Linux Command - traceroute

Run traceroute:

traceroute google.com

The traceroute command in Linux is used to trace the path that packets take from your system to a destination network host. It’s helpful for diagnosing routing issues or understanding network latency.

• Traceroute makes use of TTL values.
• The TTL value or time to live defines how many hops the packet is allowed to live.
• If it exceeds this router will return an “ICMP time exceeded in-transit” message and will not forward to the next hop.

Hops:

• It identifies each hop on the path to a destination.
• It does this by sending a series of packets. It sends a set of 3 packets for each hop.

Steps:

• The first set of packets is sent with a TTL value of 1. When it hits the first hop router, that router will return a time exceeded message which allows us to identify that router.
• The second set of packets is sent with a TTL value of 2. When it hits the second hop router, that router will return a time exceeded message which allows us to identify that router.
• This continues until we either reach the destination or max number of hops ( default 30 ).

By default, traceroute will send UDP packets to ports starting at 33434 and expect ICMP messages back. Firewalls will often block UDP or TCP ports making this tricky. Sometimes ICMP can also be blocked. To help with this we have a few different options.

Send ICMP Probe instead of UDP:

sudo traceroute -I google.com

Send a TCP syn probe on port 80:

sudo traceroute -T -p 80 google.com

• NOTE - using either TCP or ICMP will require root privileges. UDP ( default ) does NOT require root.

Common options:

-n           # don't resolve hostnames ( faster )
-m 5         # max number of hops ( default 30 )
-p 80        # specify port
-I           # use ICMP ( ping )
-T           # Send a TCP SYN packet instead
-w 20        # set timeout in seconds (default is 5)