280 ms 4 111.175.227.145 (111.175.227.145) 13.337 ms 12.301ms 9.081 ms 5 111.175.210.221 (111.175.210.221) 3.484 ms 5.052 ms 4.033 ms 6 202.97.98.25 (202.97.98.25) 19.580 ms 202.97.17.1 (202.97.17.1) 21.139 ms 202.97.34.66 (202.97.34.66) 21.232 ms 7 * * 113.96.5.82 (113.96.5.82) 26.111 ms 8 * * * 9 * 14.18.199.106 (14.18.199.106) 22.279ms * 10 * * * 11 * * 12 * * 13 * * 14 * 203.195.152.245 (203.195.152.245) 22.335ms 21.387msCopy the code

How Traceroute works

Traceroute UDP and ICMP

The basic principle of Traceroute is to send packets with progressively increasing TTL to obtain information about each hop in the path.

Host A sends A packet with TTL=1 to Host B for the first time. When the packet reaches R1, the TTL changes to 0 (the TTL is subtracted by 1 after each hop on the network). R1 will discard the packet with TTL=0 and return an ICMP Time Exceeded to Host A. Host A sends the second packet and increases the TTL by 1 (TTL=2). After the packet reaches R2, the TTL=0, R2 returns ICMP Time Exceeded to Host A. And so on until the TTL is increased to an appropriate value for the packet to reach Host B, which then returns A Final Replay to Host A.

The difference between UDP and ICMP Traceroute is the outgoing packet (packet in red in the figure above) and the final Reply.

UDP Sends a UDP packet, and final Reply is ICMP Destination Unreachable
ICMP Sends an ICMP Echo Request, and final Reply is an ICMP Echo Reply

TCP Traceroute

TCP Traceroute also uses TTL to probe the network path, but it sends out TCP SYN packets. The biggest benefit of this is that it has a higher chance of penetrating the firewall because the TCP SYN appears to be trying to establish a normal TCP connection.

Cisco Using the Traceroute Command on Operating Systems (Document ID:22826)

Link :rumenz.com/rumenbiji/l… Wechat official Account: entry station

The command format

Command options

The command parameter

Simple usage

Set the hop

The IP address is displayed without the host name

Set the number of probe packets to a value of 4

Bypass the normal routing table, directly to the network connected to the host

The wait time for a probe packet is set to 3 seconds

How Traceroute works

Traceroute UDP and ICMP

TCP Traceroute

Related Posts

Nginx solution wechat article picture anti-theft chain

Netty Study Notes Java NIO review four zero copies

Kubernetes troubleshooting: Using container metadata to provide new ideas