traceroute(1Mtcp)


traceroute -- trace the route packets take in order to reach a network host

Synopsis

traceroute [-Ddnrv] [-wwait] [-mmax_ttl] [-pport#] [-qnqueries] [-ttos] [-ssrc_addr] [-ggateway] host [packetsize]

Description

The traceroute command uses the ``time-to-live'' field of the IP protocol to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host.

traceroute attempts to trace the route which an IP packet would follow to some Internet host by launching UDP probe packets with a small ``ttl'' (time-to-live) value, and then listening for an ICMP TIME_EXCEEDED reply from a gateway. The probes will be started with a ``ttl'' of one, and then increased by one until an ICMP PORT_UNREACHABLE message is received, or until the maximum number of probes has been sent.

Usage

Three probes will be sent at each ``ttl'' setting; a line will be printed to show:

If the probe answers come from different gateways, the address of each responding system will be printed. If there is no response within 3 seconds, a ``*'' will be printed for that probe.

The host argument is the destination host name or the IP number of the host to reach; the packetsize argument is the packet size (in bytes) of the probe datagram. Note that packetsize defaults to 38 bytes.

Options

traceroute takes the following options:

-D
Set the ``Don't fragment'' bit. This is useful for probing the MTU of intervening links between the source and the destination.

-d
Turns on socket level debugging. This option is useful only to a privileged user.

-n
Print the hop addresses numerically (rather than symbolically). This option causes the numeric lookup procedure to avoid a name server address-to-name lookup for each gateway found along the path.

-r
Bypass the normal Routing Tables and send directly to a host on an attached network. If the host is not on a directly-attached network, an error is returned. This option can be used to ``ping'' a local host through an interface that has no route through it (for example, after the interface was dropped by routed(1Mtcp)).

-v
Verbose output. Causes received ICMP packets other than TIME_EXCEEDED and PORT_UNREACHABLE to be listed.

-w wait
Set the time to wait for a response to an outgoing probe packet to wait seconds. The default value is 3 seconds.

-m max_ttl
Set the maximum time-to-live (that is, the maximum number of hops) used in outgoing probe packets to max-ttl hops. The default value is 30 hops (this is the same default value used for TCP connections).

-p port
Set the base UDP port number used for probe packets to port. The default value is (decimal) 33434.

traceroute hopes that nothing is listening on UDP ports base to base+nhop at the destination host so that an ICMP PORT_UNREACHABLE message will be returned to terminate the route tracing process. If something is listening on a port in the default range, this option can be used to pick an unused port range.

-q nqueries
Set the number of probe packets for each time-to-live (``ttl'') setting to the value nqueries. The default value is 3.

-s src_addr
Use src_addr as the IP address which will serve as the source address for outgoing probe packets. Note that src_addr must be specified as an IP number, not as a hostname. On hosts with more than one IP address, this option can be used to force the source address to be something other than the IP address of the interface on which the probe packets are being sent.

If the IP address is not one of this machine's interface addresses, an error will be returned and nothing will be sent.

-g addr
Enable the IP LSRR (Loose Source Record Route) option in addition to the TTL tests. This is useful for asking how somebody else (at IP address addr) can reach a particular target.

-t tos
Set the ``type-of-service'' (TOS) in probe packets to the value defined below. The default value is zero. The value must be a decimal integer in the range 0-255. This option can be used to see if different type-of-service values will result in different paths.

Not all values of tos will be valid or meaningful; see the IP specification for definitions. Probably the useful values will be -t 16 (low delay) and -t 8 (high throughput).

References

netstat(1Mtcp), ping(1Mtcp)

Notices

This program is intended for use in network testing, measurement, and management. It should be used primarily for manual fault isolation. Because of the extra load it could impose on the network, it is recommended that you do not use traceroute during normal operations or from automated scripts.

Examples

A sample use of traceroute and of its output might be:
   [yak 71]% traceroute nis.nsf.net. 
   traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 56 byte packet 
    1  helios.ee.lbl.gov (128.3.112.1)  19 ms  19 ms  0 ms 
    2  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  39 ms  19 ms 
    3  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  39 ms  19 ms 
    4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  39 ms  40 ms  39 ms 
    5  ccn-nerif22.Berkeley.EDU (128.32.168.22)  39 ms  39 ms  39 ms 
    6  128.32.197.4 (128.32.197.4)  40 ms  59 ms  59 ms 
    7  131.119.2.5 (131.119.2.5)  59 ms  59 ms  59 ms 
    8  129.140.70.13 (129.140.70.13)  99 ms  99 ms  80 ms 
    9  129.140.71.6 (129.140.71.6)  139 ms  239 ms  319 ms 
   10  129.140.81.7 (129.140.81.7)  220 ms  199 ms  199 ms 
   11  nic.merit.edu (35.1.1.48)  239 ms  239 ms  239 ms 

Note that lines 2 and 3 are the same. This is due to an error in the kernel on the 2nd hop system lbl-csam.arpa that forwards packets with a zero ``ttl''. This was an error in the distributed version of 4.3BSD.

A more interesting example is:

   [yak 72]% traceroute allspice.lcs.mit.edu. 
   traceroute to allspice.lcs.mit.edu (18.26.0.115), 30 hops max 
    1  helios.ee.lbl.gov (128.3.112.1)  0 ms  0 ms  0 ms 
    2  lilac-dmc.Berkeley.EDU (128.32.216.1)  19 ms  19 ms  19 ms 
    3  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  19 ms  19 ms 
    4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  19 ms  39 ms  39 ms 
    5  ccn-nerif22.Berkeley.EDU (128.32.168.22)  20 ms  39 ms  39 ms 
    6  128.32.197.4 (128.32.197.4)  59 ms  119 ms  39 ms 
    7  131.119.2.5 (131.119.2.5)  59 ms  59 ms  39 ms 
    8  129.140.70.13 (129.140.70.13)  80 ms  79 ms  99 ms 
    9  129.140.71.6 (129.140.71.6)  139 ms  139 ms  159 ms 
   10  129.140.81.7 (129.140.81.7)  199 ms  180 ms  300 ms 
   11  129.140.72.17 (129.140.72.17)  300 ms  239 ms  239 ms 
   12  * * * 
   13  128.121.54.72 (128.121.54.72)  259 ms  499 ms  279 ms 
   14  * * * 
   15  * * * 
   16  * * * 
   17  * * * 
   18  ALLSPICE.LCS.MIT.EDU (18.26.0.115)  339 ms  279 ms  279 ms 

Note that the gateways 12, 14, 15, 16 and 17 either do not send ICMP TIME_EXCEEDED messages, or send them with a ``ttl'' too small to reach us. Gateways 14-17 are running the MIT C Gateway code that does not send ICMP TIME_EXCEEDED packets.

The silent gateway 12 in the above example may be the result of a bug in the 4.2BSD and 4.3BSD network code (and its derivatives): This code will send an unreachable message using whatever ``ttl'' remains in the original datagram. Since, for gateways, the remaining ``ttl'' is zero, the ICMP TIME_EXCEEDED is guaranteed to not make it back to the sending host.

The behavior of this particular bug is slightly more interesting when it appears on the destination system:

    1  helios.ee.lbl.gov (128.3.112.1)  0 ms  0 ms  0 ms 
    2  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  19 ms  39 ms 
    3  lilac-dmc.Berkeley.EDU (128.32.216.1)  19 ms  39 ms  19 ms 
    4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  39 ms  40 ms  19 ms 
    5  ccn-nerif35.Berkeley.EDU (128.32.168.35)  39 ms  39 ms  39 ms 
    6  csgw.Berkeley.EDU (128.32.133.254)  39 ms  59 ms  39 ms 
    7  * * * 
    8  * * * 
    9  * * * 
   10  * * * 
   11  * * * 
   12  * * * 
   13  rip.Berkeley.EDU (128.32.131.22)  59 ms !  39 ms !  39 ms ! 

Notice that there are 12 ``gateways'' (13 is the final destination) and that exactly the last half of them are ``missing''. What is really happening here is that rip (a Sun-3 running SunOS 3.5) is using the ``ttl'' from the arriving datagram as the ``ttl'' in its ICMP reply. Therefore, the reply will time out on the return path until a probe with a ``ttl'' that is at least twice the path length is sent. rip is really only 7 hops away. A reply that returns with a ``ttl'' of 1 is an indication that this problem exists. Note that traceroute will print a ``!'' after the time if the ``ttl'' is less than or equal to 1.

The possible annotations after the time are:

!
The ``ttl'' in return packet is <= 1.

!H
An ICMP HOST_UNREACHABLE packet was received.

!N
An ICMP NETWORK_UNREACHABLE packet was received.

!P
An ICMP PROTOCOL_UNREACHABLE packet was received.

!S
An ICMP SOURCE_ROUTE_FAILED packet was received. This response should never occur. It indicates that the gateway is broken.

!F
An ICMP FRAGMENTATION_NEEDED packet was received. This response should never occur. It indicates that the gateway is broken.

30 January 1998
© 1998 The Santa Cruz Operation, Inc. All rights reserved.