DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

traceroute(ADMN)

traceroute -- trace the route taken by packets to reach a network host

Syntax

traceroute [ -Ddnrv ] [ -w wait ] [ -m max_ttl ] [ -p port # ] [ -q nqueries ]
[ -t tos ] [ -s src_addr ] [ -g gateway ] host [ data size ]

Description

The traceroute command utilizes the ``time-to-live'' field of the IP protocol to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host.

host is the destination host name or the IP number of the host to reach; packetsize is the packet size (in bytes) of the probe datagram (packetsize defaults to 40 bytes).

Options


-D
Set the ``Don't Fragment'' bit. Useful for probing the MTU of intervening links between the source and the destination.

-d
Turn on socket level debugging (useful only to root).

-n
Print the hop addresses numerically (rather than symbolically); the numeric lookup procedure will avoid a nameserver address-to-name lookup for each gateway found along the path.

-r
Bypass the normal Routing Tables and send directly to a host on an attached network. If the host is not on a directly-attached network, an error is returned. This option can be used to ``ping'' a local host through an interface that has no route through it (for example, after the interface was dropped by routed(ADMN)).

-v
Verbose output: The received ICMP packets -- other than TIME_EXCEEDED and PORT_UNREACHABLE -- will be listed.

-w wait
Set the time to wait for a response to an outgoing probe packet to wait time seconds (the default value is 3 seconds).

-m max_ttl
Set the maximum time-to-live (that is, the maximum number of hops) used in outgoing probe packets to max-ttl hops. The default value is 30 hops (the same default value as used for TCP connections).

-p port
Set the base UDP port number used for probe packets to port (the default value is (decimal) 33434).

traceroute hopes that nothing is listening on UDP ports base to base+nhop at the destination host so that an ICMP PORT_UNREACHABLE message will be returned to terminate the route tracing process. If something is listening on a port in the default range, this option can be used to pick an unused port range.


-q nqueries
Set the number of probe packets for each time-to-live (ttl) setting to the value n (the default value is 3).

-s src_addr
Use src_addr as the IP address (which must be given as an IP number, not as a hostname) which will serve as the source address for outgoing probe packets. On hosts with more than one IP address, this option can be used to force the source address to be something other than the IP address of the interface on which the probe packets are being sent.

If the IP address is not one of this machine's interface addresses, an error will be returned and nothing will be sent.


-g addr
Enable the IP LSRR (Loose Source Record Route) option in addition to the TTL tests. This is useful for asking how somebody else at IP address addr can reach a particular target.

-t tos
Set the type-of-service (TOS) in probe packets to the value defined below (the default value is zero). The value must be a decimal integer in the range from 0 - 255. This option can be used to see if different types-of-service will result in different paths.

Not all values of tos will be legal or meaningful; see the IP specification for definitions. Probably the useful values will be -t 16 (low delay) and -t 8 (high throughput).

This program attempts to trace the route which an IP packet would follow to some internet host by launching UDP probe packets with a small ``ttl'' (time-to-live) value and then listens for an ICMP TIME EXCEEDED reply from a gateway. The probes will be started with a ``ttl'' of one and then increased by one until an ICMP PORT UNREACHABLE message is received or until the maximum number of probes has been sent. Three probes will be sent at each ``ttl'' setting; a line will be printed to show:

If the probe answers come from different gateways, the address of each responding system will be printed. If there is no response within 3 seconds, an ``*'' will be printed for that probe.

A sample use of traceroute and of its output might be: 

   [yak 71]% traceroute nis.nsf.net.
   traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 56 byte packet
    1  helios.ee.lbl.gov (128.3.112.1)  19 ms  19 ms  0 ms
    2  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  39 ms  19 ms
    3  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  39 ms  19 ms
    4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  39 ms 40 ms  39 ms
    5  ccn-nerif22.Berkeley.EDU (128.32.168.22)  39 ms  39 ms  39 ms
    6  128.32.197.4 (128.32.197.4)  40 ms  59 ms  59 ms
    7  131.119.2.5 (131.119.2.5)  59 ms  59 ms  59 ms
    8  129.140.70.13 (129.140.70.13)  99 ms  99 ms  80 ms
    9  129.140.71.6 (129.140.71.6)  139 ms  239 ms  319 ms
    10  129.140.81.7 (129.140.81.7)  220 ms  199 ms  199 ms
    11  nic.merit.edu (35.1.1.48)  239 ms  239 ms  239 ms
Note that lines 2 and 3 are the same. This is due to a buggy kernel on the 2nd hop system -- lbl-csam.arpa -- that forwards packets with a zero ttl (a bug in the distributed version of 4.3BSD).

A more interesting example is: 

   [yak 72]% traceroute allspice.lcs.mit.edu.
   traceroute to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
    1  helios.ee.lbl.gov (128.3.112.1)  0 ms  0 ms  0 ms
    2  lilac-dmc.Berkeley.EDU (128.32.216.1)  19 ms  19 ms  19 ms
    3  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  19 ms  19 ms
    4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  19 ms  39 ms  39 ms
    5  ccn-nerif22.Berkeley.EDU (128.32.168.22)  20 ms  39 ms  39 ms
    6  128.32.197.4 (128.32.197.4)  59 ms  119 ms  39 ms
    7  131.119.2.5 (131.119.2.5)  59 ms  59 ms  39 ms
    8  129.140.70.13 (129.140.70.13)  80 ms  79 ms  99 ms
    9  129.140.71.6 (129.140.71.6)  139 ms  139 ms  159 ms
   10  129.140.81.7 (129.140.81.7)  199 ms  180 ms  300 ms
   11  129.140.72.17 (129.140.72.17)  300 ms  239 ms  239 ms
   12  * * *
   13  128.121.54.72 (128.121.54.72)  259 ms  499 ms  279 ms
   14  * * *
   15  * * *
   16  * * *
   17  * * *
   18  ALLSPICE.LCS.MIT.EDU (18.26.0.115)  339 ms  279 ms  279 ms
Note that the gateways 12, 14, 15, 16 & 17 hops away either do not send ICMP TIME EXCEEDED messages or send them with a ``ttl'' too small to reach us. Gateways 14 - 17 are running the MIT C Gateway code that does not send ICMP TIME EXCEEDED packets.

The silent gateway 12 in the above example may be the result of a bug in the 4.[23]BSD network code (and its derivatives): 4.x (x <= 3) will send an unreachable message using whatever ``ttl'' remains in the original datagram. Since, for gateways, the remaining ``ttl'' is zero, the ICMP TIME EXCEEDED is guaranteed to not make it back to the sending host.

The behavior of this particular bug is slightly more interesting when it appears on the destination system: 

    1  helios.ee.lbl.gov (128.3.112.1)  0 ms  0 ms  0 ms
    2  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  19 ms  39 ms
    3  lilac-dmc.Berkeley.EDU (128.32.216.1)  19 ms  39 ms  19 ms
    4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  39 ms 40 ms  19 ms
    5  ccn-nerif35.Berkeley.EDU (128.32.168.35)  39 ms  39 ms  39 ms
    6  csgw.Berkeley.EDU (128.32.133.254)  39 ms  59 ms 39 ms
    7  * * *
    8  * * *
    9  * * *
   10  * * *
   11  * * *
   12  * * *
   13  rip.Berkeley.EDU (128.32.131.22)  59 ms ! 39 ms !  39 ms !
Notice that there are 12 ``gateways'' (13 is the final destination) and that exactly the last half of them are ``missing''. What is really happening here is that rip (a Sun-3 running SunOS 3.5) is using the ``ttl'' from the arriving datagram as the ``ttl'' in its ICMP reply. Therefore, the reply will time out on the return path until a probe with a ``ttl'' that is at least twice the path length is sent. rip is really only 7 hops away. A reply that returns with a ``ttl'' of 1 is an indication that this problem exists. Note that traceroute will print a ``!'' after the time if the ``ttl'' is <= 1.

The possible annotations after the time are:


!
The ``ttl'' in return packet is <= 1.

!H
An ICMP HOST_UNREACHABLE packet was received.

!N
An ICMP NETWORK_UNREACHABLE packet was received.

!P
An ICMP PROTOCOL_UNREACHABLE packet was received.

!S
An ICMP SOURCE_ROUTE_FAILED packet was received. This response should never occur: it indicates that the gateway is broken.

!F
An ICMP FRAGMENTATION_NEEDED packet was received. This response should never occur unless the -D option is used. If the responding router sends an RFC 1191-style ICMP response, the MTU it contains will be displayed as well.

This program is intended for use in network testing, measurement, and management. It should be used primarily for manual fault isolation. Because of the extra load it could impose on the network, it will be unwise to use traceroute during normal operations or from automated scripts.

See also

netstat(TC), ping(ADMN)
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003